Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems Design and Development Security Precautions Computing Science.

Published byFay Morrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Systems Design and Development Security Precautions Computing Science."— Presentation transcript:

1 Information Systems Design and Development Security Precautions Computing Science

2 Learning Outcomes By the end of this topic you will be able to: Describe methods of security protection Describe anti-virus software Describe firewalls describe encryption describe a digital certificate; describe validation; explain what is meant by biometrics;

3 Security Precautions Two standard methods of protecting your computer system Anti-virus software Firewalls

4 Anti-virus software Virus protection software, known as anti-virus software, is software designed specifically to detect, disable, and remove viruses, worms, and Trojans before they infect a computer. Anti-virus software becomes outdated quickly, and users must apply the most recent updates, patches, and virus definitions as part of a regular maintenance schedule.

5 Anti-virus software Some methods used Keeping a database of 'Virus Signatures – code snippets that can be used for comparison Using 'heuristics' or pattern-matching – looking out for suspicious behaviour Calculating 'checksums': When the anti-virus software is first installed it will calculate a unique value based on the code in each executable file.When scanning, it will re- calculate these values and compare them to the original, helping to spot if a file has been modified.

6 Firewalls Firewalls allow or deny traffic between the computer and the network to which it is connected Firewalls can block incoming and outgoing network connections unless exceptions are defined to open and close the ports required by a program. Firewalls can either be implemented in hardware or software

7 Encryption Encrypting data uses codes and ciphers to ‘scramble’ data so it appears to be meaningless. Traffic between resources and computers on the network can be protected from attackers monitoring or recording transactions by implementing encryption. When the information needs to be accessed it needs to be decrypted so it can be read

8 Encryption Encryption can also be used on files that are being stored as a data protection technique If a computer or a backing storage device is stolen or lost, the data cannot be accessed if it is encrypted Encryption does not prevent hacking but makes the data useless to hackers

9 Types of encryption Two types of encryption Symmetric key Public key

10 Symmetric key encryption In symmetric key encryption the key for encryption and decryption are the same Key agreed before data tranfer Key has to be transmitted which is a security weakness

11 Public key encryption Public key or asymmetric encryption uses two keys – a public key and a private key Both keys work as a pair Two types of use Public key encrypts and private key decrypts Private key encrypts and public key decrypts

12 Public key encryption Public key encrypts and private key decrypts – example Your browser will be sent the website's public key Your browser uses the public key to encrypt the data you are sending The data is sent back to the server - even if someone has intercepted the public key and your message they are still no further forward. Once back at the server, the private key is used to decrypt the message.

13 Public key encryption

14 Digital signatures and certificates Private key encrypts and public key decrypts are used to implement digital signatures and certificates A digital certificate is an electronic document that contains a digital signature, which confirms the name and identity of a person or organisation. The digital certificate uses a public key to bind the digital signature and identity together.

15 Digital signatures and certificates

16 In the case of digital signatures, a private key is required for encrypting a message, and a public key is needed to decode the message. This approach allows the receiver to be confident about the source of the message because only a message encrypted using the originator's private key could be decrypted by the public key. RSA is the most popular example of asymmetric encryption.

17 Digital signatures and certificates

18 Validation Validation on websites is the process of checking that data is entered in the correct way For example, if a password of a particular length or type is required then it should be validated Validation can be done either client side or server side

19 Client side validation In client side validation the validation is carried out on the user’s device Validation is often done using a scripting language like Javascript Client side validation is faster than server side validation as it does not need to be transmitted to be validated

20 Server side validation In server side validation the checks are done on the server Server side validation is more secure than client side as the data cannot be tampered with after validation Server sided validation is slower as the data has to be transmitted first Data held centrally can be updated in server side validation

21 Biometrics Biometric security compares physical characteristics against stored profiles to authenticate people. A profile is a data file containing known characteristics of an individual such as a fingerprint or a handprint. Biometric security is more secure than security measures such as passwords or smart cards, because passwords can be discovered and smart cards can be stolen. Common biometric devices available include fingerprint readers, handprint readers, iris scanners, and face recognition devices.

Download ppt "Information Systems Design and Development Security Precautions Computing Science."

Similar presentations

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Prepared by:Nahed AlSalah Data Security 2 Unit 19.

Prepared by:Nahed AlSalah Data Security 2 Unit 19.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Similar presentations

Ads by Google