Digital Security

Published Date: 02 Nov 2017

Digital security in the 21st century is now more important than ever before, there are many different types of security threats to the average person, business or even government. This is because everything we do on a daily basis can have a security risk, whether it be from online shopping or checking your email. If a user's computer has been hacked or has some spyware or malware and they are using it for online shopping, then the attacker may be able to gain access to the user's sensitive data which can then be used for fraud or theft or sold on to a third party for marketing data.

Shopping in a store using your debit card can also be a risk as debit cards can be cloned by staff and pin numbers stolen using a device that looks the same as the card machine but has been designed or modified to remember pin codes and clone users debit cards/credit card details. Laptops and Mobile phones being stolen can have personal information on them, even losing your universal serial bus storage device or USB pen drive as they are know as for short which can contain all sorts of information because people, businesses and governments all use these devises to move or store data. And if the data is not encrypted then there is always the chance that someone can gain access to it.

Security is the main issue when it comes to a person's personal information whether it be from browsing the Internet to online banking there will always be people who want to steal information for an entire range of reasons (eg: phishing and fraud)!

Another thing to be wary of is the topic of Liberty; are security laws infringing on our basic human rights to privacy and our security by allowing corporations and even governments to spy on our Internet communications for what they call "anti-piracy" or "National Security" such as the PATRIOT Act in the United Sates of America, and this brings me to conclude, why should the rights of the many suffer because of the actions of a few.

And this is being debated everyday of every week by civil rights activists to our own government deciding what they can do and cannot do. Too much information available about anyone to anyone can be dangerous and this topic should be taken extremely seriously.

One major impact on privacy is the development of social networking sites and search engine providers that sell the users information to third parties. The quote "Privacy is a fundamental human right. It underpins human dignity and other values such as freedom of association and freedom of speech. It has become one of the most important human rights of the modern age." by Marc Rotenberg, Protecting Human Dignity in the Digital Age (UNESCO 2000) 1. And i think that we are heading into a society that does not care about the fundamental human rights we have and how we attained them.

For example anti-utopian, dystopian novels of the 20th century, depicted societies where privacy was non existant and an intrusive, oppressive regime denied this fundamental human right as a matter of course. In Yevgeny Zamyatin's novel "We" 2the population lived in buildings constructed of glass, which allowed everyone and anyone to snoop on anyone whom they wished. Opposition is impossible in a society where privacy is non-existant. George Orwell's 1984 "Big Brother" and tele-screen are frighteningly similar to todays move towards a 21st century society where the Government and corporations have full access to every bit of any citizen's digital life.

The 19thcentury black champion of civil rights, Frederick Douglass protested that any rights and liberties won by any people were awarded after contesting the power structures of society. He said in 1857 that "Power concedes nothing without a demand, it never did and it never will. Find out just what any people will quietly submit to, and you have found out the exact measure of injustice and wrong that will be imposed upon them." 3

Frederick Douglass, speaking on the emancipation of the West Indies - 1857.

"Men may not get all they pay for in this world, but they must certainly pay for all they get." 3 also has meaning to that you can use a search engine for free and also a social networking site, but be careful of your information as they might sell it on to third parties.

In the book; The Art of Deception: Controlling the Human Element of Security 4, the authors Kevin D. Mitnick & William L. Simon naïblame the Human individual as the weakest link, the individual is relegated to a position below the security system in question. Page 3, titled in big black letters "Security's Weakest Link" states "...the humanfactor is truly security's weakest link." In the Computer Security Handbook, John Wiley & Sons (2002) 5which some of the top security specialists in the world have contributed to. Donn B. Parker, a retired (1997) senior management consultant at RedSiren Technologies in Menlo Park, Ca, who has specialised in information security for 35 of his 50 years in the computer field and who Information Security Magazinehas identified as one of the five top Infosecurity Pioneers (1998) writes in "5.1.3 Functions of Information Security Computer Security Handbook" that the complete opposite to the previous paragraph is true, that the current three function security model, (prevention, detection, and recovery) are completely insufficient and that an 11 function model is needed to eliminate or mitigate the security risks in question, which include avoidance, deterrence, detection, prevention, mitigation, transference, investigation, sanctions & rewards, recovery, correction, & finally; education 5. It is easy to jump to conclusions and intuitively blame the people whom personify "hackers" or adversaries to computer security professionals, but history shows us that nothing should be taken for granted concerning security. No system will be inherently perfect, and new technologies are continually being created and updated, and most will likely become more secure as time goes on. Human nature on the other hand is a constant and no man or woman should ever denigrate humanity to a role below that of a firewall, for any reason. If a computer security system is vulnerable, patch the system or come up with innovative methods to secure it from outside access, improve on the imperfect and take comfort knowing that you have executed your job successfully, thus without sacrificing your morality.

Types of attack

Once a malicious program has been installed on a person or business or governments body's computer, it can cause harm in many different ways. And the most typical mechanisms for attacks by hackers is:

Gaining user access and pretending to be a legitimate user. This can be very bad if a hacker gains access to any information as the user might not realise in time for it to be stopped being used eg. bank account or credit card information being stolen.

Stealing or copying secret or confidential data for corporate espionage or other purposes.

Destroying corporate data to do financial damage to a business or government body

Causing network and system shortages to paralyze a company's operations eg. Denial of service attack (D.O.S) or Distributed denial of service attack (D.D.O.S).

Risks to an Organisation

Security vulnerabilites coming from within an organisation are on the increase in today's businesses and are increasingly the operational risks of any business in today's world, and in a time of recession this is not good because it brings the running costs of the business up and costs to the average person may go up also . There may be a loss of reputation in the regard to customers or partners and investors of a business. There may also be a risk to the business by interruption to the company and violation of legal and regulatory requirements to protect sensitive customer information if the attack works, some examples are:

Unauthorized access to any information where the access includes disclosure, modification and destruction of any data.

Unauthorized users or hackers, i.e. a person who have not been given the rights by the owner/user to access the system.

How do people fail in the line of security?

Social Engineering & Manipulation: con-artists are being used to acquire confidential information by manipulating genuine users into telling them. It is a new type of internal attack that is on the up trend similar to 'phishing' in which a malicious insider—with access to company information—tricks other users into providing access to restricted information. These con-artists rely on the fact that people are not aware of the value of the information they know and are careless about protecting it because they think its irrelevant. These con-artists will search dumpsters or take advantage of people's natural inclination to choose passwords that are meaningful to them such as a close relative's name or date of birth etc but can be easily guessed. the name they now give the method these con-artists employ is called "Social engineering" and it remains a key threat to any security system. More internal threats may be:

There could be a loss of data or data corruption, and backup failures which lead to business losses and this in turn may affect the clients and loss of money to a business.

There may also be misuse and theft of Call Records and information and also tele-communication center in which, internal users sometimes bypass the usage record from billing for some subscribers by deleting the call records from the database or by changing the program to overlook those subscribers.

Identity theft: There may be identity theft of a customer's valuable information such as credit card information, address and date of birth or in a business's sense, ID cards, Access codes .

Identity theft and fraud are terms used to refer to all types of crime in which a person or organisation wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain eg. giving the business an upper-hand.

Information used in biometrics (face image, palm print, hand geometry,handwriting, fingerprint,voice recognition, iris/retina scan ) are each unique to every person and cannot be given to someone else for their use but can be faked, well some of them. However, personal data, especially a bank account or credit card number, telephone calling card number, and other valuable identity information can be used by the wrong people for malicious purposes and sold to third parties at the cost to the average user.

The not so innocent:

Browsing the Web and using e-mails can seem a normal exercise in layman terms but may seem naïve to the advanced users whom understand the security risks. For the average user however, all their activities can upset normal business activity. There are viruses (e.g. Worms/trojons/malware/spyware or Choke viruses) that are design and aimed at Instant Messaging systems that people use such as a social networking site and windows live messenger (MSN), the users may use these softwares or websites to talk to their friends online or send information from and each pose their own unique security threats. Anti-virus softwares and other tools may not detect malicious code opening through the font-system 6 or Instant Messaging system, so infected files can seep into the desktop and then into the network. Also, listening to music leads to a threat from passive viruses. Sometimes, when a company's log book or notebook is lost, some important information may be at risk such as id names and Unique Identifier numbers.

Outside threats to an organisation:

External threats are mixed threats that combine many different ways such as worms, virus's, spam and distributed denial of service (DDOS). Every day, hundreds of new ways are discovered to attack software and security breaches by intruders, hackers and security professionals. There are more than 30,000 hacking-oriented Web sites on the web now so it no longer needs a 'guru' to hack a site, just someone with time and patience.

How to keep your computer safe with Virus Counter Measures.

Regular Updating of a users Anti-Virus and Anti Spyware Software: This is to protect the user against viruses and malware/spyware and this is why antivirus software should be installed. All user email attachment files should be scanned: This is because computer viruses are often contained in email attachments. Even if the email is from your close friend of yours, it is still important to scan the attached files for viruses before opening them as they may contain malicious software.

Key points for handling email attachments:

Be careful when opening email attachments from unknown recipients.

Do not be fooled by the appearance of attachment files always check the extension to make sure its not a .exe, .com or any other "executable" extension for a word document or image file.

Do not send a plain text that can be included in the body of an email message as an attachment file eg. Encrypt your messages.

Learn about how email attachments are handled by different email programs.

All downloaded files should be scanned with an anti-virus and anti-spyware scanner before opening.

A lot of files such as image files, .MP3,.MP4 and video files can be downloaded from the Internet, but there might be a possibility of a malicious program or instruction code being embedded in the code of these files, So to avoid this, be sure to scan downloaded files before using them or executing them. An example is the font system vulnerability of Windows XP. 6

Take full advantage of the security functions/ settings supplied with any application software

Security Patches Should be Applied: All recent viruses attempt to exploit vulnerabilities or security holes in the operating systems and application software that a current user might be using.

If there is any vulnerability, your computer can be infected with viruses or have corporate malware on them and the only way to combat this is by previewing emails or accessing the Internet when all security updates have been applied and clearing your Internet cookies after every session.

Symptoms of Virus Infection must not be over-looked. If you have encountered symptoms listed below, your computer may have been infected with computer viruses. Do not overlook them and scan your computer for viruses regularly.

The system or an application often freezes, or the system does not start.

Files disappear. Unknown files exist.

Strange icons appear on the task bar.

Attempts are made to access the Internet without any operation.

Emails are sent without the user's consent.

Scan intuitively to make sure there is no virus or spyware on a users PC.

All a users data should be backed up in case of emergency.

Data corrupted by viruses cannot be restored by using anti-virus software. Make it a habit to back up data on a regular basis so you can restore the system from any damage caused by a virus infection or corruption. In addition, keep in a safe place the original CD-ROMs of application software or a portable hardrive (HDD) that is not connected to the main computer. This will reduce the risk of your backup becoming corrupt as well. Should the contents of the HDD be damaged, you can restore them using the CD-ROMs or your portable HDD and software such as Norton Ghost.

Bibliography

Accessed from http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-559062#[1] on 25th march 2010 Yevgeny Zamyatin's "We" http://en.wikipedia.org/wiki/We_(novel) http://www.blackpast.org/?q=1857-frederick-douglass-if-there-no-struggle-there-no-progress • The Art of Deception: Controlling the Human Element of Security Kevin D. Mitnick, William L. Simon, Foreword by Steve Wozniak ISBN: 978-0-471-23712-9, John Wiley & Sons, October 2002 http://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/0471237124 • Computer Security Handbook, 4th Edition Seymour Bosworth (Editor), M. E. Kabay (Editor) ISBN: 978-0-471-26975-5, John Wiley & Sons, 2002 http://www.amazon.com/Computer-Security-Handbook-Seymour-Bosworth/dp/0471412589 • Vulnerabilities in the Embedded OpenType Font Engine could allow remote code execution http://support.microsoft.com/kb/961371