Security and Legal
Terms in this set (26)
software that is installed on a computer without the knowledge of the owner
a program that pretends to do something useful, but secretly infects the computer and carries out activities related to spying/fraud.
Uses of Trojans
-Blocks anti-virus programs / updates
- Freezes the device and seeks money to unfreeze it
- Claims the compute is virus ridden and offers to fix the issues
- Remote Access Trojans (RAT) allow a 3rd party to take administrative control of the infected computer.
a program that causes advertising to pop-up within your application, not always malicious but can become a nuisance and difficult to control.
small text files that store information about your habits and settings and time spent on particular websites, they can be used to track your behaviour and searches and thus be used to target ads related to your searches.
Denial of Service (DoS) Attack
an attempt to flood a network or web server with so many requests that it simply cannot handle normal requests any longer
Symptoms of a DoS attack
- slow network performance
- no access at all available
Effects of a DoS attack
- user inconvenience / loss of confidence
- during attack, company will lose money as their service is not available
- after attack, company will lose money as customers may leave
-the labour time involved in stopping the attack, fixing the issue and re-starting the service will be costly
overload of the systems with data packets or requests so that it cannot handle normal requests any more
using up processor, memory or storage resources of the server computer
sending the data packets intended for a server to another location, leaving the original server waiting for the packets to arrive
a computer passes out data packets with the wrong IP address with the intention of hiding the sender's identity / impersonating another system.
Reasons for carrying out a DoS attack
Personal - revenge after grievance with the company
Political - disagree with the company / rival nation
Financial - aim to get money by holding the company ransom, could be employed by a third party to carry out attack
the process of altering an original 'plaintext' message into a scrambled, unintelligible form - the 'ciphertext'
Encryption requires -
an encryption algorithm and a binary key
used to verify that a particular public key belongs to a certain individual
a trusted company that will check the credentials of the public key distributor and once validated will create a digital certificate that binds their public key with that of the distributor
created when a private key is used to encrypt a message
Symmetric Key Encryption
only one key used - the shared secret key
What does RIPA stand for?
The Regulation of Investigatory Powers Act
What is RIPA?
RIPA is an act of parliament which allows certain groups the legal right, in certain circumstances, to carry out digital surveillance and access digital communication held by a person or organisation
How does RIPA affect Public Bodies?
Public Bodies, such as government offices, can apply, under RIPA, to have ISPs and mobile providers provide access to the communications made by individuals and in some cases, allow for hardware to be fitted to enable digital surveillance.
What is an ISP?
An ISP (Internet Service Provider) is an organisation that provides access to the internet for individuals and businesses.
How does RIPA affect ISPs?
Under RIPA, ISPs must:
- ensure that hardware and software infrastructure is in place to enable digital surveillance
- allow access to the users / companies digital communications and communication archive in line with the Act.
How does RIPA affect businesses?
- they must ensure that all employees are aware that their communications might be recorded under the act
- they must utilise hardware to allow the storage of digital materials and allow for access if required under the act
How does RIPA affect individuals?
- if under contract with an ISP, they should be aware that their electronic communications may be stored under the act