Anti Virus SoftwareA program that can be used to scan files to identify and eliminate computer viruses and other malicious software

Scans files looking for matches with previoulsy discovered virus signatures

Anti virus software generally offers 2 modes: real-time protection, and scheduled scans

Anti Virus SoftwareInfected files can be deleted or placed in quarantine

Heuristic anti virus software monitors suspicious behaviour of programs

AV software has to be regularly updated as new viruses are discovered

PasswordsMost commonly used along with username although not always e.g. password protected file.

PasswordsWeak PasswordsYour nameYour child’s nameA petAn easy word123456qwertyadminpassword

PasswordsGood practiceAt least 8 charsDoes not contain username, real name, company nameDoes not contain complete wordDifferent from other passwordsMix of uppercase, lowercase, numbers & symbols

BiometricsBiometrics is a way of proving identity using a unique biological trait e.g.Fingerprint (or palm)Retina / iris patternVoice recognitionFace recognitionDNA

BiometricsAdvantages:Don’t need to remember passwordsVirtually impossible to forge

Current UsesAirport security - used to identify passengersMobile devices - use fingerprint scan to access paymentBuilding access – used to identify authorised personnelSchools – access, payment, registration, library booksCars – access via fingerprint or facial recognitionBanks – ATM cash withdrawals

EncryptionEncryption is the conversion of data into a form that cannot be easily understood by unauthorised people

Decryption is the inverse of encryption - reversing the steps of encryption in order to get the original message

EncryptionEncryption allows us to protect data an message from anyone we do not want to see it.

The encrypted data is known as cyphertext

Symmetric Encryption Same key is used to encrypt and decrypt Sender and receiver both know the key

Symmetric EncryptionAdvantagesFaster and easier to implement that asymmetric encryption

DisadvantagesSender and receiver need to know the key, but how do they share that securely?

If they have a secure way of sending the key, why would they need to use encryption…?

Asymmetric Encryption A pair of keys is used to encrypt the data Private key and public key Anyone can encrypt a message using a public key Only the holder of the private key can decrypt the message Asymmetric encryption is also known as public-key encryption

Asymmetric EncryptionExample1.Aaron(the recipient) generates a pair of keys, one public and one private2.He sends the public key to Alison (the sender)3.Alison encrypts the message using the public key and sends it to Aaron4.Aaron decrypts the message using the private key

Asymmetric EncryptionAdvantagesNo need for private key exchangeIncreased security – only person with private key can decryptCan be used for Digital Signatures

DisadvantagesSlow – takes time to encrypt and decryptCould be cracked using brute force – try all possible keys(although RSA Security claim that using a 2048 bit key would not be crackable until around 2030).

Digital Signatures Used to validate the authenticity and integrity of a message or

document

Can validate the origin, identity and status of a document

Uses asymmetric encryption, with public and private keys

Digital Signatures1. Private key used to create a hash (a number generated from

string of text)2. Hash is sent along with document3. Hash is decrypted with the public key – verifies the document4. Any change/tampering of the document will mean the hash will

not match

(Note that the message itself does not have to be encrypted)

Digital Certificates Provides identifying information to enhance user trust Used to encrypt communication between browser and website Issued by an official, trusted agency Digitally signed by a root certificate belonging to a trusted

Certificate Authority (CA) Includes information about the owner's identity e.g. name, email,

address, domain authority, certificate issue date and CA authority name.

Digital Certificates

Security ProtocolsSecurity protocols ensure data is protected when sent across a network

Hyper Text Transfer Protocol SecureThe secure version of HTTPData sent between browser and the website is encryptedUsed with banks, shops, webmail etc. to encrypt credit card and other transaction and personal details

Firewall Prevents unauthorised access to a private network Can be hardware and/or software All messages entering or leaving network pass through firewall

which checks to see if the meet allowed criteria

Firewall