CNC - Data (Lesson)

Data

Have you ever been looking at a place to vacation and noticed ads advertising things in that particular area?  Have you ever been looking for the latest game set and noticed game advertisements appearing?  How does your computer know that information?  It could be cookies and online tracking.

A cookie is information saved through your browser. The cookie is saved when you visit a web site so that the web site recognizes your device or your login when you come back. Digital tracking works by monitoring and logging activity which could include personal information, location and browsing history.  This information can provide a picture of your habits including purchases, activity time, location and so much more.

First Impressions

Before we get into data protection, let's remember how the packets are delivered over the internet.

Protecting your devices and your log-in credentials are important in protecting your personal information. One way to protect your data is authentication.  Authentication is the process or action of verifying the identity of a user or process.  Let’s look at some ways to authenticate your devices.

Passwords

Passwords are used for almost everything.  Having a strong password is one way to protect.  Here are some guidelines:

  • Never use personal information such as your name, birthday, user name, or email address. This type of information is often available and easy to figure out.
  • Use a longer password—the longer the better but at least 6 characters.
  • Use different passwords for each account. When you use the same password, if someone discovers your password, then they have access to all your other accounts.
  • Include numbers, symbols, and both uppercase and lowercase letters.
  • Avoid using words that can be found in the dictionary.
  • Random passwords are the strongest.

Common password mistakes are using passwords based on family names or birthdays, hobbies, animal names, or patterns or short passwords. Passwords are your first wall of defense.

Multi-factor  Authentication

Multi-factor authentication is another method of computer access control.  This includes the user presenting several pieces of evidence into an authentication mechanism.  Multi-factor authentication is usually a two-step process and is required on some sites and devices and others, the user must set up.

An example:  You obtain a new computer and you attempt to login into your account for the first time.  Since this is your first time, your email (if set to multi-authentication) may ask you to verify that you, the owner of the account, is trying to log into an unrecognizable device.  Multi-authentication can work in several ways.  Here are some examples:

  • A text with a code is sent to the cell phone number you have listed when you set the account up. When you get the code, you enter on the new computer and you have gained access.  The new device has been authenticated.
  • A call with a code can be sent to a phone you have listed when you set the account up. When you get the code, you enter on the new computer and you have gained access.  The new device has been authenticated.
  • An email with a code can be sent to a phone you have listed when you set the account up. When you get the code, you enter on the new computer and you have gained access.  The new device has been authenticated.
  • Security questions can be asked and authentication is granted.
  • An authentication app can be installed on your phone and you are notified anything you log on to a new device.

These are a few of the most common ways.

Encryption

Encryption is another way of protecting data.  Encryption is the process of encoding data to prevent unauthorized access.  Decryption is the processing of decoding the data.   The most common ways to encrypt data are the symmetric key encryption and the public key encryption.

The symmetric key encryption involves one key for both encryption and decryption. This key is like a “secret message” between the people who are getting the message.  The same key is used for both encryption and decryption.  All parties involved must have access the key to receive and use the encrypted message.  A security issue can occur if a spoof attack occurs or a person intercepts the key and the message.

The public key encryption pairs a public key for encryption and a private key for decryption.  The sender does not need the receiver’s private key to encrypt the message but the receiver’s private key is required to decrypt the message. One disadvantage is the public key can be known by all which could potentially endanger the security.  A way around this is for a digital certification. A digital certification is a third-party who validates the ownership and provides a type of digital signature to authenticate the key. 

To learn more, watch the encryption video below.

Other Unauthorized Access

How many of you have sat at a public restaurant, coffee shop, mall or other public area to access free wi-fi?  Did you log into something that had your username and password?  The public WIFI is free but any information traveling along the public network can be intercepted, analyzed, and modified.  There are two kinds of public WIFI: secured and unsecured.

Secured means you have to agree to some legal terms, register an account, or type in a password before connecting to the network. It may also require a fee or store purchase to gain access to the password or network. An example of a secured network may be the public WIFI at a hospital or hotel.  An unsecured network can be connected within range and without any type of security feature like a password or login.  An example is a fast food restaurant or coffee shop.

Some things to consider:

  • Don't access personal bank accounts, or sensitive personal data, on unsecured public networks. Even secured networks can be risky. Use your best judgment if you must access these accounts on public Wi-Fi.
  • Don't shop online when using public Wi-Fi. Sure, shopping doesn’t seem like it involves sensitive data, but making purchases online requires personal information that could include bank account and retailer login credentials. Shopping isn’t something you want to do on an unsecured Wi-Fi network.
  • Do turn off automatic connectivity. Most smartphones, laptops, and tablets have automatic connectivity settings, which allow you to seamlessly connect from one hotspot to the next. This is a convenient feature, but it can also connect your devices to networks you ordinarily would not use. Keep these settings turned off, especially when you’re traveling to unfamiliar places.

Also remember to watch Bluetooth connectivity. Bluetooth open while in public places allows connectivity to various devices to communicate with each other, and a hacker can look for open Bluetooth signals to gain access to your devices. Keep this function on your phone and other devices locked down when you leave your home, office, or similar secured area.  Let's remind ourselves of this setup.

VIDEOS SOURCED FROM CODE.ORG AND USED ACCORDING TO TERMS OF USE.