OAI - Internet Safety and Cybersecurity Lesson

Internet Safety and Cybersecurity

Cartoon with three fish: We need to verify your credit card number. Fish say "Don't take the bait, protect your financial information."

 

 

 

 

 

 

 

 

 

 

 

 

As the Internet grows, the need for security grows with it. A good deal of our time on the Internet is spent communicating with people, ordering from websites, or signing up for accounts using our personal information such as credit-card information, bank account information, and personal details including email addresses and social security numbers.

What can you do to secure your data?

  1. Make sure your computer is set to automatically update software. As companies find vulnerabilities in the software, they will issue updates to correct the problem.
  2. Install protective software that will scan your machines for viruses and notify you when a problem in security occurs.
  3. Choose strong passwords and keep them private.
  4. Back up your data in case you lose it or you need to reinstall a program.
  5. Do not answer emails that are suspicious or give out your personal data to people or give information to websites you haven't researched or verified to be legitimate.  

How does the Internet secure your data?

Each of the protocols has features built in to secure the data as it travels through the Internet. The most popular form of security on the Internet is encryption, the process of encoding information in such a way that only the computer sending or receiving the information can decode it.  

Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.

Cryptography is the field of science that deals with encoding and decoding computer data.  Encryptions are developed using algorithms to create a key that uses a secret code.  

Security Encryption Systems

Secure banking and credit card transactions require encrypted client/server communication.      

Computer encryption systems generally belong to one of two categories:

  • Symmetric-key encryption

A symmetric-key encryption uses a secret code that the sending computer and the receiving computer know in order to decode the information.  

  • Public-key encryption

A public-key encryption uses two keys. The private key is only known to your computer. The public key is given by your computer to another computer that wants to communicate with it. The sending computer encrypts the data with a symmetric key and then encrypts the symmetric key with the public key of the receiving computer. The receiving computer uses its private key to decode the symmetric key and then uses the symmetric key to decode the data. This can typically happen when a user logs on to any site that implements the HTTP Secure protocol.

Certificate Authority (CA)

A digital certificate is an electronic document used to prove ownership of a public key. The certificate includes information about the key, information about its owner's identity, and the digital signature of the entity that has verified the certificate's contents are correct.

Certificates are an important component of Transport Layer Security to prevent an attacker from impersonating a secure website or other server.

The Advanced Encryption Standard (AES) is a symmetric-key block cipher algorithm and a U.S. government standard for secure and classified data encryption and decryption. It establishes the specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. It is a new cryptographic algorithm that can be used to protect electronic data.  

The basic idea is to provide security functions when transferring packets across networks.

  • Authentication: Verifies that the packet received is actually from the claimed sender.
  • Integrity: Ensures that the contents of the packet did not change in transit.
  • Confidentiality: Conceals the message content through encryption.

Cyber Attacks

Even with the security protocols built into the Internet, data breaches do occur. A data breach is the intentional or unintentional release of secure information to an untrusted environment. Protected or confidential data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so. Data breaches may involve financial information such as credit card or bank details, personal health information, trade secrets of corporations, or intellectual property. To combat this, the U.S. Department of Homeland Security has created a team of cybersecurity professionals to help keep America safe from cyber threats. Private companies also hire cybersecurity professionals to keep their data safe.  Data breaches occur due to vulnerabilities in a system.  A security risk is classified as vulnerability. Vulnerabilities could cause security breaches involving hardware, software, network, or personnel.    

Cybersecurity

Cybersecurity is the process of applying security measures to ensure confidentiality, integrity, and availability of data to stop data breaches and leaks. Cybersecurity professionals determine the security needs of a company, and they develop and implement a security system that meets those needs. They are also the ones responsible for determining the cause of security leaks and finding the best remedies to fix the problem.

Why is Cybersecurity a problem?

Companies keep databases with your personal information. When you buy something from a store in person or online, your information is collected and is then stored in the company database. They use this to identify buying preferences. They also have your credit card numbers if you own a credit card with that company. This is part of the "big data" that is being collected. When these databases are compromised, your personal information is exposed and could be sold to other parties. This causes financial problems for the individual and the company.    

[CC BY 4.0] UNLESS OTHERWISE NOTED | IMAGES: LICENSED AND USED ACCORDING TO TERMS OF SUBSCRIPTION