2.8 Data security and integrity processes

Data Integrity

Data integrity maintains the accuracy and constancy of data. For example, a well-designed database will enforce data integrity wherever possible.
This is achieved through the use of validation rules and double-entry of data.

What are the security and integrity problems that can arise during the online updating of files?

• outside access and manipulation of files
• unauthorized reading or copying of files
• loss or deliberate deletion of files.
• If an Internet connection is lost during synchronisation, then the file stored in the cloud will be incomplete.
• If data is corrupted when the user is working on the client machine, then the corrupted file may be synchronised by the cloud.
• If a file is used across many devices, there may be mismatches between the data stored across the devices and the data stored online.

What are the range of measures to ensure the security and safety of the stored data in the cloud (updating online files)?

• Use of RAID technology
• Retention of multiple versions of files
• Checksums to ensure data integrity
• Synchronisation across users' devices and cloud storage.

Dangers that can arise from the use of computers to manage personal data files.

Data Breaches: Unauthorized access to personal data files can lead to significant data breaches, where sensitive information is exposed to malicious actors. This can result in identity theft, financial loss, and other forms of exploitation.

Malware and Ransomware: Computers managing personal data are susceptible to malware and ransomware attacks, which can corrupt, steal, or lock access to data until a ransom is paid.

Insider Threats: Employees or individuals with access to data files may misuse their privileges to steal or manipulate personal data for personal gain or malicious intent.

Breaches of personal data can lead to a loss of trust between individuals and organizations, damaging reputations and customer relationships.

Accidental deletion, hardware failures, or other technical issues can result in the permanent loss of personal data, affecting individuals' records and histories.

Errors in data entry, processing, or storage can lead to significant issues for individuals and organizations.

Personal data can be shared without the consent of the individuals involved, leading to violations of privacy and potentially damaging consequences.

What are the protections that can be applied to files/data?

• Standard clerical procedures
• Levels of permitted access
• Passwords for access
• Write-protect mechanisms

Contemporary processes that protect the security and integrity of data for standard clerical procedures

Data Entry Validation: Implementing validation rules to ensure that data entered into systems is accurate, complete, and consistent.

Regular Audits: Conducting periodic audits to verify data accuracy and compliance with data management policies.

Data Backup: Regularly backing up data to prevent loss due to accidental deletion, hardware failure, or cyber attacks. This includes off-site or cloud storage solutions for redundancy.

Data Retention Policies: Establishing policies that define how long data should be retained and securely disposing of data that is no longer needed.

Contemporary processes that protect the security and integrity of data for Levels of Permitted Access

Role-Based Access Control (RBAC): Assigning permissions based on the user's role within the organization. Users are granted access only to the data necessary for their job functions.

Principle of Least Privilege (PoLP): Ensuring users have the minimum level of access needed to perform their duties, reduces the risk of accidental or intentional data misuse.

Access Control Lists (ACLs): Defining which users or system processes are granted access to objects, as well as what operations are allowed on given objects.

Contemporary processes that protect the security and integrity of data for passwords for access

Strong Password Policies: Requiring complex passwords that include a combination of letters, numbers, and special characters to increase security.

Two-Factor Authentication (2FA): Adding an additional layer of security by requiring users to provide two forms of identification before gaining access (e.g., password and a code sent to their phone).

Password Managers: Encouraging the use of password managers to generate and store strong, unique passwords for different systems.

Regular Password Changes: Implementing policies that require users to change their passwords regularly to mitigate the risk of compromised credentials.

Contemporary processes that protect the security and integrity of data for write-protect mechanisms.

Read-Only Access: Setting certain files or databases to read-only mode ensures that data cannot be altered or deleted.

File Permissions: Configuring file systems to set permissions that restrict write access to authorized users only.

Immutable Storage: Using storage solutions that prevent data from being altered or deleted after it has been written, useful for log files or legal records.

Cryptography

Cryptography, practically known as encryption, is simply the act of scrambling a piece of plain text into cipher text so that it can't be immediately understood.

Caesar Cypher

Caesar Cypher (Shift Cyper) is the simplest and most well-known form of encryption, where each letter of the alphabet is shifted a certain number of places.

What are the types of encryptions?

Symmetric (single key) Encryption
Asymmetric (Double key) Encryption

Symmetric (single key) Encryption

Symmetric encryption uses only one key that is used for both encrypting and decrypting the data.
The sender must send the message and the key to the receiver, although they will not be sent together.

Advantages and Disadvantages of Symmetric (single key) Encryption

- Symmetric algorithms have one key that has to be at both ends of a transmission.

- Symmetric is best used for data on your own disks, as it's fast
- Single key encryption can be faster to use.

- Single key encryption may not be secure if the key value has to be transferred over the internet and is intercepted by an unauthorised person.

- symmetric techniques are very easy for modern computers to crack.

- Single key encryption is suitable for personal use when encrypting files on a single computer. No transfer of the key value to another user is needed.

- Single key encryption is suitable for use within an office or work group, where the key value can be transferred during personal meetings or over a secure local area network.

Asymmetric (Double key) Encryption

Asymmetric encryption is also known as public key encryption. It uses two keys, one to encrypt the data and one to decrypt the data. The keys are separate but mathematically connected.

Advantages and Disadvantages of Asymmetric (Double key) Encryption

• Asymmetric algorithms have two keys - a private and a public key.

• With asymmetric algorithms, a shared secret key does not have to be exchanged over an insecure medium such as the Internet, as it does with symmetric algorithms

• If someone knows the encryption key, they can encrypt information but not decrypt it.

• Asymmetric is best used for keys, digital signatures, data sent over the web, e.g. bank details, etc.

• Double key encryption avoids the security risk by only revealing the public encryption key to the sender. The private decryption key is held securely by the receiver and is not revealed.

• Double key encryption is more suitable for the transfer of confidential data over the internet (such as credit card details), e.g., online hotel/airline bookings or shop purchases.

• In many cases, the public and private key pairs in an asymmetric system can remain intact for many years without compromising the security of the system. E.g., SSL certificates

• Asymmetric keys are far slower to use and not feasible for use in transmitting large amounts of data because of the increase in transmission times

• Asymmetric keys are harder to generate.

Biometric Security

Biometric devices are used to add security to a computer system.
A biometric device is something that works with unique features of the human body.

Types of Biometric Security

• Fingerprint recognition
• Iris Scanning
• Retina Scanning
• Facial recognition
• Voiceprint recognition

Fingerprint Recognition

Fingerprint recognition is the process of capturing the person's fingerprints (for all or some of their fingers), then digitising and storing this data on a computer system.
When entry/access is attempted, the fingerprint is captured again.
The images are compared, with entry/access being allowed if there is a match.

Iris & Retina Scanning

Iris and retina scanning involve capturing the unique patterns of a person's iris or retina, digitising this data, and storing it on a computer system, so that when entry/access is attempted, the iris or retina is scanned again, the new scan is digitised and compared to the stored data, and entry/access is allowed if there is a match.

Facial Recognition

Face recognition involves capturing a person's facial features, digitising this data, and storing it on a computer system, so that when entry/access is attempted or surveillance is conducted, the facial image is captured again, the new image is digitised and compared to the stored data, and entry/access or identification is confirmed if there is a match.

Face recognition could be used for instance, by the police at football grounds to check for known troublemakers by comparing current images with stored images.
There could be concern over the lack of privacy if innocent people's facial images are stored by the police.
This technology could also be used in airport security, city centre drunkenness patrols, shopping centre CCTV, etc.

Voiceprint Recognition

Voiceprint recognition involves capturing a person's unique voice characteristics, digitising this data, and storing it on a computer system, so that when entry/access is attempted or verification is needed, the voice is captured again, the new voiceprint is digitised and compared to the stored data, and entry/access or identification is confirmed if there is a match.

This technology could be used to access a room or building by speaking a name or keyword at the door. The person's voice needs to have been recorded previously and it needs to be compared / matched with the original before access is granted.

Factors that could affect Voiceprint Recognition

• High background noise
• Cold / sore throat
• Recording and playing back of the original voice (to gain unauthorised access)

Benefits of biometrics

• Biometric data is unique to a person
• Biometric data is very difficult to copy, steal or imitate (unlike PINs, signatures, etc)
• It is not possible to "forget," as it would be with access cards, PINs, etc

Concerns of biometrics

• Some people might see this use of biometrics as an infringement of privacy / modesty, etc, (personal liberty)
• People might also be concerned about the uses the data might be put to
• People might be concerned about physical damage (e.g. eye damage from repeated flash photography)
• Will not work if the original data capture was flawed (e.g. if criminals manage to have their data recorded and fraudulently become authorised)
• The facial recognition database could allow officials to carry out unauthorised surveillance by monitoring CCTV pictures.
• Possible errors in the system, (e.g. through misidentifying persons in poorly lit streets following a crime).

Disaster Planning

• Backups should be made
• Files should be archived off-site
• There should be an alternative system / hardware that can be replaced quickly
• There should be a back-up power supply
• Staff should be trained in recovery procedures
• It must be possible to rebuild the data

Types of malicious software

- viruses
- worms
- trojan horses
- spyware
- scare-ware/ransome ware
- Botnets

Virus

A virus is software that will attempt to spread over the network by infecting emails, removable storage devices, or known software vulnerabilities.
Once a virus is in play, it will deliver to one or more other pieces of software known as the payload.
The attack vector for a virus tends to be through emails or infected websites.

Trojans

Trojans work in a similar way to viruses, only they are hidden in files or programs. When these files are opened, the Trojan is activated, delivering its payload.
Tricking users into downloading files or using illegal peer-to-peer networks is the most common attack vector for Trojans.

Spyware

Spyware is malicious software that runs secretly on a computer, unknown to the user. Rather than disrupting a computer or causing data loss, spyware tracks key presses and software use, which is then sent back to the hackers.
This is commonly used to commit identification fraud. The spyware attack vector tends to be from other malicious software, such as a virus.

Scare-ware/ransom-ware

Scareware software will try to scare the user into buying fake or further malicious software. It will pop up messages suggesting that your system is compromised and only their software can fix the problem, at a price.
Ransomware uses similar tactics but will delete, collect, or encrypt files, which they will then ransom back.
Ransomware can also take control of webcams.
Scareware tends to be used on compromised websites while ransom-ware tends to have an attack vector as the payload of a virus.

Botnets

Botnets will create a back door to your computer, allowing a hacker to use it without your permission.
The hacker will then use your computer as part of a larger group of compromised computers to launch further attacks, normally denial of service.
Again, this tends to be the payload of a virus.

Worm

A worm is malicious software that replicates itself and will spread to any machine in a network.
Unlike viruses, worms do not need to be attached to a file to run.
A worm infects a computer by being downloaded or over a network connection.
It will also disrupt a machine or network and cause data loss.

Protection against malware

• Install virus protection software, also called anti-virus software - each virus has its own unique'signature’ that is known to virus protection software and stored in a database. Data stored on a computer system is scanned to see if any of the virus signatures within the database exist on the system. There are many thousands of known viruses, and new viruses are created daily. Virus protection software therefore needs to be updated regularly to combat these.

• Use a firewall - A firewall can be a software or hardware security system that controls the incoming and outgoing network traffic. Packets of data are analysed to determine whether they should be allowed through or not.

• Keep your operating system up to date - New ways to bypass the operating system’s built-in security are often discovered and can be covered by installing the security patches issued by the operating system manufacturer.

What are the three types of hackers?

- Black hat hacker
- Grey hat hacker
- White hat hacker

Black hat hacking

Black hat hackers will break into systems for their own purposes.
This could be for financial gain, political motivation, to test their skills or just for fun.

White hat hacking

White hat hackers will use their skills to break into a system to expose flaws and then advise on how they will be fixed.
They will work directly for the company, or are hired by that company, to perform penetration testing.

Grey hat hacking

Grey hat hackers are like white hat hackers, who are not directly hired by a company but perform penetration testing anyway to expose flaws.
The hope is that they will be hired by the company, but more often than not, they are prosecuted under the Computer Misuse Act.

Penetration testing

Penetration testing is done by all three types of hackers and involves trying to break into a system by exploring vulnerabilities in the OS, application flaws, poorly configured systems and user behaviour.
The goal of this testing is to find flaws in the security in order to exploit them or fix them, depending on who is doing the testing.

What are the 5 phases of Penetration Testing?

1. Reconnaissance
2. Scanning
3. Gaining access
4. Maintaining access
5. Clearing tracks.

Reconnaissance

Reconnaissance is all about collecting as much public data as possible.
This could include software in use, names of employees, IP addresses, and other such data.
The key here is not to set off any alarm bells by trying to access protected information too early.
Once this is done, phase two will start, which will probe the system defences in more detail.

What do the final three stages of penetration testing involve?

The final phases will result in changing passwords, creating back doors, and clearing logs.
Getting caught during the hack could lead to a black or grey hat hacker getting a hefty jail term.