Chapter 5_Digital Security, Ethics, and Privacy Part II
Digital Security, Ethics, and Privacy: Avoiding and Recognizing Threats Part II
Date: 12/5/2024Objectives
Identify risks associated with technology use
Identify cybercrimes and criminals
Recognize issues related to:
Information accuracy
Intellectual property rights
Green computing
Describe ways to safeguard against Internet and network attacks
Discuss techniques to prevent unauthorized computer access
Identify risks and safeguards associated with wireless communications
Discuss issues surrounding information privacy
Explain how schools and businesses protect themselves
Use strong authentication
Importance of Authentication
Authentication verifies users' legitimacy to access resources. Strong passwords are essential for secure authentication, with a username identifying a user but needing a password for protection. An example of this is online banking, where a unique username and password are required before accessing sensitive financial information. Combining both reduces security risks, as weak passwords offer little protection.
Weak Passwords
Common passwords are easy prey for attackers. Strong passwords should be:
Long and complex: Rather than using predictable patterns, users could create phrases or combinations of unrelated words, e.g., "BlueSky!CoffeeMug123".
Memorable yet difficult to recall: Users might use mnemonics or acronyms to form strong passwords while maintaining some level of memorability.
Password Management ChallengesUsers often resort to shortcuts, leading to weak passwords based on common words or predictable patterns. For instance, many people might use "Password123" simply for ease. With data breaches exposing millions, strong password management is critical.
Top 10 Most Common Passwords
12345
123456789
qwerty
password
1111111
12345678
abc123
password1
1234567
12345
Password Security Recommendations
Weak passwords can be easily compromised. Strong passwords should be 15-20 characters long, significantly increasing the time required to break them, as shown in the infographic below:
Password Length | Number of Possible Passwords | Average Attempts to Break Password |
|---|---|---|
2 | 90,625 | 45,313 |
3 | 857,375 | 428,688 |
4 | 81,450,625 | 40,725,313 |
5 | 7,737,809,375 | 3,868,904,688 |
6 | 735,091,890,625 | 367,545,945,313 |
Additional Password Management Tips
Avoid dictionary words, repeating characters, or personal info: For instance, using names of pets or birthdays makes passwords predictable.
Use a password manager: A tool like LastPass or Dashlane can securely store multiple strong passwords with one master password, simplifying management without sacrificing security.
Biometrics
Biometric security uses unique personal traits for authentication, such as:
Retina scans: Often used in high-security environments, these scans can identify individuals based on the unique pattern of blood vessels in the retina.
Fingerprint scans: Common in mobile devices, these scans use the unique ridge patterns on the fingertips for identification.
Voice recognition: Used in virtual assistants (like Siri or Google Assistant), this technology verifies individuals by analyzing voice patterns.
Facial recognition: Increasingly used for device unlock and security systems, it compares the facial features of a user to stored images.
Iris scanning: Recognizes the unique patterns in the colored part of the eye, highly secure but can raise privacy concerns.
Hand geometry: Measures the shape and size of a person’s hand, often used in physical security access points.
Signature verification: Compares a person’s handwritten signature to a stored signature, often used in banking and legal contexts.
Advantages and LimitationsBiometrics provide high security but have limitations:
Fingerprint readers may fail with injuries, leading to access issues.
Hand geometry can transmit germs, raising health concerns in public settings.
Privacy concerns exist with iris scanning, as it captures sensitive biometric data.
Two-Factor Authentication (2FA)
Combines two authentication methods: something you know (password) + something you have (device). For example, a user might enter their email password and receive a SMS code on their registered phone to complete logging in to their account. This adds an additional layer of security against unauthorized access.
CAPTCHAs
CAPTCHA ensures secure form submissions and distinguishes humans from bots by displaying distorted characters or simple problems (like identifying traffic signals in images) that humans can solve, preventing automated bots from submitting forms in online transactions.
Online Gaming Risks
Gaming poses security risks, including threats from hackers and phishing attempts that target gamers to steal information or accounts.Safety Recommendations:
Verify developer legitimacy: Players should download games only from reputable sources to avoid malware.
Avoid saving passwords on smartphones: This prevents unauthorized access if the device is lost or stolen.
Disaster Recovery
A disaster recovery plan (DRP) outlines strategies for restoring operations post-disaster. Key components include:
Emergency plan: Detailed procedures for immediate response to a disaster, such as natural disasters or cyber-attacks.
Backup plan: Regularly scheduled backups to external locations (like cloud storage) to ensure data recovery.
Recovery plan: Steps detailing the restoration of IT systems, services, and personnel to pre-disaster functionality.
Test plan: Regular testing of the recovery processes to ensure they work effectively during an actual disaster.
Case Study:Rosewood Associates lost operations due to a fire, implementing daily backup protocols but lacking a hardware replacement plan. They realized the need for immediate cloud backups and a ready-to-deploy contingency plan for rapid hardware restoration.
Components of a Disaster Recovery Plan:
Immediate steps for disasters
Use of backup resources
Restoration of operations
Simulating and testing recovery processes