Unit 4 - Safely Communicating Data

 CBSE Revision Notes

Class-11 Computer Science (New Syllabus)
Unit 4: Society, Law and Ethics (SLE-1) - Cyber safety

Safely Communicating Data

One should always stay safe while making online payments or transferring the data. Let’s see possible measures you can take to keep yourself secure.

Secure connections: A secure connection is a connection that is encrypted by one or more security protocols to ensure the security of data flowing between two or more nodes. When a connection is not encrypted, it can be easily listened to by anyone with the knowledge on how to do it, or even prone to threats by malicious software and rogue and unexpected events.
Anyone who wants to get information from a non-secured connection can do so since they can easily go through, in and out of the computer’s network taking with them important data such as login, passwords and other private information.

Secure connections, as they supposed to protect the data being transferred from one computer to another, must be able to do three main things.

  1. Prevent third parties from getting hold of confidential data
  2. It must first validate the identification of the person who wishes to access and exchange the data
  3. It must protect information from being viewed or altered by unknown parties

There are many methods to be able to establish a secure connection, but most of them involve data encryption. Data encryption is a method which hides information from other unauthorized parties. This method usually needs an appropriate program installed on both computers involved in the connection that will encrypt and decrypt the information. Among these are our basic security protocols embedded in main communication protocols like TCP/IP, HTTPS, POP3 or IMAP.
Firewalls and anti-virus software may also serve in creating secure connections in some form.

Eavesdropping: Eavesdropping is as an electronic attack where digital communications are intercepted by an individual whom they are not intended. 
This is done in two main ways: Directly listening to digital or analog voice communication or the interception or sniffing of data relating to any form of communication.

Eavesdropping is the act of intercepting communications between two points. 

In the digital world, eavesdropping takes the form of sniffing for data in what is called network eavesdropping. A specialized program is used to sniff and record packets of data communications from a network and then subsequently listened to or read using cryptographic tools for analysis and decryption.
For example, Voice over IP (VoIP) calls made using IP-based communication can be picked up and recorded using protocol analyzers and then converted to audio files using other specialized software.
Data sniffing is easily done on a local network that uses a HUB since all communications are sent to all the ports (non-recipients just drop the data) and a sniffer will simply accept all of the incoming data. 
This goes the same for wireless networking where data is broadcast so even non-recipients can receive the data if they have the proper tools. 
Actual eavesdropping, that is the simple act of listening to other people talk without them knowing it, can be done using current technology such as hidden microphones and recorders. 
Hacking into devices such as IP phones is also done in order to eavesdrop on the owner of the phone by remotely activating the speaker phone function. 
Devices with microphones including laptops and cell phones also can be hacked to remotely activate their microphones and discretely send data to the attacker.

Phishing: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and will capture and steal any information the user enters on the page.

Identity verification: As services and socialising shifted online, identifying each other digitally has become increasingly important. 
How can we do this securely, without impacting users’ experience? Let us explore the trends in online identity verification, looking at the key solutions and implications for businesses and users. 
Exposing more personal information about ourselves and revealing our true identities online opens up great opportunities and risks. Organisations must navigate (and mitigate) these for their users.
Consequently, a number of solutions have emerged to validate who we are online.

Two-Step Verification
Creating a username and password to access specific websites is the most familiar online identity system. But, we’ve known it’s a broken process for years. 
It’s too difficult to create and manage unique, elaborate passwords for each online account we have. And even the idea that a ‘strong password’ can protect us is now a fantasy, with hackers regularly breaking into computer systems and releasing username and password data.
Worse than this, plenty of us daisy-chain accounts to our main email address; creating a single point of failure for hackers to exploit, gaining entry to countless more with ease. 
The most common solution is two-factor authentication: requesting knowledge (such as an alphanumerical ‘secret’) and possession (adding a physical level) for a user to verify themselves. Cash machines were the original implementation of this idea, requiring possession of a physical card and remembering a secret PIN. 
The trick is establishing a second, physical authenticator that is secure, but doesn’t inconvenience the user.
For example, many companies have avoided the delay and cost of issuing unique physical tokens (such as a key fob, or card reader); instead, asking users to add a mobile contact number and enter unique codes sent via SMS.