5.6 Safe Computing
1. Exam Points
Security threats
- computer viruses
- Malware
- Phishing
- Keylogging
- rogue access point
- malicious link
Measures to protect privacy:
AuthenticationStrong password
Encryption and decryption
Symmetric key encryption: one keypublic key encryption: a public key and a private key
Digital certificate: issued by Certificate Authorities(认证中心), used to validate ownership of encryption keys.- Know
other concpets: cookie, session, browser.
2. Knowledge Points
(1) Safety Concerns
Personally identifiable information(PII-个人身份信息) is information about an individual that identifies, links, relates, or describes them.Private information may be compromised since:
- Search engines (搜索引擎) can record and maintain a history of searches made by users.
- Websites can record and maintain a history of individuals who have viewed their pages.
- Devices, websites, and networks can collect information about a user’s location.
- Technology enables the collection, use, and exploitation of information about, by, and for individuals, groups, and institutions.
- Search engines can use search history to suggest websites or for targeted marketing.
- Information posted to social media services can be used by others.
Combining information posted on social media and other sources can be used to deduce private information about you.
(2)Measures for Safe Computing
Authentication measures(验证措施) protect devices and information from unauthorized access.- A
strong password is something that is easy for a user to remember but would be difficult for someone else to guess based on knowledge of that user. (strong password vs. weak password)
Multifactor authentication(多重验证) : use at least two authentication mechanisms, including:
- knowledge (something they know, password)
- possession (something they have, keys)
- inherence/ biometric (something they are, fingerprints).- Encryption (加密) is the process of encoding(编码) data to prevent unauthorized access.
- Example: 123421 -> !@#$@!
- Decryption (解密) is the process of decoding(解码) the data.
- Example: !@#$@! -> 123412
Two common encryption approaches are:
Symmetric key encryption(对称密钥加密) involves one key for both encryption and decryption. (keep the key secret)Public key encryption(公钥加密/非对称加密) pairs a public key for encryption and a private key for decryption.
- 公钥用于加密数据,可公开分发;私钥用于解密或签名,需严格保密。
Certificate authorities(认证中心) issue digital certificates that validate the ownership of encryption keys used in secure communications and are based on a trust model.
- 数字证书是互联网通讯中用于验证身份和保障数据安全的一种电子凭证,类似于网络世界的“身份证”。
(3) Threats for Safe Computing
- A
computer virus is a malicious program that can copy itself and gain access to a computer in an unauthorized way.
Malware(恶意软件) is software intended to damage a computing system or to take partial control over its operation.Phishing(网络钓鱼) is a technique that attempts to trick a user into providing personal information. (Ex. emails、messages)Keylogging(按键记录) is the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information.
- 按键记录(Keylogging)是指通过程序,在不通知用户的情况下,记录用户在键盘上输入的所有按键。可以用于多种目的,例如监控、数据窃取等。
- A
rogue access point(非法接入点) is a wireless access point that gives unauthorized access to secure networks.
- A
malicious link(恶意链接) can be disguised on a web page or in an email message.
Unsolicited emails(垃圾邮件), attachments, links, and forms(表单) in emails can be used to compromise the security of a computing system.
(4) Additional Concepts
Cookie: A cookie is a small piece of data a server sends to a user's web browser, a cookie is stored at the client side.Session: An HTTP session is a temporary exchange of information between a client and a server, consisting of a sequence of request–response transactions.Browser: Safari, Google Chrome.Search engine(搜索引擎): baidu, google.
3. Exercises
