This document discusses various computer security risks and safeguards. It describes risks like computer viruses, worms, Trojan horses, rootkits, botnets, denial of service attacks, back doors, spoofing, and different types of theft. It also discusses safeguards like antivirus software, firewalls, intrusion detection, honeypots, access controls, encryption, and policies. Computer security aims to protect systems and data from accidental or intentional harm, damage, or unauthorized access.
Computer security threats & prevention,Its a proper introduction about computer security and threats and prevention with reference. Have info about threats and their prevention.
Computer security threats & prevention,Its a proper introduction about computer security and threats and prevention with reference. Have info about threats and their prevention.
Detection of Distributed Denial of Service Attacksijdmtaiir
Denial-of-Service attacks, a type of attack on
a network that is designed to bring the network to its knees by
flooding it with useless traffic. Many Dos attacks, such as
the Ping of Death ,Teardrop attacks etc., exploit the limitations
in the TCP/IP protocols. like viruses, new Dos attacks are
constantly being dreamed up by hackers.So the users have to
take own effort of a large number of protected system such as
Firewall or up-to-date antivirus software. . If the system or
links are affected from an attack then the legitimate clients may
not be able to connect it.. This detection system is the next
level of the security to protect the server from major problems
occurs such as Dos attacks, Flood IP attacks, and also the
Proxy Surfer. So these kinds of anonymous activities barred
out by using this Concept
Detection of Distributed Denial of Service Attacksijdmtaiir
Denial-of-Service attacks, a type of attack on
a network that is designed to bring the network to its knees by
flooding it with useless traffic. Many Dos attacks, such as
the Ping of Death ,Teardrop attacks etc., exploit the limitations
in the TCP/IP protocols. like viruses, new Dos attacks are
constantly being dreamed up by hackers.So the users have to
take own effort of a large number of protected system such as
Firewall or up-to-date antivirus software. . If the system or
links are affected from an attack then the legitimate clients may
not be able to connect it.. This detection system is the next
level of the security to protect the server from major problems
occurs such as Dos attacks, Flood IP attacks, and also the
Proxy Surfer. So these kinds of anonymous activities barred
out by using this Concept
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
IT security, hackers,IT security and risks and safe guards, password, how to create password, bio-metric authentication , virus , antivirus software ,how to safe a devices from virus.types of viruses
A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
hey...
This PPT is about Computer Virus and its prevention Technique
1. What is computer virus
2. Types of computer virus
3. How to prevent computer from Virus
4. Antivirus
5. Types of antivirus
This ppt is useful for
B.Ed course / MCA/BCA/ BBA/BCOM/MCOM/M.Ed etc.
The CEH v11 program provides an in-depth understanding of ethical hacking phases, various attack vectors, and preventative countermeasures. It will teach you how hackers think and act maliciously so that you will be better positioned to set up your security infrastructure and defend against future attacks.
A Presentation On Basic Network Security And Viruses For College Level. Basics on Networking, Network Security, Virus, Spyware, Vulnerability, Hacking And Indian Laws To Prevent Hacking
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
computer security
1. Computer Security and Safety,Computer Security and Safety,
Ethics, and PrivacyEthics, and Privacy
2. Computer Security RisksComputer Security Risks
Today, people rely on computers to
create, store, and manage critical
information.
It is crucial to take measures to protect
their computers and data from loss,
damage, and misuse.
A computer security risk is any event
or action that could cause a loss of or
damage to computer hardware, software,
data, information, or processing
capability.
3. Computer Security RisksComputer Security Risks
While some breaches are accidental,
many are intentional.
Some intruders do no damage, and
merely access data.
Others may leave messages or alter or
damage data.
An intentional breach of computer
security often involves a deliberate act
that is against the law.
4. Computer Security RisksComputer Security Risks
Any illegal act involving a computer is
referred to as a computer crime.
The term cybercrime refers to online
or Internet-based illegal acts.
Software used by cybercriminals
sometimes is called crimeware.
Perpetrators of cybercrime fall into seven
basic categories: hacker, cracker, script
kiddie, corporate spy, unethical
employee, cyberextortionist, and
cyberterrorist.
5. Computer Security RisksComputer Security Risks
◦ The term hacker, although originall a
complimentary word for a computer enthusiast,
now has a derogatory meaning and refers to
someone who accesses a computer or network
illegally.
◦ A cracker also is someone who accesses a
computer or network illegally but has the intent
of destroying data, stealing information, or other
malicious actions.
◦ A script kiddie has the same intent as a cracker
but does not have the technical skills and
knowledge, using prewritten code to break into
computers.
6. Computer Security RisksComputer Security Risks
◦ Some corporate spies have excellent
computer and networking skills and are hired
to break into a specific computer or identify
risks in their own organization.
◦ Unethical employees may break into their
employers’ computers for a variety of reasons
(exploit security, financial gains, etc.)
7. Computer Security RisksComputer Security Risks
◦ A cyberextortionist is someone who uses
e-mail as a vehicle for extortion, threatening
others for personal gain.
◦ A cyberterrorist is someone who uses the
Internet or network to destroy or damage
computers for personal reasons.
The term cyberwarfare describes an attack whose
goal ranges from disabling a government’s
computer network to crippling a country.
8. Internet and Network AttacksInternet and Network Attacks
Information transmitted over networks
has a higher degree of security risk than
information kept on an organization’s
premises.
To determine if your computer is
vulnerable to an Internet or network
attack, you could use an online security
service, which is a Web site that
evaluates your computer to check for
Internet and e-mail vulnerabilities.
9. Internet and Network AttacksInternet and Network Attacks
Companies and individuals requiring
assistance or information about Internet
security braches can contact or visit the
Web site for the Computer Emergency
Response Team Coordination Center, or
CERT/CC, which is a federally funded
Internet security research and
development center.
10. Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan
Horses, and RootkitsHorses, and Rootkits
A computer virus is a potentially
damaging computer program that affects,
or infects, a computer negatively by
altering the way the computer works
without the user’s knowledge.
A worm is a program that copies itself
repeatedly, in memory or on a network,
using up resources and shutting down the
computer or network.
11. Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan
Horses, and RootkitsHorses, and Rootkits
A Trojan horse (named after the Greek
myth) is a program that hides within or
looks like a legitimate program and
causes a condition or action when
triggered.
A rootkit is a program that hides in a
computer and allows someone from a
remote location to take full control of
the computer.
◦ Execute programs, change settings, etc.
12. Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan
Horses, and RootkitsHorses, and Rootkits
Computer viruses, worms, Trojan
horses, and rootkits are all classified as
malware (malicious software), which are
programs that act without a user’s
knowledge and deliberately alter the
computer’s operations.
The payload is the destructive event or
prank the program is intended to deliver.
13. Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan
Horses, and RootkitsHorses, and Rootkits
Infected computers can suffer from one or
more of the following symptoms:
◦ OS running slower
◦ Less available memory
◦ Corrupted files
◦ Unusual messages or images
◦ Unusual sounds playing
◦ Existing programs and files disappear
◦ Programs or files not working properly
◦ Unusual programs or files appear
◦ OS does not start up or unexpectedly shuts
down
14. Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan
Horses, and RootkitsHorses, and Rootkits
Malware delivers its payload on a
computer when a user
◦ Opens an infected file
◦ Runs an infected program
◦ Boots the computer with infected removable
media inserted
◦ Connects to an unprotected computer or
network
◦ When a certain condition or event occurs,
such as the clock changing to a specific date
15. Safeguards against ComputerSafeguards against Computer
Viruses and Other MalwareViruses and Other Malware
Methods that guarantee a computer or
network is safe from computer viruses and
other malware simply do not exist.
Do not start a computer with removable
media inserted in the drives.
◦ If you must start the computer with removable
media, be certain it is from a trusted source,
which is an organization or person you believe
will not send a virus.
Never open an e-mail attachment unless you
are expecting the attachment and it is from a
trusted source.
16. Safeguards against ComputerSafeguards against Computer
Viruses and Other MalwareViruses and Other Malware
Some viruses are hidden in macros, which
are instructions saved in software such as
a word processing or spreadsheet
program.
Users should install an antivirus program
and update it frequently.
An antivirus program protects a
computer against viruses by identifying
and removing any computer virus found
in memory, storage, or incoming files.
17. Safeguards against ComputerSafeguards against Computer
Viruses and Other MalwareViruses and Other Malware
An antivirus program scans for programs
that attempt to modify the boot program,
the operating system, and other
programs that normally are read from but
not modified.
One technique used to identify a virus is
to look for virus signatures, also called
virus definitions, which are a known
specific pattern of virus code.
18. Safeguards against ComputerSafeguards against Computer
Viruses and Other MalwareViruses and Other Malware
Another technique that antivirus
programs use to detect viruses is to
inoculate existing program files.
To inoculate a program file, the
antivirus program records information
such as the file size and creation date in a
separate inoculation file, thus enabling it
to tell if a file has been tampered with.
19. Safeguards against ComputerSafeguards against Computer
Viruses and Other MalwareViruses and Other Malware
If an antivirus program identifies an
infected file, it attempts to remove the
malware.
If it cannot remove the infected file, it
will attempt to quarantine it.
A quarantine is a separate area of a
hard disk that holds infected files until the
infection can be removed, ensuring other
files will not become infected.
20. Safeguards against ComputerSafeguards against Computer
Viruses and Other MalwareViruses and Other Malware
In extreme cases, you may need to reformat
the hard disk to remove malware from an
infected computer.
Stay informed about new virus alerts and
virus hoaxes.
A virus hoax is an e-mail message that
warns users of a nonexistent virus or other
malware.
◦ They come in the form of chain mail and inform
users to delete an important system file claiming
it is malware.
21. BotnetsBotnets
A botnet is a group of compromised computers
connected to a network such as the Internet that
are used as part of a network that attacks other
networks.
A compromised computer, known as a zombie,
is one whose owner is unaware the computer is
being controlled remotely by an outsider.
A bot is a program that performs a repetitive task
on a network.
Cybercriminals install malicious bots on
unprotected computers to create a botnet, also
called a zombie army.
22. Denial of Service AttacksDenial of Service Attacks
A denial of service attack, or DoS
attack, is an assault whose purpose is to
disrupt computer access to an Internet
service such as the Web or e-mail.
This is done by flooding a victim computer
with confusing data messages, thus making it
unresponsive.
A DDoS (distributed DoS) attack, is more
devastating, in which a zombie army is used
to attack computers or computer networks.
23. Back DoorsBack Doors
A back door is a program or set of
instructions in a program that allow users
to bypass security controls when
accessing a program, computer, or
network.
Some malware will install a back door
once it infects the victim computer.
24. SpoofingSpoofing
Spoofing is a technique intruders use to
make their network or Internet transmission
appear legitimate to a victim computer or
network.
E-mail spoofing occurs when the sender’s
address or other components of the e-mail
header are altered so that it appears the e-
mail originated from a different sender.
IP spoofing occurs when an intruder
computer fools a network into believing its
IP address is associated with a trusted
source.
25. Safeguards against Botnets, DoS/DDoSSafeguards against Botnets, DoS/DDoS
Attacks, Back Doors, and SpoofingAttacks, Back Doors, and Spoofing
Some of the latest antivirus programs
include provisions to protect a computer
form DoS and DDoS attacks.
Users can also implement firewall
solutions, install intrusion detection
software, and set up honeypots.
26. FirewallsFirewalls
A firewall is a hardware and/or software
that protects a network’s resources from
intrusion by users on another network such
as the Internet.
A proxy server is a server outside the
organization’s network that controls which
communications pass into the organization’s
network.
A personal firewall is a utility program
that detects and protects a personal
computer and its data from unauthorized
intrusions.
27. Intrusion Detection SoftwareIntrusion Detection Software
Intrusion detection software automatically
analyzes all network traffic, assesses
system vulnerabilities, identifies any
unauthorized intrustions, and notifies
network admins.
28. HoneypotsHoneypots
A honeypot is a vulnerable computer that
is set up to entice an intruder to break
into it.
They appear real to the intruder but are
separated from the organization’s
network.
They are used to learn how intruders are
exploiting their network.
29. Unauthorized Access and UseUnauthorized Access and Use
Unauthorized access is the use of a
computer or network without permission.
Unauthorized use is the use of a
computer or its data for unapproved or
possibly illegal activities.
At a minimum, organizations should have a
written acceptable use policy (AUP) that
outlines the computer activities for which
the computer and network may and may not
be used.
30. Identifying and Authenticating UsersIdentifying and Authenticating Users
An access control is a security measure
that defines who can access a computer,
when, and what actions they can take.
The computer should maintain an audit
trail that records in a file both successful
and unsuccessful access attempts.
Identification verifies that an individual is a
valid user.
Authentication verifies that the individual is
the person he or she claims to be.
31. User Names and PasswordsUser Names and Passwords
A user name, or user ID, is a unique combination of
characters (letters, numbers) that identifies a specific
user.
A password is a private combination of characters
associated with the user name that allows access to
certain computer resources.
A CAPTCHA, which stands for Completely Automated
Public Turing test to tell Computers and Humans
Apart, is a program developed at CMU to verify that
user input is not computer generated.
A passphrase is a private combination of words, often
containing mixed capitalization and punctuation,
associated with a user name, to be used in place of a
password.
32. Possessed ObjectsPossessed Objects
A possessed object is any item that you
must carry to gain access to a computer
or computer facility (badges, cards, keys).
A personal identification number
(PIN) is a numeric password, either
assigned by a company or selected by a
user.
33. Biometric DevicesBiometric Devices
A biometric device authenticates a
person’s identity by translating a personal
characteristic, such as a fingerprint, into
digital code that is compared with a digital
code stored in the computer verifying a
physical or behavioral characteristic.
◦ Ex. Biometric payment is used, where a customer’s
fingerprint is read and their account is charged.
Biometric devices have disadvantages.
◦ Ex. Cut finger for fingerprint readers.
34. Digital ForensicsDigital Forensics
Digital forensics, also called computer
forensics, network forensics, or
cyberforensics, is the discovery, collection,
and analysis of evidence found on
computers and networks.
35. Hardware Theft and VandalismHardware Theft and Vandalism
Hardware theft is the act of stealing
computer equipment.
Hardware vandalism is the act of
defacing or destroying computer
equipment.
36. Safeguards against Hardware TheftSafeguards against Hardware Theft
and Vandalismand Vandalism
Some labs attach physical security devices
such as cables that lock the equipment to
a desk.
Some businesses use real time location
system (RTLS) to track and identify the
location of high-risk or high-value items.
Mobile devices require extra security,
such as logon passwords, encrypted data,
and even software to photograph the
theif.
37. Software TheftSoftware Theft
Software theft occurs when someone
steals software media, intentionally erases
programs, illegally copies a program, or
illegally registers and/or activates a
program.
Software piracy is the unauthorized and
illegal duplication of copyrighted
software.
Illegally obtaining registration numbers
can be done with keygens, short for key
generators.
38. Safeguards against Software TheftSafeguards against Software Theft
All owned software media should be stored
securely.
A license agreement is the right to use
the software: you do not own it, you have
the right to use it.
A single-user license agreement, also called a
end-user license agreement (EULA) is the most
common license.
◦ Install on one computer, make one backup copy,
sell it if it is removed from the computer it is on.
39. Safeguards against Software TheftSafeguards against Software Theft
During product activation, which is
conducted either online or by telephone,
users provide the software product’s
identification number to receive an
installation identification number unique
to the computer on which the software is
installed.
40. Information TheftInformation Theft
Information theft occurs when
someone steals personal or confidential
information.
It has potential of causing more damage
than hardware or software theft.
Information transmitted over networks
offers a higher degree of risk.
41. Safeguards against Information TheftSafeguards against Information Theft
Most organizations attempt to prevent
information theft by implementing the
user identification and authentication
controls discussed earlier.
42. EncryptionEncryption
Encryption is a process of converting
readable data into unreadable characters
to prevent unauthorized access.
It is treated like any other data (it can be
stored, sent, etc.)
To read the data, the recipient must
decrypt, or decipher, it into a readable
form.
43. EncryptionEncryption
The unencrypted, readable data is called
plaintext.
The encrypted (scrambled) data is called
ciphertext.
An encryption algorithm, or cypher, is a set
of steps that can convert readable
plaintext into unreadable ciphertext.
44. EncryptionEncryption
An encryption key is a set of characters that the
originator of the data uses to encrypt the
plaintext and the recipient of the data uses to
decrypt the ciphertext.
With private key encryption, also called symmetric
key encryption, both the originator and the
recipient use the same secret key to encrypt and
decrypt the data.
Public key encryption, also called asymmetric key
encryption, uses two encryption keys, a public and
a private.
◦ A message generated with a public key can be
decrypted only with the private key.
45. EncryptionEncryption
Some operating systems and e-mail programs
allow you to encrypt the contents of files.
Programs such as pretty Good Privacy (PGP) can be
used as well.
A digital signature is an encrypted code that a
person, Web site, or organization attaches to an
electronic message to verify the identity of the
message sender.
It consists of the user’s name and a hash of all or
part of the message, which is a mathematical
formula that generates a code from the contents
of the message.
46. EncryptionEncryption
Many Web browsers offer 40-bit, 128-bit,
and even 1024-bit encryption, which are
even higher levels of protection since
they have longer keys.
A Web site that uses encryption
techniques is known as a secure site,
which use digital certificates along with a
security protocol.
47. Digital CertificatesDigital Certificates
A digital certificate is a notice that
guarantees a user or a Web site is
legitimate.
A certificate authority (CA) is an authorized
person or company that issues and
verifies digital certificates.
48. Transport Layer SecurityTransport Layer Security
Transport Layer Security (TLS) a successor
to Secure Sockets Layer (SSL), provides
encryption of all data that passes between
a client and an Internet server.
Both ends require a certificate and
prevents perpetrators from accessing or
tampering with communications
TLS protected websites typically begin
with https, instead of http.
50. Secure HTTPSecure HTTP
Secure HTTP (S-HTTP) allows users to
choose an encryption scheme for data
that passes between a client and server.
It is more difficult than TLS to use, but it
is also more secure.
51. VPNVPN
When a mobile user connects to a main
office using a standard Internet
connection, a virtual private network (VPN)
provides the mobile user with a secure
connection to the company network
server, as if the user has a private line.
They help ensure that data is safe from
being intercepted by unauthorized people
by encrypting.