HL

Click on the links and investigate on the following:

1. · Intrusions e.g. Viruses, Hacking, Phreaking
Ø Technometria: The Virus Problem [IT Conversations 17 April 2007]
Ø Feeding the Game: Online Gaming Security Issues [IT Conversations 14 April 2007]
Ø Tips to help you stay safe online [BBC 7 October 2006]

2. Encryption
Ø Crypto Issues [Security Now 20, 20 March 2006]
Ø Evaluate how encryptions affect a Hospital network. [5 Marks]

At hospital staffs share a lot of patient’s records throughout the whole hospital because it’s easy for the doctors to check patient’s current and previous symptoms. So, staff within the hospital must be able to transmit and share data a lot of times within the hospital network. But there are some issues of hacking that can occur within the sending process of the data, or it could be lost. This is where encryption plays a major role at the hospital, because it secures your data from hacking. Encryption transforms data into a secret code that no one else can read, unless people have a secret key or password that allows you to decrypt the encrypted file. So it allows the hospital to share their data securely.
But this could bring some disadvantages like if the encrypted data was not completely received, doctors might not be able to read the full data. This could bring an issue of integrity of data because there could have been some changes within the process of transition of the data, and this could result in gaining a wrong or false data because if the data is not fully sent that means that data cannot longer be used or trusted.
http://www.spectralogic.com/index.cfm?fuseaction=press.viewReleaseDetail&CatID=72&PrId=189
http://computer.howstuffworks.com/encryption.htm


3.
Firewall
Ø Evaluate vulnerable are networks to intrusion? [5 Marks]
Networks are never safe from intrusions. An anonymous attacker can hack into a network from a distance without any contact with the system, users, or administrators. He or she can pass the attack to other host computers before reaching the target in order to disguise himself. There are numerous ways to hack into a network. A hacker can find vulnerability in the software that provides network servicers by scanning the network. The hacker would use the program to connect any IP address within its range, and the program would tell the hacker if the computer has a bug. Then, the hacker would use the bug to take control of the targeted computer. Also, a hacker can detect computers that are on the network with open accounts. Sometimes, hackers eavesdrop by having a program called sniffers that capture data that is broadcasted through a network. Normally, only certain computer that is meant to receive data processes it, but the usage of sniffers enable hackers to snatch information such as passwords and credit card information.

[[http://newbiznetwork.blogspot.com/2009/11/what-makes-network-vulnerable.htmlhttp://pangea.stanford.edu/computerinfo/resources/network/security/risks.html|http://newbiznetwork.blogspot.com/2009/11/what-makes-network-vulnerable.html]]
http://pangea.stanford.edu/computerinfo/resources/network/security/risks.html
Ø How good can a firewall be at filtering incoming data? [5 Marks]
A firewall is a hardware device or software program that helps protect a computer from unauthorised access. Firewalls have built-in filters that can prevent unauthorized or potentially dangerous material from entering a computer or network.
http://www.standardchartered.com/online-banking/security-tips/glossary/en/index.html

The effectiveness of a firewall largely depends on whether it is alone or with other security systems. For example, if a Virtual Private Network is in front of a firewall and an IP packet filter is installed, your computer will be effective in filtering incoming data. IP packet filtering provides a way for you to define precisely what IP traffic is allowed to cross the firewall. IP packet filtering is important when you connect private intranets to public networks like the Internet. A firewall on its own still has a risk of bringing harm to your computer because it can allow FTP (File Transfer Protocol), meaning P2P programs can be accessed which may contain harmful data such as viruses.

http://technet.microsoft.com/en-us/library/cc958037.aspx

Ø Discuss how can digital signatures help? [5 Marks]
Digital signatures are great help to authenticate the identity using cryptographic algorithms. They improve authenticity, integrity, and non-repudiation. The digital signature helps ensuring who the signer is which prevents others who pretend to be the one signing the document. It also improves integrity by ensuring that the content remains the same. In order to change the content, the originator of the document should be present. Sometimes, the signer denies having signed the content in which the action is referred as ‘repudiation’. Digital signature prevents repudiation by proving that the person has signed the document regardless of their denial because the signer has to repudiate digital key in order to repudiate the digital signature. If she or he has repudiated digital key, the other documents would also be repudiated. Compared to hand-written documents, digital signatures are hard to forge which benefits business companies. Businesses also reduce the cost of operation; it is estimated each signature costs about $6.50 when copying, scanning, or retrieving lost documents. By adopting digital signature, the cost can be reduced at a greater expense.
http://www.arx.com/digital-signatures-faq

http://technet.microsoft.com/en-us/library/cc545901(office.12).aspx

4. Other security measures
Ø Primes and Certificates [Security Now, 27 April 2006]
Ø List down steps to avoid one of the online scams. [5 Marks]

Avoiding Online Paid Surveys Scams

Some online paid surveys that sound too good to be true are most likely a scam. It is essential that users are not fooled by the testimonials (they are actually written by ropers and shills), documented proof (most are counterfeit documents that simply look authentic), and guarantees (refunds are hard to collect if the site is indeed a scam).
Some ways you can avoid scams are by reading all the information posted and asking questions if in doubt. Rather than mindlessly submitting personal information to these survey sites, it is recommended that you read the disclaimers, terms, and conditions to determine if the site is reliable. If the sites do not answer your questions, be wary of them.
Furthermore, perform “whois” lookups to reveal if the sites were registered by proxy. If this is the case, you should avoid submitting any information because the site owners may be hiding the authentic contact information behind proxy services. The whois lookups will also inform you if the owner of the site launched other similar sites. If so, be wary again.
There also exist scam forums (scam.com) where you can browse for messages from consumers concerning false online paid surveys. However, the forum can be contaminated with ropers and shills who pretend to be “rescuing” those who have been duped.




5. E-commerce
Ø Evaluate computer networks' impact on globalization (e.g. EFT, EDI, SSL, e-commerce)? [5 Marks].


Electronic Commerce, also known as e-commerce, is a business established through the Internet while using software such as e-mails, instant messaging, electronic fund transfer, electronic data interchange, and secure socket layers to effectively function. The development of e-commerce has enabled the exchange of goods and services to be rapid and convenient as products can be shipped from different poles of the world.

One of the components of e-commerce is the Electronic Fund Transfer. Electronic Fund Transfer (EFT) is a system that enables the transferring of money from one bank account to another. Applied to the context of e-commerce, consumers can transfer payment to the company without physically having to meet them, saving time while concurrently increasing convenience. Furthermore, this system benefits the companies for they can widen the availability of customers and trading partners. Although this system is advantageous in these aspects, users relying on EFT are vulnerable to fraud and the failure of technology. Some hackers illegally access accounts to retrieve past banking records and threaten the privacy of an individual. Furthermore, a power failure during the use of the system may engender the loss of records or interrupt the process.

The Electronic Data Interchange, which is the transfer of electronic data between parties, is also another system used in e-commerce. This interchange enables companies to communicate with one another more efficiently and effectively, consequently reducing errors. Rather than having to physically mail out catalogues and brochures to establish trading links with other companies and allure customers, companies can send e-mails through the Internet. EDI has made is possible for “retailers and distributors to have speedily and reliable communications [by] easily [determining] product availability of a distributor prior to placing an order” (Exforsys). Consequently, if a product is out of stock for a retailer, the order will directly be placed to the manufacturer. To ensure the security and privacy of the users, the orders are encrypted for Internet transmission and converted into a EDI format for internal processing.


Secure Sockets Layer is a security development for an “encrypted link between a web server and a browser.” This ensures that the data passed between web servers and the browser is encrypted and that everything transferred is private. However SSL is disadvantageous in the sense that it requires both parties to encrypt and decrypt messages. Therefore, the communication of messages is much slower.


http://www.webopedia.com/TERM/E/electronic_commerce.html
http://www.wikinvest.com/concept/E-Commerce
http://searchwinit.techtarget.com/sDefinition/0,,sid1_gci214564,00.html
http://www.businesspme.com/uk/articles/trade/90/Electronic-money---advantages-and-disadvantages.html
http://www.exforsys.com/tutorials/edi/e-commerce-and-edi.html
http://info.ssl.com/article.aspx?id=10241
http://publib.boulder.ibm.com/tividd/td/ITLM/SC32-1431-01/en_US/HTML/tlminmst45.htm