Cybersecurity, Web Searching, User Tracking, Social Media, and Cloud Computing (Week 13) Flashcards
What is Multi-Factor Authentication?
Authentication: to confirm the user’s identity
Typically with a password, but this is only one piece of evidence (a “knowledge factor”) that may be used to authenticate a user
Multi-factor Authentication uses other factors, such as Possession factor and Biometric factor.
Safe Computing – Important (Part 2)
Create copies (backups) of your personal data or your whole system regularly (see info at www.worldbackupday.com)
* Physically detach backup media after the backup is finished and ideally store your backup media in a separate location.
For some data, you could use cloud storage providers that immediately synchronize every change of local data to the cloud
* Some of them allow you to restore older versions of the data up to a certain period. (e.g. www.dropbox.com, www.sync.com, OneDrive)
* Be careful: you want to avoid sending very sensitive data to the cloud unencrypted – sometimes this has also legal implications
Safe Computing – Important (Part 3)
Run macros in Microsoft Office only if you really trust the source of a document
Make sure you use HTTPS for any sensitive communication, e.g. financial transactions, web shopping, hotel bookings, etc.
What is HTTPS?
HTTPS, or Hypertext Transfer Protocol Secure, is a protocol used for secure communication over a computer network, commonly the internet.
It is an extension of HTTP, with the ‘S’ standing for ‘Secure.’ HTTPS ensures that the data exchanged between a user’s web browser and a website is encrypted, enhancing security and privacy.
HTTPS - Encryption
HTTPS uses SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to encrypt data during transmission.
This prevents eavesdropping and unauthorized access, making it difficult for attackers to intercept and manipulate the information.
HTTPS - Authentication
HTTPS verifies the ID of the website through SSL certificates. These certificates are issued by Certificate Authorities (CAs) and serve as digital passports for a website.
Users can trust that they are connecting to the intended website and not a malicious entity posing as the legitimate site.
Secure Web Communication
HTTPS-encrypted connections to servers with verified identity feature a “lock” or a similar symbol:
What does Cybersecurity mean?
Cybersecurity refers to the comprehensive set of measures and practices implemented to safeguard digital systems, networks, and data from unauthorized access, attacks, damage, or exploitation.
It encompasses the protection of information technology assets, including computers, software, networks, and the data they handle, against a wide range of cyber threats and risks.
It is critical to ensuring the confidentiality, integrity, and availability of digital resources, preventing potential disruptions, and preserving the trustworthiness of technological systems in an increasingly interconnected and digitized world.
Cybersecurity as a practice
Cybersecurity involves the development and implementation of strategies, technologies, and policies to detect, respond to, and mitigate cyber threats, thereby fortifying the resilience of engineering systems against evolving challenges in the digital landscape.
Protection: Access Privileges
Reduce user access privileges on every computer to the minimum level necessary for each individual user:
You don ́t need administrator privileges on your computer for everyday work situations
Sometimes write access to files could be revoked
Be suspicious when Windows UAC (User Account Control) asks you to grant a program admin privileges
Measures for Cautious Users
- Use “private” or “incognito” mode of your browser to reduce tracking
- Disable 3rd party cookies
- Turn off pop-ups in your browser (if not off by default)
- Use Ad-Blockers, e.g. https://ublock.org/
- Use Plug-ins or Browsers that block ads and prevent tracking
- Turn off unknown browser plug-ins as much as possible
- Disable HTML in your mail reader
- Turn off JavaScript in Adobe Reader
- Turn off all service on your machine you don ́t use, e.g. sharing of printers, remote access, etc.
- Check your “Firewall” settings
** For ordinary users, standard firewall settings should be sufficient (regardless of your OS)
What is a Firewall?
A firewall controls incoming and outgoing traffic between two network nodes (could be between hosts or networks)
Unwanted or harmful packets can be discarded based on source or destination IP address or port (filtering)
More sophisticated firewalls also check contents of packets (inspection) to decide what to do
Windows has a configurable built-in firewall
Measures of Paranoid Users (Cybersecurity)
- Turn off JavaScript and cookies in your browser
- Use text only email (disable HTML and JavaScript)
- Encrypt your computer and your phone
- Select less popular software because it is less likely to be exploited
** E.g. Opera browser, Linux OS, etc. - Use software and services to avoid tracking, e.g.
** Tor (The Onion Router) for anonymous use of Internet https://www.torproject.org/
** And many others, e.g. https://www.techradar.com/best/best-free-privacy-software
The Weakest Link (Cybersecurity)
Majority of security breaches are low tech
For users, the trade-off between security and ease of use is essential
The weakest link defines the overall level of security,
* e.g. what are strong passwords good for if users write them on post-it notes attached to the screen?
Users have the biggest impact on security
* and are usually the first choice to gain unauthorized access because other measures often require more effort
Risk Assessment Matrix
Assess threats using a matrix which charts the probability that a particular situation will occur and what its impact (cost, loss of time, etc.) would be
Focus on orange and red areas: try to mitigate using measures that reduce impact, probability or both
E.g. if the impact of a ransomware attack would be catastrophic, introduce weekly or monthly automatic backups
Data & Information - Web Search
Web searches started in 1994 (first graphic browser in 1993)
In 1997 – AltaVista: 20 million search queries per day
* “AltaVista was a Web Search Engine established in 1995. It became one of the most-used early search engines, but lost ground to Google and was purchased by Yahoo! in 2003” - Wikipedia
In 2000:
* Approx. 1 billion web pages existed
* Google: 33 million search queries per day
In 2016:
* Approx. 50 billion web pages existed
* Google: 3 billion search queries per day
In 2019 – Google: > 5.5 billion search queries per day (> 2 trillion queries per year)
In 2023 –Approximately 84 billion visits daily and roughly 2 trillion global searches annually.