Chapter-8

Physical Security:
1- Health Aspect:
Health Risk How to minimize it?
Back and neck Strain: it is 1- Use of fully adjustable
caused by sitting in front of chair.
computer for longer period 2- Use of foot rest.
of time. 3- Use of screen which can
be adjusted.
Repetitive Strain Injury: It 1- Ensure correct position
damages the wrists and is maintained.
fingers caused by continuous 2- Take regular breaks.
use of keyboard/mouse. 3- Use of ergonomic
keyboard.
Eye strain: Caused by staring 1- Use of LCD screens.
at a computer screen for too 2- Take regular breaks.
long or having incorrect 3- Use of anti-glare
lighting in the room. screens.
4- Eye test on regular basis
Headache: It is caused by 1- Use of anti-glare
incorrect lighting, screen screen.
reflections, flickering etc. 2- Regular breaks.
3- Eye test on regular basis
 SAFETY AND SECURITY

Ozone irritation: It is caused 1- Proper ventilation.

by laser printer in an office 2- Use of inkjet printer if
area. possible.
3- Laser printer should be
kept in a designated
printer room.

2- Safety Aspects:
Safety Risk How to eliminate or
minimize it?
Electrocution 1- Use of current breaker.
2- Check insulation on
wires.
3- Don’t allow drinks near
computers.
Trailing wires: 1- Use cable ducts to make
the wires safe.
2- Wires must be neatly
tucked away under
desk.
3- Use wireless
connections if possible.
 SAFETY AND SECURITY

Injury caused by equipment 1- Use strong desks and

falling: tables to support heavy
hardware.
2- Use large desks and
tables so that hardware
is not close to the edge.
Fire Risk: 1- Don’t overload electric
sockets.
2- Change to low voltage
hardware if possible.

E-Safety: It refers to keeping the personal data safe while using

internet.
Why personal data should be confidential and protected?
1- Personal Details can be stolen, copied or pass on.
2- User can be blackmailed/threatened.
3- Customer details can be sold to the third party.
How to protect personal data?
1- Don’t share personal details with strangers on social media
or through email.
2- Ensure privacy setting in social media sites.
3- Only use websites recommended by teachers.
4- Only email/text to people you know.
5- Report the person who is bullying you on social media.
 SAFETY AND SECURITY

Security Risks
1- Hacking: The act of gaining illegal access to a computer
system.
Effects of hacking:
1. This leads to identity theft and gaining personal
information.
2. Data can be deleted, changed or corrupted.
Methods to avoid hacking:
1. By using firewalls
2. Use of strong passwords and user ids
3. Use of anti-hacking software

2- Viruses: Program or program code that can replicate itself

and perform malicious activities.
Effects of Viruses:
1. Can cause the computer to crash, stop or unresponsive
2. Can delete files
3. Can corrupt files
 SAFETY AND SECURITY

Methods to avoid viruses:

1. Use anti-virus software
2. Don’t use software from unknown sources
3. Be careful when opening emails, attachments from
unknown senders.
3- Phishing: User is sent to a fake or bogus website when the
user clicks a legitimate looking link in the email/ attachment
Effects of phishing:
1. Creator of the email can gain personal data, bank account
etc.
2. It can lead to fraud or identity theft.
Methods to overcome this security threat:
1. ISPs filter out such emails
2. Be careful and cautious when opening emails or
attachments.
3. Always double check the URL and email address.
Smishing: It means SMS phishing. A fake sms is sent to the user
containing a URL or telephone number. The user is asked to log
on to the website or make a telephone call.
Vishing: Voice mail phishing, it uses a voice mail message to trick
the user into calling the telephone number contained in the
message.
 SAFETY AND SECURITY

4- Pharming: User is redirect to a bogus or fake website due

to malicious code installed on user’s hard drive or
webserver.

Effects of pharming:
1. Creator can gain personal data, back accounts
2. It can lead to fraud and identity theft
Methods to avoid pharming:
1. Use of anti-spyware software
2. User should remain careful and cautious.
3. Always double check the URL to see if it is the same one
you typed in.

5- Spyware\key-logger: Software that generates information

by monitoring key presses on the user’s keyboard and send
back to the creator.
Effects:
1. Give access to all the data entered using key board
2. It can read cookies
3. Can change user’s default web browser
4. Can install other spyware software.
 SAFETY AND SECURITY

How to overcome?
1. Use of anti-spyware software
2. Using a mouse to select characters rather than typing
3. Be careful and cautious

Cookies
A COOKIE is a packet of information sent by a web server to a
web browser. Cookies are generated each time the user visits the
website. Cookies aren’t programs but are simply pieces of data.
They can’t actually perform any operations. The information
gathered by cookies form an ANONYMOUS USER PROFILE and
do not contain personal information (such as credit card
numbers or passwords).

Functions of cookies:
They are able to carry out user tracking and also maintain user
preferences. For example, when a user buys a CD on a music
website, the cookies will have remembered the user’s previous
buying habits.

Moderated Forums: It refers to online discussion forum in which

all the posts are checked by an administrator before they are
allowed to be posted.
Advantages:
 SAFETY AND SECURITY

1. Moderator can prevent spam.

2. Moderator can filter out inappropriate posts.
Unmoderated Forums: Nobody owns the forum, therefore,
nobody can filter out the inappropriate posts and spams.
However, users can do voluntary cooperation for policing the
forum.
Spam Email: It is basically an unwanted email. It is sent to the
recipient from a mailing list. It can be a part of phishing scam.
Effects of spam email:
1. It can make the network slower through flooding of traffic.
2. If part of phishing scam it can obtain recipient’s personal
details and data.
How to prevent spam email?
1. Use junk email filter.
2. Do not sign up for commercial email list.
3. Do not reply the spam email.
Firewalls: A FIREWALL can be either software or hardware. It sits
between the user’s computer and an external network (e.g. the
internet) and filters information in and out of the computer.
Hardware firewall is often referred to in this case as a GATEWAY.
Alternatively, the firewall can be software installed on a
computer; in some cases, this is part of the operating system.
 SAFETY AND SECURITY

Functions of a firewall:
1. Examining the ‘traffic’ between the user’s computer (or
internal network) and a public network (e.g. the internet)
2. Checking whether incoming or outgoing data meets a given
set of criteria and blocks the ‘traffic’ if given criteria does
not meet.
3. Logging all incoming and outgoing ‘traffic’.
4. To prevent access to certain undesirable sites; the firewall
can a list of all undesirable IP addresses.
5. Helping to prevent viruses or hackers entering the user’s
computer (or internal network)
6. Warning the user if some software on their system is trying
to access an external data source.

Limitations of a firewall:

1. It cannot prevent individuals, on internal networks, using

their own modems to bypass the firewall
2. Employee misconduct or carelessness cannot be controlled
3. Users on stand-alone computers can chose to disable the
firewall, leaving their computer open to harmful ‘traffic’
from the internet.

SECURE SOCKETS LAYER (SSL): is a type of protocol which allows

data to be sent and received securely over the internet.
Following things happen during this process
 SAFETY AND SECURITY

TRANSPORT LAYER SECURITY (TLS): is similar to SSL but is a more

recent security system. It is essentially designed to provide
encryption, authentication and data integrity in a more effective
way than its predecessor SSL.
 SAFETY AND SECURITY

TLS is formed of two layers:

1- Record protocol: this part of the communication can be
used with or without encryption (it contains the data being
transferred over the internet).
2- Handshake protocol: this permits the website and the client
(user) to authenticate each other and to make use of
encryption algorithms (a secure session between client and
website is established).

Difference between TLS and SSL

1- TLS can be extended by adding new authentication
methods.
2- TLS can make use of SESSION CACHING which improves the
overall performance

3- TLS separates the handshaking process from the record

protocol (layer) which holds all the data.

Session Caching
The use of session caching can avoid the need to utilize so much
computer time for each connection. TLS can either establish a
new session or attempt to resume an existing session; using the
latter can considerably boost system performance.
 SAFETY AND SECURITY

Encryption – Encryption means to scramble data in such a way

that only someone with the secret code or key can read it.
Encryption works by scrambling the original message with a very
large digital number (key).

Symmetric Encryption

Symmetric encryption is the oldest and best-known technique.

A secret key is used to scramble the data. As long as both
sender and recipient know the secret key, they can encrypt and
decrypt all messages that use this key.

Key distribution problem:

When the key is intercepted by, for example, a hacker which puts
the security of the encrypted message at risk.
AUTHENTICATION: is used to verify that data comes from a
trusted source.
Examples includes:
SAFETY AND SECURITY
 SAFETY AND SECURITY

Credit Card Fraud: When user is tricked into giving his personal
and financial information. This could be via phishing, pharming
or spyware software.
Effects of credit card fraud:
1. User money can be used/transferred out from the account.
How to avoid it?
1. Have a strong password.
2. Install and update spyware software.
3. Ensure websites have a secure connection.
4. Regularly check bank balance.