ASSIGMENT 9: METHOD OF AUTHENTICATION

METHODS OF AUTHENTICATION

There are two commonly used authentication methods, which are biometric device and callback system.
Biometric device is a device that translates personal characteristics into a digital code that is compared with a digital code stored in the database.
Callback system refers to the checking system that authenticates the user.
BIOMETRIC DEVICES
Fingerprint Recognition
In order to prevent fake fingers from being used, many biometrics fingerprint systems also measure blood flow, or check for correctly arrayed ridges at the edges of the fingers.
Facial Recognition
Facial recognition analyses the characteristics of an individual's face images captured Through a digital video camera. Facial recognition is widely used, touted as a fantastic system for recognizing potential threats
(whether terrorists, scam artists, or known criminals).
Hand Geometry Scanning
Hand scanning involves the measurement and analysis of the shape of one's hand.
Unlike fingerprints, the human hand isn't unique. Individual hand features are not descriptive enough for identification.
It is possible to devise a method by combining various individual features and measurements of fingers and hands for verification purposes.
Iris Scanning
Iris scanning analyses the features that exist in the colored tissues surrounding the pupil which has more than 200 points that can be used for comparison, including rings, furrows and freckles.
The scans use a regular video camera and can be done from further away than a retinal scan. It will work perfectly fine through glasses and in fact has the ability to create an accurate enough measurement that it can be used for identification purposes.
The accuracy of this method is excellent while the cost involved is high.
Retinal Scanning
Retinal biometrics involves the scanning of retina and analyzing the layer of blood vessels at the back of the eye.
Retinal scanning involves using a low-intensity light source and an optical coupler and can read the patterns at a great level of accuracy.
Retina scanning requires the user to remove glasses, place their eye close to the device, and focus on a certain point. Whether the accuracy can outweigh the public discomfort is yet to be seen.
The accuracy in retinal scanning is very good and the cost involved is fair.
Voice Recognition
Voice recognition system compares a person’s live speech with their stored voice pattern.
Voice recognition biometrics requires user to speak into a microphone. What he speaks can be his password or an access phrase.
Verification time is approximately 5 seconds. To prevent recorded voice
use, most voice recognition devices require the high and low frequencies of the sound to match, which is difficult for many recording instruments to recreate well. Also, some devices generate random number of sequences for verification.
The accuracy in voice recognition is fair and the cost involved is very reasonable.
Signature Verification System
Signature verification system uses special pen and tablet. After pre-processing the signature, several features are extracted.
The authenticity of a writer is determined by comparing an input signature to a stored reference set (template) consisting of three signatures.
The similarity between an input signature and the reference set is computed using string matching and the similarity value is compared to a threshold.
The accuracy in signature verification system is fair and the cost involved is excellent.
CALLBACK SYSTEM
The callback system is commonly used in the bank operation and business transaction.
For example, when you book for the taxi service, the operator will ask you to hang up and she will call you back to confirm for the service required.

ASSIGMENT 8: AUTHENTICATION

What Is Authentication?

Authentication is a process for identifying and verifying who is sending a request. The following diagram shows a simplified version of an authentication process.

ASSIGMENT 7: PRIVACY

• CAN PRIVACY BE PROTECTED?
  
  Privacy can be protected by:
  (a) Privacy law
  The privacy laws in Malaysia emphasizes on the following:
  • Security Services to review the security policy
  • Security Management to protect the resources
  • Security Mechanism to implement the required security services
  • Security Objects, the important entities within the system environment
  
  (b) Utilities software
  Example: anti-spam program, firewall, anti-spyware and antivirus.

What is a firewall?

A firewall is a guard between you and the internet, this can be either a software or hardware firewall. It regulates access of program between you and the internet. Firewall protection is very useful and very necessary for users who are always connected to the internet. Firewalls work in the background controlling inbound and outbound traffic and notifies the user of any intrusion attempts on their system. In addition to a good firewall you should also install a good virus scanner and keep it up to date with the latest virus information. A virus scanner with a firewall will reduce your risk of being hacked or virused and help keep both you and your system secure.

Why do you need a firewall?

Whenever your computer is connected to the internet regardless of whether your browser is opened your computer is vulnerable to attack by hackers, worms, trojans, spyware and so on. For those who are utilizing a DSL, Cable Modem, LAN or T1 connection you are open to threats every time you turn your computer on and until your computer is turned off, you have a permanent connection to the internet. It is very simple for just about anybody to come through your internet connection and access your computer.Many PC users believe that no one would bother breaking into their anonymous home computer. Unfortunately, this is not true. Every computer on the Internet has its own IP address, a unique string of numbers that serve as a type of identification. Hackers often program their computers to scan random IP addresses and attack whenever a vulnerable machine is found. They don't need to know your machine personally to attack it. At that point they can perform many malicious acts or steal all of your private information. There are hundreds of ways this can be accomplished.

What do firewalls protect you from?

There are many routes that hackers can take advantage of to gain access to unprotected systems. An effective personal firewall is designed to secure your computer against various threats from the internet or your connected network, including:

Port intrusionsHackers are scanning for vulnerable computers to steal data, corrupt data, destroy or to make use of in the future.

Remote LoginThis is when somebody can log into your computer to access files to actually running programs on your computer.

Application BackdoorsSome programs contain ways to access your programs remotely. Others have bugs in the program that open backdoors, or hidden access that can allow remote access to these programs.

SMTP Session Hijacking - SMTP(Simple Mail Transfer Protocol)This is the most popular way of transferring email over the internet. Hackers often gain access to peoples email address. A person can send unsolicited junk email(spam) to thousands of people using a person's host without them even being aware of this and it makes it very difficult to trace the origin of the emails.

Operating System BugsLike applications, some Operation Systems have backdoors, which can allow hackers to gain access to them.

Denial of Service (DDOS)This type of attack is very hard to control. What a hacker does is send a msg to the victim's computer to make a connection, but when the answer is responded to the computer is unable to find the system. By causing a server to try to respond to these unanswered requests it will cause the system to slow down or eventually crash.

Email BombsThese attacks are mostly personal attacks. Somebody sends you hundreds of the same email filling up you email account until you cannot accept any more emails.

MacrosMany applications allow you to make commands to help you control specific software more easily. Hackers take advantage of this by creating their own macros that will corrupt data or crash your computer.

Viruses and wormsProbably the most well known and still one of the largest threats to computers is a virus. A virus is a small program that will copy onto your system then copy from system to system very quickly. Virus or worms slip in through email attachments and links, weblinks and network or file transfers. These codes can do anything with your computer eg. destroy, corrupt or modify data, render your harddisk and even your operating system useless and then go on to copy itself into other connected systems ( via the internet or your LAN )
Trojans or spywaresAfter slipping in, they install themselves to collect data ( like visited websites, key presses, email messages, passwords and user names ) and transmits the data back to its command server.

SpamSpam is typically harmless junkmail. Unfortunately some junk mail can be very dangerous if you click on one of the links provided. If click on one of these links you can accidentally accept a cookie that will open a backdoor to your computer.

ASSIGMENT 6: PRIVACY

WHAT IS PRIVACY?

Privacy in IT refers to data and information privacy.
Data refers to a collection of raw unprocessed facts, figures and symbols. Then, computer is used to process data into information. In general, data include texts, numbers, sounds, images and video.
Information privacy is described as the rights of individuals and companies to deny or restrict the collection and use of information about them.
WAYS COMPUTER TECHNOLOGY THREATEN OUR PRIVACY
Every time you click on an advertisement or register a software product online, your Information is entered into a database. Computer technology can also threaten privacy through spam. Do you know what spam is? Spam is unsolicited e-mail messages, advertisements or newsgroup postings sent to many recipients at once.

How does computer technology threaten the privacy of our data? It is done through:
• Cookies
• Electronic profile
• Spy ware

Computer technology threatens our privacy through electronic profiling. For example, when we fill out a form such as a magazine subscription, purchasing products or contest entry form on the Internet, this data is kept in the database. It will include age, address, marital status and other personal details.

Cookies
• are used to identify users by web casting, e-commerce and other web applications
• contain user information and are saved in the computer hard disk
• are used by some websites to store passwords and track how regularly we visit a website, that’s how we become potential targets for web advertisers
• enable web sites to collect information about your online activities and store them for future use, then the collected details will be sold to any company that requests for it.

Electronic profile
• electronic profile is the combining of data in a database that can be sold to the Internet by the company to the interested parties.
• this database is in a form such as magazine subscription or product warranty cards that had been filled by online subscribers.
• the information in electronic profile includes personal details such as your age, address and marital status.

Spyware
• refers to a program that collects user information without the user’s knowledge.
• can enter computers, sneaking in like a virus.
• is a result of installing new programs.
• communicates information it collects to some outside source while we are online.