Authentication Vs Authorisation
- Definition:
– Authentication: is the process of verifying who you are. For instance when you log on to the PC, you have to have username and password. The user or computer has to prove its identity to server.
– Authorisation: is the process of verifying that you have to access something. Normally, authorization always occurs after successful authentication.
- Example:
– Example for authorisation: In company staff or manager is normally authorized to access employee records and this policy is usually formalised as access control rules in a computer system.
– Example for authentication: a user has to enter or choose an ID and provide their password to begin using this system.
- Recommendation:
Make sure your username should be unique, assigned and secret. The user can use email as the username. Making the strength password.
– For Authentication: make sure your username should be unique, assigned and secret. The user can use email as the username. Making the strength password.
- Reference:
Levels of security Access
- Definition:
In computer security access control includes identification, authorisation, authentication, access approval and audit:
– Computer security: It is the Protection of the computer systems from the theft or damage to their hardware, software or information
– Access Control(AC): It is the selective restriction of access to a place or other resource. this act of accessing may mean consuming, entering, or using.
– Identification(Identity document): An Identity document
- Example:
Multi-Step Authentication
- Definition:
A method of making sure a user. It require identity by utilizing some components(at least 2) Usually we’re asked Knowledge(like a PW, PIN), Possession(like a name, ID, bank card) and Inherence(like a fingerprint, eye Iris).
- Example:
We need ID and PW when we login own Gmail account.
- Recommendation:
Keep your information secret, especially something we know, like a PW.
- Reference:
Security Token (or Device, aka Dongle) Vs Smart Cards
- Definition:
Security Token is small hardware device that used to gain access to an electronically restricted resource. It is create always different password normally every five minutes. Method of security token is two-factor authentication. A owner need this device and PIN number.
- Example:
- Reference:
File systems: FAT, FAT32, NTFS, HFS, APFS, NFS
- Definition:
- It is shortcut from : File Allocation Table, and it is simple system and robust, good performance, easy implementation. This type of extension is use in drives which have to exchange data. It is very unique extension because it was use from 1981 up to the present.
- New version of FAT, which was use in Windows 95,OSR 2 (New version of Windows 95) ,Windows 95. This extension can support larger disks ( up to 2TB ) and with better efficiency
- Shortcut from NT File System, “NT” means operation system, Windows NT and this extension is only available on this system (on Windows NT we can also use FAT)
- NTFS, help to recover disk data, and have control and make some permissions for file or folder
- It is shortcut from Hierarchical File System – it was used by apple from 1985, but after introduction of Mac OS X 10.6, apple dropped support to read only volumes
- Apple File System- is using in macOS, iOS, tvOS and watchOS, developed by apple to fix problems of HFS +
- NFS allows the user or system administrator to mount (designate as accessible) all or a portion of a file system on a server. The portion of the file system that is mounted can be accessed by clients with whatever privileges are assigned to each file (read-only or read-write). NFS uses Remote Procedure Calls (RPC) to route requests between clients and servers.
- Example
– Example of FAT32 (with no Security tab) Vs NTFS with more Security features
Encryption & Decryption Vs Compression & Decompression
- Definition:
Encryption & Decryption: Encryption is the transformation of data to make it unreadable to anyone else but the targeted end user. Decryption is the reverse transformation of data to make it readable to specific receiver. Compression & Decompression: Compression is the reduction of the file in a more smaller manageable size. Decompression is the explanation of the file to its original format. Putting a password on a zip file is encrypting. First compress data/file then encrypt.
- Example:
Sending large images via email
- Recommendation:
Encryption is recommended for security
- Definition:
Proxy Vs VPN (Virtual Private Network)
- Definition:
Proxy-is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. VPN(Virtual Private Network)extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
- Example:
– Proxy-When you are accessing to a webpage online. Instead of having the homepage contents stored in the cache folder of your browser. The homepage contents are being stored on the proxy server instead. Therefore you could get faster access to a homepage, when you are using proxy with your web browser.
– VPN(Virtual Private Network)- encrypted tunneling secures 100% of all your internet access, replacing your local ISP routing for all applications. … You’ll also get faster connections
-Anonymous
- Recommendation:
VPN – Although it does pretty much the same thing like proxy. Although they could give you faster access to a webpage on the internet(bypass your ISP). But proxy could only works with your web browser. But VPN is using encription for the data that you upload and download from the internet. Therefore it provides you more security than using the proxy server, when you are using the internet.
- Reference:
Wikipedia | Virtual Private Networking
How to Geek | Difference between a vpn-and a proxy
Quora.com | Difference Between a proxy and a VPN
Hardware-based Encryption Vs Software-based Encryption
- Definition:
Software-Based Encryption:
– Require updates
– Includes extra security features
– Need to run particular system
– More convenient
– You need to be admin to open USB,
as you need to download a software.
Hardware:
– Does not require a hand from other software
– It is free from contamination & malicious
– It is more expensive
– More powerful security.
– You don’t need to install software for access.
“Software is easier because it is more flexible and hardware is faster when that is needed” Bruce Schneier, Resilient Systems
- Example:
- Recommendation:
Businesses need to consider the risks of losing the data, but also how long the need to keep the data
- Reference:
AES (Advanced Encryption Standard) Vs PGP (Pretty Good Privacy)
- Definition:
AES: Advanced symmetric encryption algorithm which is implemented in hardware and software to protect sensitive data. encrypts 128 bit blocks with 128-bit, 192 bit, 192-bit or 256-bit keys using 10, 12, or 14 rounds, respectively. Same key is used for encryption and decryption.
PGP: Program used to encrypt and decrypt messages (such as email) between two people, like that only these two people will know the private key used to decrypt those messages.
- Example:
AES:
PGP:
- Recommendation:
AEP is a good option for protect sensitive data in large databases. However, for sharing data is not that reliable since you have to share the key with the recipient which decreases the security as they can decrypt any data encrypted with the same key. (Faster for sending data)
PGP encryption is strong as AEP but has an additional security feature that don’t let other people with the public key able to decrypt the data. (Better for sharing data due security)
- Reference:
www.searchsecurity.techtarget.com
SSL (Secure Sockets Layer), HTTP/HTTPS, FTP/FTPS
- Definition:
– SSL: SSL (secure Sockets Layer) is a standard security technology for build a password to link between a server and a client —typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook) good security but slow.
– HTTP/HTTPS : Hypertext Transfer Protocol Secure (HTTPS) are security for data is sent between your browser and the website that you are connected to. The “S” at the end of HTTPS stands for “secure” and it popular to you at bank or online store.
– FTP: “File Transfer Protocol”. FTP server running on Port 21 called Pure-FTP, and it handles file transfers and FTP logins.
– FTPS: “File Transfer Protocol – Secure” or “File Transfer Protocol – SSL”.
If you want to use FTP over SSL, you MUST use the server name, because FTPS will use SSL encryption, and the certificate that is registered in the Pure-FTP server is the server’s name. If you choose your domain name, you’ll likely get an error and it won’t work.
- Example:
– SLL: good security but slow.
– HTTP: people can see you password.
– HTTPS: people can/t see your password.
- Reference:
For SSL: https://www.digicert.com/ssl/
For HTTP/HTTPS: www.instantssl.com
for FTP/FTPS: https://blog.asmallorange.com
Message Digest, Salt, Hashing
- Definition:
- Example:
- Recommendation:
- Reference:
Public Key
- Example:
Securing Email Communications from Facebook: https://www.facebook.com/
BitLocker
Unfortunately our Windows 10 computers in the lab rooms are not set up to have BitLocker.
If you wish to use this feature on your own personal computers refer to the following article
Stella Pessoa 