Concept of Security
Introduction to firewall
- A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.
- Accept → allow the traffic
- Reject → block the traffic but reply with an 'unreachable error'
- Drop → block the traffic with no reply
- A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the internet.
How firewall works
- Firewall match the network traffic against the rule set defined in its table.
- Once the rule is matched, associated action is applied to the network traffic.
- For example → Rules are defined as any employee from HR department cannot access the data from code server and at the same time another rule is defined like system administrator can access the data from both HR and technical depatment.
- Rules can ve defined on the firewall based on the necessity and security policies of the organization.
Cyber laws
- Cyber law also called IT law is the law regarding information-technology including computers and the internet.
- It is related to legal informatics and supervices the digital circulation of information, software, information security and e-commerce.
Importance of Cyber Law:
- It covers all transactions over the internet.
- It keeps eye on all activities over the internet.
- It touches every action and every reaction in cyberspace.
Area of cyber law:
- Fraud → It protect consumers from online fraud.
- Laws are made to prevent identity theft, credit card theft, and other financial crimes that happen online.
- A person who commits identity theft may face criminal charges.
- Copyright → The internet has made copyright violations easier.
- It protects the rights of individuals and companies to profit from their creative works.
- Harassment and Stalking → Sometimes online statements can violate criminal laws that forbid harassment and stalking.
- When a person makes threatening statements again and again about someone else online, there is a violation of both civil and criminal laws.
- Cyber lawyers both prosecute and defend people when stalking occurs using the internet.
- Freedom of speech → Freedom of speech is an important area of cyber law under which a person can speak their minds and no one should supress them until their statements are facts.
- Trade Secrets → Companies does business online often depend on cyber laws to protect their secrets.
- A company can take legal action if some other companies try to steal their secret trades.
Advantages of Cyber Law :
- Organizations are now able to carry out e-commerce using the legal infrastructure provided by the Act.
- It has opened the doors for the entry of corporate companies for issuing Digital Signatures Certificates in the business of being Certifying authorities.
- Cyber law provides both hardware and software security.
Cookies
- Cookies let websites remember you, your websites logins, shopping carts and more. But they can also be a collection of private info for criminals to spy on.
- Specific cookies known as HTTP cookies are used to identify specific users and improe your web browsing experience.
Hackers and Crackers
Hackers
- These are people who hack devices and systems with good intensions.
- They might hack a system for a specified purpose or for obtaining more knowledge out of it.
- Hackers work by finding loopholes in a given system and by covering these loopwholes.
- They are basically programmers who gather extensive knowledge regarding programming languages and operating systems (OS).
Crackers
- These are people who hack a system by breaking into it and violating it with some bad intentions.
- They may hack a system remotely for stealing the contained data or for harming it permanently.
- In simpler words, cracker destroy the data and infromation contained in a system by getting unauthorized access to its concerned network.
- They always keep their works hidden because what they do is illegal and mostly prohibited or forbiddedn.
Common Security Terms
Authentication
- Authentication is the process of confirming the correctness of the claimed identity.
- We typically authenticate with a username/password combo, but we can also use security questions, facial recognition, etc.
Authorization
- Authorization is the process of giving someone the ability to access a resource and specifying what they can do with that data like can they modify, delete it.
Cache
- Pronounced cash, a special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device. Two types of caching are commonly used in personal computers: memory caching and disk caching.
Client
- A system entity that requests and uses a service provided by another system entity, called a "server".
- In some cases, the server may itself be a client of some other server.
Secrecy and privacy
- Secrecy attempts to hide information that can be easily accessed through simple observation and analysis from others.
- Privacy attempts to keep communications between people from being intercepted.
- Access control, encryption and verification are the technologies employed in the pursuit of secrecy.
Password Protection
- These are techniques and guidelines that are constructed to be followed by the users so that there password are not weak so that they can get easily cracked.
- These are techniques used by the companies so that their users password remain secret to internet.
File permissions
- To protect files the access is given to only the authenticated and authorized person only.
- So that there is no misuse of that file and protect it for copyright.