Candidates should be able to:
- describe a range of methods for preventing unauthorised access to computer
- describe what is meant by data encryption and identify when it is used;
Preventing unauthorised access:
The information covered in 5.1.1 Security
describes a range of methods for preventing unauthorised access to computer
Encryption is a way of protecting data by scrambling it up so that it unreadable without a
special decryption code. Only an authorised users would be given this code and the
software to use it.
E-commerce web sites use encryption to protect the personal and financial
details of their customers when such information is transferred over the
Internet. If someone did manage to intercept the information it would be
tell a website that is secure because it will use the protocol https://
instead of http:// at the beginning of the website address (URL) and a closed
padlock symbol should appear in the bottom-right of the browser window (IE
Explorer). You should never enter financial details over the
Internet unless you have made these checks and are sure that the website
requesting them is trustworthy.
This is a criminal
activity where someone uses a computer to defraud an individual or organisation
of money or goods.
Computer fraud can be difficult to detect because:
- it is very hard to track down and the people committing the crime are
often very skilled
- offenders are often young, with no previous criminal records
- it is often not publicised as news of the fraud may damage the image of
Identity theft is often linked to computer fraud
as criminals can shop online or access bank accounts if they capture the
personal details of a genuine user.
Spyware is software downloaded by a user, often
hidden inside a program they download for another purpose. The Spyware can
record the websites they access and some versions record keystrokes such as
passwords when a user accesses secure online websites such as online banking.
The log on details are then passed by the computer over the internet to the
criminals for fraudulent use.
Trojans are programs that can allow other users
to access your computer remotely over the Internet.
Key loggers are programs installed on a computer
that log every key-stroke a user makes. On a public computer a fraudster
can log on, install the key logger, then log off. The key logger will
continue running, even if the computer is restarted, so all the key strokes of
the next user are captured. When that user logs off the fraudster logs on
again and simply reads the log file to access passwords etc.
phishing applies to a situation where
an email is used to find out confidential information, such as a username and
password, so they can be used for fraud. These emails often direct the
user to a fake website which they try to log onto, thinking it is the genuine
secure site they normally use. The details they enter are then passed to the
criminals and the user is directed to the genuine site without being aware of
what has happened.
To reduce the risk of becoming a victim of computer fraud:
- Only enter personal or financial details into a website that is secure (uses
- Never enter secure information on a public computer which could have a
- Install anti-Spyware software, keep it
up-to-date and scan your computer regularly.
- Install anti-virus software, keep it
up-to-date and use it to scan your computer / email for Trojans that
allow others to access your computer.
- Never respond to emails asking you to go to websites and enter your
security details. Genuine emails from genuine companies will never ask
you to do this.
- If you are going to enter personal or financial details on a website then
avoid accessing it by using hyperlinks from another sites or hyperlinks in
emails because these could be links to phishing
websites. Typing in the
website address (URL) yourself is always the most secure method of accessing a
- Keep your operating system and Internet browser up-to-date with the latest
software patches and security fixes.