Introduction to Security Technologies

In this lesson, you are going to learn about some of the basic security technologies that can be applied to protect computer systems, websites, applications, communications, and files. Each of these areas has special risks that can be addressed with the right approach.

About Usernames and Passwords

In order to begin using any device that you may have, you likely need to provide a username and password. By entering the correct combination of username and password, you can prove your identity. The operating system will then look at your identity and figure out what things you are allowed to do and see within the system.

Administrative Rights vs Limited Rights

Users with "administrative" rights can manage all parts of the computer, make configuration changes, access all files, install and un-install software, and create other users. Other users may have more limited rights that allow them to use the existing applications, but prevent them from making any big changes to the system. Limited users can only access their own files, but can't see data belonging to other users.

Securing Websites

Website designers have many of the same security needs as computer operating systems. In order to identify someone, a username and password is often required.

Designing Secure Applications

What happens when your email client receives an email with a file attachment? The email client might be written to helpfully open that email attachment automatically as you read the message. However, if the attachment contains a virus, then the email client has just infected your computer without giving you a chance to avoid the problem. This is one example of how easy it is for well-meaning software developers to create security problems within applications.

Encrypting Data

Encryption is the process of encoding data in such a way that only programs with a secret key can recover the original data. An encryption program will translate plain data into unreadable encrypted data using an encryption algorithm and a secret key. The key is carefully kept as a secret, shared only with the programs or users that are authorized to access the data. When an authorized user wants to view the plain data, he or she will provide the secret key and a decryption algorithm will turn the encrypted data back into readable plain data.

Secure Communications

Web browsers, web servers, and other networking applications can use a protocol called the Secure Socket Layer (SSL) or a newer version, Transport Layer Security (TLS). Two computers communicating using the SSL or TLS protocols can securely exchange a secret encryption key and then encrypt all of the data going back and forth on the network.

Secure Communications:

The "s" stands for "secure", and using "https" means your web browser should send and receive all information using a SSL or TLS-protected channel. If you use "https" and your web browser and server cannot communicate securely for any reason, your browser should warn you that there is a problem. You can then avoid that web server until the problem is fixed.

Secure Wireless Networks

One of the most dangerous ways to transmit your data is over a public wireless network. Have you ever used a public Wi-Fi system at a coffee shop, bookstore, or hotel? Anyone with a wireless device can possibly read the wireless data signals that are broadcast between two computers.

Secure Wireless Networks cont.

To prevent data loss on a wireless network, you should only send sensitive data using encrypted channels like SSL or TLS. In addition, when you connect to a public network, you can usually tell your computer this is an untrusted "public" network and not a trusted "home" network. Your computer can then prevent others from connecting to hard drives, folders, and other resources that you might normally share with others in your home network.

File Level Security

Often, applications such as word processors or spreadsheets will allow you to add file-level security to documents that you create. These applications can store the file as encrypted data that requires a secret key or password to decrypt. So, any time you open that file, you would be prompted to enter the correct password before seeing the original contents. This way, only you and those that have your secret password would be able to use the file successfully!

Security Technologies:

• Protects data and systems from unauthorized access and threats.

• Enhances the performance of computer networks.

• Develops robust security strategies.

• Safeguards sensitive information.