KUAS Engineering

Week 15 — Safety and security

This week's topic is about using computers and networks safely and securely.

Evaluation

Up to 10 points can be gained towards your final score by completing the in-class exercises on Friday.

What you will learn from this class

  • The ways in which various media are unreliable and why backups are important.
  • What online safety is and some things you can do to improve it.
  • What Internet security is and some ways you can ensure it.
  • What Internet privacy is and some ways you can protect it.
  • What kinds of cyberattack exist including malware, viruses, and man-in-the-middle attacks.
  • How to create a strong password.
  • How to protect your computer against attack using firewalls and anti-virus software.
  • How to identify and avoid e-mail phishing attacks.
  • What a VPN is and how it improves your security and privacy.
  • What network neutrality is.
  • What Tor is and how it protects your privacy and anonymity.

Preparation

This week's preparation is to watch three short videos about safety, security, and privacy when using the Internet. You can also watch three more (optional) videos to learn about geoblocking and online anonymity.

Videos

The following three videos describe several topics related to Internet safety, security, and privacy. A short summary of the important content follows each video URL.

What is cyber security: how it works 7:06 https://www.youtube.com/watch?v=inWWhr5tnEA
  • phishing e-mails ask you for personal information (e.g., online account or banking details)
  • they try to convince you that there is a good reason to give them that information
  • the information is instad used to steal your identity and/or property
  • cyberattacks are crimes committed using the Internet or Web
  • malware is any kind of software that can cause harm
    • a 'trojan' (from 'trojan horse') is software that allows an external hacker to control your computer
    • 'adware' generates money for the attacker by causing you to see advertisements that you would normally not see
    • 'spyware' gathers information about you and sends it to the cybercriminal who can (for example) sell it
    • 'viruses' are programs that replicate over the Internet and can damage machines, networks, and data
  • man-in-the-middle attacks occur when cybercriminals intercept or monitor your Internet communications
    • if they record your communication with an online service, they can replay the recording later and pretend to be you
  • password attacks attempt to guess your password, allowing the cybercriminal to pretend to be you
  • cybersecurity is a range of techniques and technologies you use to try to avoid cyberattacks
  • a firewall filters communication between you and the Internet and only allows authorised communications to pass
    • e.g., you might not allow incoming connections to your secure shell (ssh) port
  • a honey pot lures attackers away from real services
    • e.g., you might arrange for incoming connections to the standard ssh port to time out, wasting a lot of the cybercriminals' time
    • the real ssh that you actually use can be running on a non-standard port
  • passwords should be hard to guess
  • anti-virus software protects against viruses and malware
  • a good junk e-mail filter can eliminate a lot of phishing attacks
  • cyberattacks against institutions can cause serious loss of data or even money
  • an advanced persistent threat is a cybercriminal who gains access to a system and then steals data or money slowly over a long period of time
  • a denial of service attack floods a service with many false connections, preventing legitimate users from connecting
    • the false connections often come from thousands of PCs distributed across the world that have been infected by a criminal's trojan malware
  • ethical hackers try to break into computer systems, thereby identifying weaknesses in the security
  • security architects apply technologies to remove those weaknesses
How to make a strong password 1:37 https://www.youtube.com/watch?v=q5DYkzOrz_I
  • often a good password is your only defense against having your personal or financial information stolen
  • using a common or simple password is like leaving the door of your house open while you go out: anyone can gain access
  • a strong password is easy to create if you know what precautions to take
    • mix capital and small letters
    • replace letters with similar-looking digits
    • add special or punctuation characters
    • use longer passwords, e.g., by using a pass phrase instead of a single word
What is a VPN and how does it work? 3:22 https://www.youtube.com/watch?v=lh-72JCv0rg
  • VPN = virtual private network
  • a VPN connects your computer to a remote (trusted) network over an (untrusted) Internet connection
    • your computer appears to be part of the remote trusted network, not the local untrusted network
  • all communication between your machine and the remote network is encrypted, to protect it from cybercriminals
    • even on a public WiFi (e.g., in a coffee shop) nobody can intercept or spy on your communications
  • a VPN can let you be part of your institution's network even when you are working at home
    • or the other way around, e.g: when at KUAS I often use a VPN to connect my laptop to my home network, to get much better access to Internet services
  • to your institution you appear to be physically present on their network
    • printers, file shares, etc., are all available
  • you can also use a VPN to stop your ISP from spying on your Internet or Web activity and selling or logging that information
  • there are dedicated VPN companies that you can use just for this purpose, but make sure they are trustworthy before using them
  • a geoblocked website is one that is only accessible from certain parts of the world
    • video streaming services, and some online games, use geoblocking to control who can access their servers
  • you can use VPN to get around geoblocking by appearing to be in a different country
    • when connected to the VPN, you appear to be accessing the Internet from the location of the remote network
    • E.g: I use VPNs in other countries to access my bank online because it uses geoblocking to exclude 'foreigners' from accessing the service
    • E.g: I also use a VPN to watch English movies on streaming services (such as Amazon) that are geoblocked in Japan
  • some ISPs throttle communication (make it artificially slow) when dowloading files or transferring other specific kinds of data
  • a VPN can be used to hide communications and avoid the throttling, ensuring 'network neutrality'
  • people living in countries that censor Internet services (China, USSR, etc.) can use a VPN to 'tunnel' out from their country to the open Internet
  • the technical term for the secure communication channel that a VPN creates actually is 'encrypted tunnel'
  • a VPN is only as safe and trustworthy as the people who run it
    • maybe the VPN operator is logging your activity!
    • one way to avoid this is to set up your own VPN on your own rented server in another country, then you know that the communication is secure
      • such a server can cost as little as a few hundred yen per month
  • there are also other high-tech ways to track your Internet use, even over a VPN, which make things like Tor sometimes necessary

The next three videos are optional but you can watch them if you are interested to learn more about security and privacy.

Note that the first of these videos, about geoblocking, has been censored by YouTube. YouTube forces you to log in to prove that you are over 18 before you are allowed to watch the video. The video contains nothing that is inappropriate for young people, so the censorship is really about limiting access to the knowledge it contains. Presumably Google (who own YouTube) believe your knowing about geoblocking, and how to circumvent it, is not in their financial or business interests. I have fixed this error of judgement on their part by downloading the video and making a local copy available for you to view from this Web page.

What is geoblocking? 4:54 https://www.youtube.com/watch?v=AkALEDV2Exk (censored: view the local copy on the right)
Using the Tor browser for online anonymity 7:15 https://www.youtube.com/watch?v=xCXOSRsirR8
Is Tor or VPN better for privacy, security, anonymity? 12:31 https://www.youtube.com/watch?v=6ohvf03NiIA

Notes

What is Security?

The term security refers to the protection of individuals, organisations, and property against external threats and criminal activities. Security is focused on preventing deliberate actions that are intended to inflict harm to an individual, organisation, or property. (Bank security includes having serious locks to prevent unauthorised access to the underground vault where the big pile of gold that used to give actual value to your paper money sat until paper money was made worthless about 50 years ago, taking away your financial security in an activity that certainly should be considered criminal.)

What is Safety?

The term safety means being protected from anything that might cause harm. The harm might come from known dangers or from unintended accidents. (Astronaut safety includes protection from the extreme temperatures in outer space. Building site safety includes wearing a hard hat to protect against accientally dropped objects.)

What is Privacy?

The term privacy relates to the rights you have to control your personal information, who can access it, and how it is used. The personal information might be explicitly collected or implied from your behaviour. (When downloading a smartphone app you agree to what personal information it can collect from your e-mails, camera, location, etc. You might also take steps to actively prevent anyone from knowing which Web sites you browse, or which products you are buying for how much from which vendors. In the case of 'free' services, you often pay by giving up your privacy: until recently, Google scanned all your gmail communications to help them decide what advertisements you should see. In 2017 they said they were going to stop doing that. Maybe they did, but even so: whenever any corporation provides an online service for 'free' then it is always the service's users who are that corporation's commercial product and source of profit.)

What is 'net neutrality'?

The term network neutrality refers to the principle that Internet Service Providers (ISPs) must not discriminate against particular uses of the Internet. Discrimination could be in the form of a slower (or capped) service, or additional fees. (If Rakuten ran the Internet in Japan then they could violate net neutrality to favor their own business at your expense. For example by providing slower Internet service, or charging additional fees, whenever you access Amazon to make an online purchase. Geoblocking can be considered a kind of violation of net neutrality. Some countries have laws that require net neutrality from ISPs, and some content providers such as NetFlix are trying to license content in ways that do not require them to implement any geoblocking.)