Big Idea 5.6 Safe Computing
Notes on Safe Computing
- Personal Identifiable Information (PII)
- PII Considerations
- Beware, Establish practices for your own Safety
- Factors to Increase Security of System
- Nefarious Uses of Internet
- Blog Post Reflection
Personal Identifiable Information (PII)
As we create a Web Site and post information we are adding to the Searchable PII. However, there is a dichotomy as a site like LinkedIn is a place where we want to be known for our accomplishments. But be aware, the person that looks at your LinkedIn will, most likely, look at things like TikTok, Instagram or Facebook.
PII Considerations
- Things that will be known by everyone: Name, Email (suggest a junk email), Picture, High School attended, College Attended, Properties you own, State-City of residence, all State-City of previous residence, Credit Reports, …
- Gray area items, more cautious: Birth date, Place of Birth, Street Address, Phone Number, Maiden names of Mother and Grandmother, Drivers License Number, …
- Things that you should strive to keep absolutely secret: Credentials for Access, Two-Factor Authentication on Financial accounts, Social Security Number, Tax records, …
Beware, Establish practices for your own Safety
- Multi-factor authentication often requires you to enter a code that has been texted or emailed to you. Other types of authentication are biometrics (finger print or facial recognition).
- Malware is often sent in attachments to things in email. Often they request you to click on an attachment and it starts the process of adding a virus to your computer.
- Phishing is where unknown sources try to entice you into a response, like click here and receive $500. Often such systems impersonate someone like Amazon asking for login information. Be careful to look closely at source of email (ie amzn.com vs amazon.com).
Factors to Increase Security of System
- Most of my financials or critical systems use Multi Factor authentication
- Biometrics is something that is used secure systems, fingerprints or facial recognition
- Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information.
- Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys – one public key and one private key – to encrypt and decrypt a message and protect it from unauthorized access or use.
- SSL Uses both Asymmetric and Symmetric Encryption
Nefarious Uses of Internet
- A Virus or Malware compromise security, they are opposite of increasing security.
- Phishing is a way to get a Virus on your machine, or a way to get you to input PII.
- After a Virus or being compromised by Phishing it is advised to review all of you PII vulnerabilities.
Blog Post Reflection
- Describe PII you have seen on project in CompSci Principles.
- What are your feelings about PII and your personal exposure?
- Describe good and bad passwords? What is another step that is used to assist in authentication.
- Try to describe Symmetric and Asymmetric encryption.
- Provide an example of encryption we used in AWS deployment.
- Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.
- Some PII in our own project consists of the Personal Identifiable Information inputted by the user, usually when they try to sign up on our login page. Hwere, they will input PII like their name, email, phone number. We then use this information to create connections between our users.
- PII is good for websites to personalize and create a suitable enviroment but is dangerous because it can be used against the person. Someone can use public PII to find out about a person’s location and if they get access to other personal exposure, they can do much more dangerous things.
- Good passwords have multiple characters, all of which are hard to guess and make sense to the user. They can consist of capital and undercase letters, number, signs, words, etc. Bad Passwords are easy to guess and thus easy to break in. Another step that assists in authentication is another detail, perhaps a username or a email account that adds an extra layer of security.
- Symmetric encryption is encryption that makes sense to the user and the holder. It makes the password undecipherable to outside perspectives. Asymmetric encryption is encryption that neither outsiders nor users can understand. The only ones with access to these are the holders themselves.
- An example of encryption used in AWS deployment was password encryption in the containers. Users could not access if weren’t in the same regional district.
- One phishing technique is downloading from an untrustable website. When you download something and aren’t sure what it is, it can likely be a virus or other form of malware that can end up disrupting your device.