Know and understand privacy and confidentiality of data transfer

ResourcesSubject NotesInformation Communication Technology ICTLesson Plan

ICT 0417 – Networks: Privacy and Confidentiality of Data Transfer

Objective

Understand the concepts of privacy and confidentiality when data is transferred over a network, and be able to describe the related hardware, software, security measures, legal/ethical issues and the expectations of IGCSE/AS‑Level exam questions.

1. Network Hardware – The Building Blocks

Device Primary Function Typical Use Key Security Considerations
Router Routes traffic between different networks (e.g., LAN ↔ WAN) Connecting a home/office network to the Internet Change default admin passwords; keep firmware up‑to‑date; enable firewall/NAT; disable remote‑admin ports.
Switch Connects multiple devices within the same LAN and forwards frames based on MAC addresses Office floor or data‑centre networking Use managed switches for VLAN segmentation; disable unused ports; enable port‑security.
Hub Repeats incoming signals to all ports (no filtering) Legacy small networks (rare today) Creates a broadcast domain – easy for sniffing; replace with switches wherever possible.
Bridge Connects two LAN segments and filters traffic by MAC address Extending a LAN without a router Can be used to create separate security zones; keep firmware current.
Network Interface Card (NIC) Provides a device with a physical or wireless connection to a network Every computer, printer, server, etc. Enable MAC‑address filtering where appropriate; keep drivers updated; consider disabling unused interfaces.

2. Types of Networks – Where Data Travels

Network Type Typical Scope Common Topology Security Implications
LAN (Local Area Network) Single building or campus Star or extended star Physical security important; use VLANs & internal firewalls.
WLAN (Wireless LAN) LAN using Wi‑Fi Star (access points) Encrypt with WPA2/WPA3; hide SSID only where policy allows; use MAC filtering.
WAN (Wide Area Network) Geographically dispersed sites Mesh or point‑to‑point links Use VPN or MPLS for confidentiality; monitor for rogue connections.
Intranet Private network inside an organisation Usually LAN/WAN combo Strong authentication & role‑based access control (RBAC).
Extranet Controlled access for partners or customers Secure VPN or DMZ Strict user authentication, logging and monitoring.
Internet Global public network Complex mesh of many ISPs All data must be encrypted (TLS/SSL, VPN, IPsec); rely on public‑key infrastructure.

3. Wireless Technologies – Wi‑Fi and Bluetooth

  • Wi‑Fi (IEEE 802.11)
    • Frequency bands: 2.4 GHz (b/g/n) and 5 GHz (a/ac/ax)
    • Security protocols: WEP (obsolete) → WPA → WPA2 → WPA3
    • Best practice: use WPA2‑Personal or WPA3, strong pre‑shared key (≥12 characters), disable WPS, keep AP firmware up‑to‑date.
  • Bluetooth (IEEE 802.15.1)
    • Short‑range: ≤10 m (Classic) or ≤100 m (BLE)
    • Pairing methods: PIN, Just Works, Numeric Comparison, Passkey Entry
    • Security: enable authentication & encryption; avoid “Just Works” for sensitive data; keep device firmware current.

4. Cloud Computing – Service Models & Security

  • Service models
    • IaaS – Infrastructure as a Service (e.g., Amazon EC2)
    • PaaS – Platform as a Service (e.g., Google App Engine)
    • SaaS – Software as a Service (e.g., Microsoft 365)
  • Security considerations
    • Shared‑responsibility model – provider secures the infrastructure; user secures data, access, and applications.
    • Encrypt data at rest (AES‑256) and in transit (TLS 1.2/1.3).
    • Strong identity management: SSO, MFA, regular permission reviews.
    • Check provider compliance with GDPR, ISO 27001, etc.

5. Privacy and Confidentiality of Data Transfer

  • Privacy – the right of individuals to control who can view their personal information.
  • Confidentiality – assurance that data is readable only by authorised recipients.
  • Both are achieved through a blend of technical controls (encryption, authentication, secure protocols) and organisational policies (access control, data classification, staff training).

6. Threat Landscape – Risks to Data Transfer

  • Eavesdropping / Sniffing – capturing unencrypted packets (e.g., with Wireshark).
  • Man‑in‑the‑Middle (MitM) – attacker intercepts and may alter communication.
  • Phishing, Smishing & Vishing – deceptive messages (email, SMS, voice) to obtain credentials.
  • Pharming – DNS or hosts‑file manipulation to redirect users to fake sites.
  • Card fraud & Identity theft – interception of payment or personal data.
  • Malware (viruses, ransomware, spyware, adware) – can exfiltrate, encrypt or monitor data.
  • Hacking / Brute‑force attacks – unauthorised access to devices or accounts.
  • Data breaches – unauthorised access to stored data, often caused by weak passwords, lack of encryption or mis‑configured permissions.
  • Insecure electronic conferencing – unprotected video/voice streams that can be intercepted.
  • Password interception – key‑logging, shoulder‑surfing or insecure transmission of passwords.
  • Anti‑spyware gaps – failure to detect or remove spyware that silently captures keystrokes and screenshots.

7. Measures to Protect Data Transfer

7.1 Encryption – How It Works

Encryption Type Key Management Typical Key Length Common Uses Strengths / Limitations
Symmetric (e.g., AES) Same secret key for encrypting and decrypting 128, 192, 256 bits File encryption, VPN tunnels, bulk data transfer Very fast; key‑distribution problem solved by using asymmetric encryption for the key exchange.
Asymmetric (Public‑Key, e.g., RSA, ECC) Public key encrypts; private key decrypts 1024–4096 bits (RSA) / 256–521 bits (ECC) Secure key exchange, digital signatures, email encryption (PGP) Provides authentication; slower – normally used only for small data or key exchange.
Hash Functions (e.g., SHA‑256) One‑way; no key required 256‑bit output Password storage, integrity verification, digital signatures Cannot be reversed; must be combined with a salt for password hashing.

7.2 Secure Communication Protocols

  • HTTPS – HTTP over TLS/SSL (web browsing)
  • FTPS / SFTP – Secure file transfer (TLS or SSH)
  • SSH – Secure remote command line / file copy
  • VPN (IPsec, SSL‑VPN) – Encrypted tunnel over public networks
  • TLS 1.2/1.3 – Underpins most secure protocols; always use the latest version.
  • SMIME / PGP – End‑to‑end email encryption.

7.3 Authentication, Password Security & Interception Countermeasures

  • Strong passwords: minimum 12 characters, mix of upper/lower case, numbers, symbols.
  • Use passphrases or password‑manager generated passwords.
  • Enable Two‑Factor Authentication (2FA) or Multi‑Factor Authentication (MFA) wherever possible.
  • Account lockout after a set number of failed attempts.
  • Transmit passwords only over encrypted channels (HTTPS, SSH, VPN).
  • Deploy anti‑key‑logging tools and educate users about shoulder‑surfing.
  • Regularly review and rotate privileged credentials.

7.4 Network‑Level Defences

  • Firewalls – filter inbound/outbound traffic based on rule‑sets.
  • Intrusion Detection/Prevention Systems (IDS/IPS) – monitor for suspicious patterns.
  • Anti‑malware & anti‑spyware solutions – real‑time scanning, heuristic analysis, regular definition updates.
  • Secure configuration of routers/switches (disable unused services, change default credentials, apply least‑privilege).
  • Segmentation (VLANs, DMZs) to limit lateral movement.
  • Network Access Control (NAC) – ensure only authorised devices can connect.

7.5 Secure Electronic Conferencing

  • Choose platforms that provide end‑to‑end encryption (e.g., Zoom with AES‑256, Microsoft Teams, Cisco Webex).
  • Require meeting passwords and enable waiting rooms.
  • Restrict screen‑sharing to the host unless needed.
  • Store recordings on encrypted drives or compliant cloud services with access control.
  • Advise participants not to share meeting links publicly.

8. Legal and Ethical Frameworks

  • Data Protection Act (UK) & GDPR (EU) – eight principles: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity & confidentiality, accountability.
  • Fines: up to €20 million or 4 % of global turnover (GDPR) plus reputational damage.
  • Copyright – unauthorised copying or distribution of protected material is illegal; fair dealing may apply for educational use.
  • Ethical handling: obtain informed consent, collect only necessary data, store securely, and dispose of data safely (shredding, secure erase).
  • Exam tip: when a question asks about “audience” or “copyright”, briefly note who may view the data (e.g., staff, customers, public) and the legal need to respect intellectual property.

9. Key Exam Verbs (AO1–AO3)

  • Explain – give a clear description with reasons.
  • Describe – provide details of how something works or is used.
  • Compare – highlight similarities and differences.
  • Evaluate – discuss advantages and disadvantages and make a justified judgement.
  • Analyse – break a situation into components and examine each.

10. Summary Checklist – Planning a Secure Transfer

  1. Identify the data type (personal, confidential, public).
  2. Classify the data and decide the required confidentiality level.
  3. Select an appropriate encryption method (symmetric for bulk, asymmetric for key exchange).
  4. Choose a secure protocol (HTTPS, SFTP, SSH, VPN) and verify TLS version.
  5. Implement strong authentication (strong passwords + 2FA/MFA) and RBAC.
  6. Apply network‑level controls (firewall rules, IDS/IPS, anti‑malware/anti‑spyware, VLANs).
  7. Mitigate password interception (encrypted channels, anti‑key‑logging, user awareness).
  8. Ensure compliance with legal/ethical policies (GDPR, Data Protection Act, copyright).
  9. Document the process, keep logs, and review after any incident.

11. Suggested Classroom Activities

  • Packet‑sniffing demo – Capture traffic on an unencrypted Wi‑Fi network with Wireshark, then repeat using HTTPS; students compare visible data.
  • VPN set‑up – Students configure a site‑to‑site IPsec VPN between two virtual machines and measure latency versus a direct LAN connection.
  • Case‑study analysis – Provide a recent data‑breach article; groups identify privacy/confidentiality failures, map them to the threat list, and propose mitigation measures.
  • Password‑policy workshop – Create strong passphrases, test them with a password‑strength tool, and discuss why simple passwords are vulnerable to interception and brute‑force attacks.
  • Encryption hands‑on – Use an online AES tool to encrypt a short message, then decrypt it using the same key; discuss key‑management and the need for secure key exchange.
  • Anti‑spyware audit – Scan a computer with a reputable anti‑spyware program, review the report, and discuss how spyware can compromise confidentiality.

12. Suggested Diagram – Flow of Encrypted Data via a VPN

Data flow from a client to a server through a VPN tunnel.
  • Client device (NIC) → Wi‑Fi access point (WPA3) → Router (firewall/NAT) → Internet → VPN gateway (IPsec encryption) → Server firewall → Application server.
  • Labels to include:
    • Authentication: username/password + 2FA at VPN gateway.
    • Encryption: TLS 1.3 for HTTPS traffic; IPsec (AES‑256) for the VPN tunnel.
    • Security devices: perimeter firewall, IDS/IPS, anti‑malware on both ends.
    • Access control: RBAC on the application server.

Create an account or Login to take a Quiz

87 views
0 improvement suggestions

Log in to suggest improvements to this note.