Know and understand characteristics and methods of protecting data including biometrics, digital certificate, secure socket layer (SSL), encryption, firewall, two-factor authentication, user id and password

Published by Patrick Mutisya · 14 days ago

ICT 0417 – Safety and Security

Safety and Security – ICT 0417

Learning Objective

Know and understand the characteristics and methods of protecting data, including biometrics, digital certificates, Secure Socket Layer (SSL), encryption, firewalls, two‑factor authentication, and user ID/password.

Key Concepts

  • Data protection – why it is required.

  • Authentication vs. authorisation.

  • Confidentiality, integrity and availability (CIA triad).

Methods of Protecting Data

MethodHow it worksAdvantagesLimitations
BiometricsUses unique physical or behavioural characteristics (e.g., fingerprint, iris, voice) to verify identity.Hard to duplicate; convenient for users.Requires specialised hardware; may be affected by injuries or changes; privacy concerns.
Digital CertificateElectronically binds a public key to an entity’s identity, issued by a trusted Certificate Authority (CA).Enables trusted online transactions; supports SSL/TLS.Relies on CA trustworthiness; certificates expire and must be managed.
Secure Socket Layer (SSL) / TLSProtocol that encrypts data exchanged between a web server and client using asymmetric then symmetric encryption.Provides confidentiality and integrity for web traffic; visible as “https”.Requires valid certificates; older versions (SSL 2.0/3.0) are insecure.
EncryptionTransforms readable data (plaintext) into unreadable form (ciphertext) using an algorithm and a key.Protects data at rest and in transit; strong algorithms are mathematically robust.Key management is critical; weak keys or algorithms can be broken.
FirewallHardware or software that monitors and controls incoming and outgoing network traffic based on security rules.Blocks unauthorised access; can be configured for different zones.Improper rule sets may allow breaches; does not protect against insider threats.
Two‑Factor Authentication (2FA)Requires two independent credentials – something you know (password) and something you have (token, mobile app) or something you are (biometric).Significantly reduces risk of unauthorised access.May inconvenience users; token devices can be lost or stolen.
User ID & PasswordTraditional knowledge‑based authentication; user enters a unique identifier and a secret password.Simple to implement; familiar to users.Weak passwords are vulnerable to guessing, phishing, and brute‑force attacks.

How the Methods Relate to the CIA Triad

  1. Confidentiality – Encryption, SSL/TLS, firewalls, and strong passwords keep data secret.

  2. Integrity – Digital certificates and SSL/TLS ensure data has not been altered during transmission.

  3. Availability – Firewalls and proper authentication prevent denial‑of‑service attacks while allowing legitimate access.

Practical Example: Secure Online Banking

A typical online banking session uses several of the methods described:

  • User enters a user ID and password.

  • The system sends a one‑time code to the user’s mobile device (2FA).

  • Communication between the browser and bank server is protected by SSL/TLS using a digital certificate.

  • Bank’s internal network is shielded by a firewall.

  • Biometric verification (e.g., fingerprint on a smartphone) may be offered as an additional factor.

Key Terms Glossary

TermDefinition
BiometricsAuthentication based on unique physiological or behavioural traits.
Digital CertificateElectronic document that binds a public key to an entity’s identity, issued by a Certificate Authority.
SSL / TLSProtocols that provide encrypted communication over a network, commonly used for HTTPS.
EncryptionProcess of converting plaintext into ciphertext using an algorithm and a key.
FirewallSystem that controls network traffic based on predefined security rules.
Two‑Factor Authentication (2FA)Security method requiring two different forms of verification.
User IDUnique identifier assigned to a user for login purposes.
PasswordSecret string known only to the user, used to prove identity.

Suggested Diagram

Suggested diagram: Layered security model showing user credentials, 2FA, firewall, SSL/TLS encryption, and digital certificate verification.

Revision Questions

  1. Explain the difference between authentication and authorisation.

  2. List three advantages and two limitations of biometric security.

  3. What role does a Certificate Authority play in SSL/TLS?

  4. Why is two‑factor authentication considered more secure than a password alone?

  5. Describe how a firewall can protect a network, and give one example of a rule it might enforce.

Answers (for teacher use)

  1. Authentication verifies who a user is; authorisation determines what resources the verified user may access.

  2. Advantages: difficult to forge, convenient, provides non‑repudiation. Limitations: expensive hardware, may fail due to injury or changes, privacy concerns.

  3. The CA validates the identity of the certificate holder and digitally signs the certificate, creating trust in the public key.

  4. 2FA combines something the user knows with something the user has or is, reducing the chance that a single compromised factor grants access.

  5. A firewall filters traffic based on rules, e.g., blocking inbound traffic on port 23 (Telnet) while allowing port 443 (HTTPS).