P3 - Security risks and protection mechanisms involved in website performance Security:

Hacking Hacking is a major problem for a website. Hackers look to exploit weaknesses in the system to either edit information on the webpage or access information that would otherwise be secured such as usernames and passwords and bank details. Black hat hackers: These people look to enter a system for a malicious or personal gain; this can include breaking security systems like banks i.e (http://www.nationwide.co.uk), where they will aim to acquire people’s personal banks details to use for themselves. White hat hackers: These people break security for 2 possible reasons, these being either to check their own security system can’t be hacked or if they work for a security company that provides software. Grey hat hackers: These people tend to hack other people’s networks but only to let the administrator know that they have a weak security system. Viruses Computer viruses are harmful pieces of software that are often picked up from websites or attachments in emails and are there to infect data on a computer system; this data could be private information like bank statements and details or the virus could just corrupt data so that it cannot be accessed/used or possibly show a humorous message. Identity theft Identity theft is where someone else is using your personal information such as your name and date of birth. The people that take your information do this by making a website that requires you to enter that sort of data. An example of this can include hackers breaking a banks security system i.e (http://www.nationwide.co.uk/), where they will aim to acquire people’s personal banks details to use for themselves.

Security protection mechanisms: Firewalls A firewall is a security system that protects both the website and the user. It works by looking through the incoming and outgoing data packets and decides if they should be allowed through. When a data packet is found to contain what seems to be malicious data the firewall will either remove the packet or send an error message.

Secure Socket Layers (SSL) SSL is a protocol that is designed to provide secure communication over the internet, it allows for a secure and encrypted connection between the user and the requested website. It protects data such as bank details and login details to stop identity theft and makes sure the user receives what they requested.

Adherence to standards - Strong passwords Websites need to adhere to standards such as making a user have a strong password. Different websites can have different views on what is seen a secure password but most say anything over 8 letter and containing at least 1 number, a mix of upper and lower case letter and any other character. Having these standards makes it a lot harder for hackers to access your information. An example of a weak password is “123456”, which is also the most common password used.

Website Laws and Guidelines Adherence Websites that have personal information about people on them have to adhere to the DPA or Data Protection Act. With this act it helps people trust websites that ask for personal information about them because with the act in place if the site gives away your information they could be prosecuted. The DPA consists of 8 principles which are as follows: 1. 2. 3. 4. 5. 6. 7. 8.

Personal data should be obtained and processed fairly and lawfully. Personal data can be held only for specified and lawful purposes. Personal data should be adequate, relevant and not excessive for the required purpose. Personal data should be accurate and kept up-to-date. Personal data should not be kept for longer than is necessary. Data must be processed in accordance with the rights of the data subject. Appropriate security measures must be taken against unauthorised access. Personal data cannot be transferred to countries outside the E.U. unless the country has similar legislation to the D.P.A.

Nationwide’s adherence to the DPA With the seventh law being ‘Appropriate security measures must be taken against unauthorised access.’ Many websites are required to provide secure login to reduce the chances of someone getting onto your account without permission. One way nationwide does this is with their mobile banking app where you are required to enter your customer number, after that you are required to enter 3 numbers from a passcode, this makes the chances of someone being able to login to your account very hard and therefore makes it more secure.