1. Discuss the week’s activities and your observations¶
I started the week as usual on Sunday by reading this week’s assignment; however, every week is tougher than the previous one, and I have some leftovers from the previous week, so I had to spend some time on them.
Later, I did the discussion assignment, which was about the encryption of data.
And finally, I did the graded quiz and this journal.
I was surprised that the disks have also garbage collectors similar to the ones in the memory (Arpaci-Dusseau, 2018, 43.9).
Did you face any challenges in this Unit? If so, how did you overcome them?¶
The content of this week was very challenging, and I had to spend a lot of time on it. I overcame the challenges by allocating more time to the course starting next week.
Actually, I’m planning to take next week off from work to focus on the course and pick up any leftovers and prepare for the final exam.
How were your peers’ assessments and feedback received?¶
I did receive ⅔ full marks in the peer assessment assignment, but I did not receive significant or meaningful feedback from my peers.
2. Describe a recent incident in the IT world where data encryption would have helped prevent data loss¶
In 2013, Yahoo suffered a data breach that exposed the personal information of 1 billion users; but by 2016, the company identified 3 billion accounts that were affected by the breach (Froehlich, n.d.) which accounts for their entire user base.
The company did not know about the breach until 2016, and it took them 3 years to identify the breach and notify the users.
The breach started with the attacker stealing the cookies of the users and then using them to access the users’ accounts.
According to (Fitzsimmons, 2016), the data that have been breached include:
Names.
Email Addresses.
Phone Numbers.
Date of Births.
Hashed Passwords (bcrypt).
Encrypted or Unencrypted Security Questions and Answers.
The passwords that are stolen where stored in a hashed form, which means that they are not in plain text, but they are still vulnerable to brute-force attacks.
Although Bcrypt or MD5 are considered to be secure, there may still be a chance that the passwords can be decrypted.
According to (Fitzsimmons, 2016), no unprotected passwords, payment cards, or bank account information were stolen.
If there were no data encryption, what would happen to data?¶
If passwords were not encrypted, that would mean an actual disaster for the company, as the passwords would be in plain text, and such a breach would require a more serious response from the company and other authorities.
If passwords were not encrypted, and although only Yahoo’s passwords were stolen; users tend to use the same password for multiple accounts, which means that all banks, social media, and other accounts that the user has would be at risk.
What is your suggestion for better prevention of data loss?¶
I suggest that the company should encrypt all data that are stored in its debases with different encryption keys or algorithms for each table, or for each column in the table.
The encryption keys should be stored in a separate table or even a database or physical machine that is physically separated from the main database.
It is a good practice to combine LABC and RBAC to protect the organization’s data; with no one user having too much access to the data; so the that the effects of a breach would be minimal (Arpaci-Dusseau, 2018).
Although such encryption/decryption cycles would slow down systems, the users should understand the risks and be willing to wait a few milliseconds for the data to be encrypted/decrypted in order to protect their data and their privacy.
Arpaci-Dusseau, R. H., & Arpaci-Dusseau, A. C. (2018). Operating systems: three easy pieces (1.01 ed.). Arpaci-Dusseau Books. https://pages.cs.wisc.edu/~remzi/OSTEP/