You can never have too much legal protection, so we're told. So far we've looked at a series of laws. These have included:-
- The Computer Misuse Act: All about misusing tech that isn't yours. It covers that act of traditional breaking and entering, installing malware, changing settings etc.
- Copyright and Patents Act: All about stealing software, other people work and ideas. It helps protect against the theft or obtaining access to free music, films and images without the permission of their creators. And it offers protection for inventors and innovators of original work.
- Data Protection Act 1988 (DPA) soon to be replaced by the General Data Protection Regulation (GDPR): Provides protection for people data. Essentially, if you keep data you have to get permission for it, keep it safe, restrict access, take steps to ensure its accuracy and give people a chance to see it to ensure its accuracy.
There are additional laws which help protect both victims and those who might be accused of criminal activity in any of the above areas. These laws are primarily geared towards how what constitutes evidence and how its gathered. These include:
- Police & Justice bill 2006
- Police and Criminal Evidence Act(PACE) 1984
- Criminal Justice Police Act 2001
- Civic Government Scotland Act 1982
- Criminal Procedure Scotland Act 1995
- Common Law
In Scotland the equivalent powers are granted by:-
Legal protection now covers hardware, software and data. Owners also have a certain degree of protection from Police with rules governing what can be looked for and conditions about when devices can be seized.
Nothing has been said though, about the protection of messages and communications while they are in transit, moving from device to device. And this brings to the last two major pieces of legislation.
This act replaced the Telecommunication Act 1984. While the Communications act is primarily orientated towards broadcasters (BBC, Channel 4 etc) it governs:-
- The content of what's transmitted over the internet. For example it is illegal to send malicious messages and indecent images. Recently, it's also been extended to cover spam messages
- And how messages are transmitted so it is now illegal to obtain access to the internet without an intention to pay. This covers the offence of 'piggy backing' where people piggy back on someone else's WiFi connection using their internet access for free.
This act, also known as the 'Snoopers Charter' sets out how investigatory powers can be used to interfere with someone's privacy, perhaps by intercepting someone's communications (electronic -'tapping phone lines & emails' and postal) in the course of an investigation. These powers are balanced by the need to obtain warrants and the need to convince judges of the severity of the crime e.g. the investigation of terrorism.
Apart from setting out what the police can do in the course of their investigation, the Investigatory Powers Act 2016 makes it:-
- Illegal to intercept the communications of others, and
- Unlawful to obtain the communications data being passed between users i.e be given it or ask for it.
Domain Name System (DNS)
So far extensive use has been made of IP addresses. So let's think about them a bit before continuing.
IP addresses are supposed be unique and therefore can be used to identify particular devices connected to a network. At its simplest, anything being passed through the network from device to device, emails, documents, chat etc has the destination IP address attached to it. The message continues until they arrive at the address designated by the IP number. If the transmission can't find the identifying number, the message whatever it is, is bounced back to the sender with an 'address not found', an error 404 message.
While the IP address is very machine friendly - computers really like number data, it isn't for people, which is where the DNS come in. Users find it much easier to remember and use website names like google.com or jhigh.co.uk rather than a sequence of numbers.
The Domain Name System (DNS) stores the Website name, together with its IP address, so for example when sending a request for a particular page, for example jhigh.co.uk, the request goes to a server which looks up the matching IP address for the 'name'. The IP address is appended and the server passes it onwards to its destination.
This explains why we can use 'proper names' rather than long numbers. It also means that once we understand the role of IP address number, we can as ethical hackers begin to manipulate the system to our advantage, for example spoofing or pretending to be something that you aren't.
In reality, the Domain Name System (DNS) is a little more sophisticated involving up-to 4 different servers, with each one performing a vital role that enables a 'name' to be resolved to the appropriate IP address number.
The video begins with a request passed from a user to their ISP provider server which acts as a gateway to the rest of the internet. This server known as a 'Resolver' or Recursive Name Server tries to match the request to an IP address stored in its cache memory. Only if it doesn't find it there, the Resolver hands it off to the next stage in the process.
The same process continues with each stage in the DNS system until the name request is fully resolved to the IP address when the request is passed on towards its final destination by the ISP server or 'resolver'server.
The video describes what appears a lengthy process. However, the delay is barely noticeable because the servers are incredibly fast and most common requests are already stored in a server's cache memory.