Unit 5: The Internet and Its Uses 5.3 Verified

Cyber security

2 learning objectives

1. Overview

Cyber security is crucial in today's interconnected world. It involves protecting computer systems, networks, and data from theft, damage, or unauthorized access. Understanding cyber security threats and how to defend against them is essential for anyone using the internet.

Key Definitions

  • Brute-force attack: An attempt to gain access to a system by trying every possible combination of passwords or keys.
  • Data interception: The unauthorized capture of data transmitted over a network. (Also known as packet sniffing).
  • DDoS (Distributed Denial-of-Service) attack: An attack that overwhelms a server with traffic from multiple sources, making it unavailable to legitimate users.
  • Hacking: Unauthorized access to or control over computer systems or networks.
  • Malware: Malicious software designed to harm or disrupt computer systems.
  • Virus: A type of malware that attaches itself to files and spreads when the infected file is shared.
  • Worm: A type of malware that self-replicates and spreads through networks without requiring user interaction.
  • Trojan horse: A type of malware disguised as legitimate software that can create a backdoor for attackers.
  • Spyware: Malware that monitors user activity and collects personal information without their knowledge.
  • Adware: Software that displays unwanted advertisements, often bundled with other programs.
  • Ransomware: Malware that encrypts files on a device and demands a ransom payment for the decryption key.
  • Pharming: Redirecting users to a fake website without their knowledge, often by corrupting DNS records.
  • Phishing: A technique used to trick individuals into revealing sensitive information, such as usernames, passwords, and credit card details, often through deceptive emails or websites.
  • Social engineering: Manipulating individuals into divulging confidential information or performing actions that compromise security.
  • Access levels: Restrictions on user access to data based on their role (e.g., admin, user, guest).
  • Anti-malware: Software designed to detect, prevent, and remove malware.
  • Authentication: The process of verifying the identity of a user or device.
  • Automating software updates: Automatically installing software updates to patch security vulnerabilities.
  • Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predefined security rules.
  • Privacy settings: Options that allow users to control the amount of personal information they share online.
  • Proxy server: An intermediary server that hides a user's IP address and provides anonymity.
  • SSL (Secure Sockets Layer)/TLS (Transport Layer Security) security protocol: A protocol that encrypts data transmitted between a web browser and a web server (HTTPS).
  • Checking URLs: Verifying that website addresses are legitimate before clicking on them to avoid phishing.
  • Checking spelling and tone of communications: Looking for suspicious errors or unusual language in messages that might indicate phishing or social engineering.

Core Content

Cyber Security Threats:

  • Brute-force Attack: This involves trying every possible combination of characters until the correct password is found.
    • Example: A program might try "aaaa", "aaab", "aaac", etc.
    • Countermeasure: Using strong passwords (long, complex), account lockout policies.
  • Data Interception (Packet Sniffing): Capturing data as it travels across a network. This can be done using software that intercepts network traffic.
Packet sniffer: attacker intercepts and reads data packets traveling over the network
Packet Sniffing: intercepting network traffic
* Countermeasure: Using encryption (SSL/TLS) to protect data during transmission. * **DDoS Attack:** Overwhelming a server with a flood of traffic from multiple sources (often botnets). *
DDoS attack: attacker controls botnet to flood server with requests until crash
DDoS Attack using Botnet
* Countermeasure: Using DDoS mitigation services, firewalls, and content delivery networks (CDNs). * **Hacking:** Gaining unauthorized access to a computer system or network. This can involve exploiting vulnerabilities in software or hardware. * Countermeasure: Strong passwords, multi-factor authentication, up-to-date software, firewalls. * **Malware:** * **Virus:** Attaches itself to a file and spreads when that file is shared. * Example: A virus might attach itself to a .exe program. * Countermeasure: Anti-malware software, avoid downloading from unknown sources. * **Worm:** Self-replicating malware that spreads through networks automatically. * Example: A worm can spread via email or network shares. * Countermeasure: Anti-malware software, keeping operating systems updated. * **Trojan Horse:** Disguised as legitimate software but contains malicious code. * Example: A fake antivirus program that actually installs malware. * Countermeasure: Anti-malware software, being cautious about installing software from unknown sources. * **Spyware:** Secretly monitors user activity and collects personal information. * Example: Keyloggers that record keystrokes. * Countermeasure: Anti-spyware software, being careful about what you click on. * **Adware:** Displays unwanted advertisements. * Countermeasure: Ad blockers, avoiding downloading from suspicious sources. * **Ransomware:** Encrypts files and demands a ransom payment for their decryption. * Countermeasure: Regular backups, anti-malware software, avoiding suspicious links/attachments. * **Pharming:** Redirects users to a fake website by corrupting DNS records (DNS poisoning). *
Pharming: compromised DNS redirects user to fake website that steals credentials
Pharming: DNS redirects to fake site
* Countermeasure: Using reputable DNS servers, checking for HTTPS, being wary of suspicious websites. * **Phishing:** Using deceptive emails or websites to trick people into revealing sensitive information. * Example: An email pretending to be from a bank asking for account details. * Countermeasure: Being cautious of suspicious emails, checking URLs, looking for spelling/grammar errors. * **Social Engineering:** Manipulating people into divulging confidential information. * Example: Posing as technical support to gain access to a user's computer. * Countermeasure: Being skeptical of unsolicited requests, verifying identities.

Security Measures:

  • Access Levels: Restricting access to data based on user roles (e.g., administrator, user, guest).
    • Example: Only administrators can install software.
    • Benefit: Prevents unauthorized access and modification of critical system settings and data.
  • Anti-malware Software: Detects, prevents, and removes malware.
    • Benefit: Protects against viruses, worms, Trojan horses, spyware, and other malicious software.
  • Authentication: Verifying the identity of a user or device.
    • Methods: Passwords, biometrics (fingerprint, facial recognition), two-factor authentication (2FA).
    • 2FA Example: Requiring a password and a code sent to a mobile phone.
  • Automating Software Updates: Automatically installing software updates to patch security vulnerabilities.
    • Benefit: Ensures that software is up-to-date and protected against known vulnerabilities.
  • Checking Spelling and Tone of Communications: Being wary of emails or messages with poor spelling, grammar, or unusual language.
    • Benefit: Helps identify phishing attempts and social engineering attacks.
  • Checking URLs: Verifying that website addresses are legitimate before clicking on them.
    • Benefit: Prevents users from being redirected to fake websites.
  • Firewalls: Monitors and controls network traffic based on predefined security rules.
    • Function: Examines incoming and outgoing traffic and blocks anything that doesn't meet the rules.
Firewall: sits between internet and network, blocks malicious traffic, allows safe traffic
Firewall: filters traffic, blocks threats
* Types: Hardware and software firewalls. * **Privacy Settings:** Allow users to control the amount of personal information they share online. * Example: Limiting who can see your profile on social media. * Benefit: Reduces the risk of identity theft and other privacy breaches. * **Proxy Servers:** An intermediary server that hides a user's IP address. * Benefit: Provides anonymity and can improve security by filtering malicious content. Also, can be used to cache frequently accessed web pages. *
Proxy server: user's request goes through proxy, which forwards it using proxy's IP address, hiding user's real IP
Proxy: hides user's IP address
* **SSL/TLS Security Protocol (HTTPS):** Encrypts data transmitted between a web browser and a web server. * Checking for the padlock icon and "https://" in the address bar. * Benefit: Protects sensitive information such as passwords and credit card details.

Exam Focus

  • Threats: Examiners want you to describe the process involved in each attack and the aim of the attack. Simply naming the attack is not enough.
  • Security Measures: Examiners want you to explain how each solution helps keep data safe. Explain the mechanism of the security measure, not just its benefit.
  • URLs: Be able to identify the protocol (HTTPS, HTTP), domain name (e.g., google.com), and file name (e.g., index.html) within a given URL.
  • Context is Key: Always tailor your answers to the specific scenario described in the question.
  • Terminology: Use precise technical terms (e.g., "encrypts" instead of "makes safe").
  • Diagrams: If diagrams are required, annotate them clearly and focus on the core process rather than artistic flair.

Common Mistakes to Avoid

  • ❌ Wrong: "A firewall protects your computer." ✓ Right: "A firewall monitors network traffic and blocks any connections that do not meet pre-defined rules, preventing unauthorized access to the network."
  • ❌ Wrong: "Spyware analyzes your data and puts it on the internet." ✓ Right: "Spyware records all user data and transmits it to a remote server where it can be analysed."
  • ❌ Wrong: "Hacking is malware." ✓ Right: "Hacking is an unauthorized access technique, and malware such as a Trojan horse might be used as part of a hacking attack."
  • ❌ Wrong: "Worms and viruses both spread quickly." ✓ Right: "Viruses spread by attaching themselves to files shared on a single computer, while worms spread themselves across networks automatically."
  • ❌ Wrong: "A proxy server makes your internet faster." ✓ Right: "A proxy server can cache frequently accessed web pages, reducing load times if you visit those pages frequently. However, its primary purpose is to hide your IP address and provide a layer of security."

Exam Tips

  • Define Terms: Start by defining key terms to show your understanding.
  • Explain the Process: Clearly explain how each threat works and how each security measure protects against it.
  • Use Examples: Provide specific examples to illustrate your points (e.g., a specific type of malware or a scenario where social engineering is used).
  • Think like an Attacker/Defender: When answering questions, try to think from both the attacker's and defender's perspectives to show a comprehensive understanding of the topic.

Test Your Knowledge

Ready to check what you've learned? Practice with 10 flashcards covering key definitions and concepts from Cyber security.

Study Flashcards