Section 3.10

Learning Goals

• IOC-2.C: Students will explain how unauthorized access to computing resources is gained.

• IOC-2.C.1-IOC-2.C.7: Students will define phishing, keylogging, rogue access point, virus, malicious links, DDOS, freeware/shareware.

• Students will explain each concept above provides unauthorized access to computing resources.

• Students will research real life examples of the impact of each of the above concepts.

• Students will evaluate the privacy, security or storage concern with the real life examples.

IOC-2.C.1: Phishing is a technique that attempts to trick a user into providing personal information. That personal information can then be used to access sensitive online resources, such as bank accounts and emails. 

IOC-2.C.2: Keylogging is the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information. 

IOC-2.C.3: Data sent over public networks can be intercepted, analyzed, and modified. One way that this can happen is through a rogue access point. 

IOC-2.C.4: A rogue access point is a wireless access point that gives unauthorized access to secure networks. 

IOC-2.C.5: A malicious link can be disguised on a web page or in an email message. 

IOC-2.C.6: Unsolicited emails, attachments, links, and forms in emails can be used to compromise the security of a computing system. These can come from unknown senders or from known senders whose security has been compromised. 

Objectives and General Description

In the previous lessons, students learned how they can protect their data.  In this lesson students will learn about outside threats to their data through unauthorized access to their computing resources.  Students will research real life examples of various security threats and will evaluate the impact of each of these examples.  Students will be working with a partner and will be randomly assigned a topic.  Each set of partners will define the threat, find a real life example and create a presentation for the class. During the presentation, all students will take notes so that each student ultimately has a research guide on each topic.

Activities

Activity 3.10.1 (flipped activity, Budget 7 minutes in class)

1. Have students watch The Internet:  Cybersecurity & Crime (5 minutes)

2. Students complete Guided Notes for Video.

Activity 3.10.2 (budget 2 hours)

1. Ask for volunteers to draw a few pictures on the board.  You will need three images drawn:  

   1. Girl (left side of board)

   2. Evil/Angry character (middle of board)

   3. Boy (right side of board)

2. Draw a computer next to the girl and a computer next to the boy.

3. Introduce the story of Alice and Bob.  Alice is the girl and she needs to send an important email to Bob. Briefly discuss the layers that the message goes through to get to Bob.  Draw arrows to show the message movement. Have students watch this quick video explaining Alice and Bob.

4. I usually draw a vertical line to separate Alice & evil character and another to separate the evil character and Bob.  Those lines represent the firewall & gateway that protect Alice’s network and Bob’s network.

5. Ask the students:  Where is the vulnerability in the movement of this message?  Students will usually decide that the vulnerability lies between the two networks, where the evil character exists.

6. The “evil” character becomes “Eve” and she represents all types of cybersecurity threats.  She has a lot of tools to choose from.

7. Have students brainstorm a list of cybersecurity threats that they have heard of.

8. Eve’s Evil Tools:  Students select a partner.  Each set of partners will be researching a different cybersecurity threat and will create a google slides presentation that includes:

   1. Slide 1:  Your group will create an artifact that explains your topic.  However, this needs to be a graphical representation.  It should be primarily non-textual.  The artifact can contain no more than 10 written words and it should have a title that is the name of the security threat.   Possibilities include:  an image, a video, a collage, a comic strip, etc.  This slide needs to have the names of the group members (not included in word count)

   2. Slide 2:   A definition/explanation your topic

   3. Slide 3:  A real-life example of your topic

   4. Slide 4:  Answer the following data questions

      1.  What type of data was affected in the real life example?

      2. What type of concern was raised by this issue, privacy, security or storage?  Why was this a concern?

      3. Explain how unauthorized access to computing resources is gained.

   5. NOTE:  The teacher needs to ensure that a variety of threats are covered.  You can either assign the topics or have students select cards from a hat.  Take a few minutes to meet with the students who choose Rogue Access Point.  How it works can be complicated.  To break it down in simple terms they should know that a rogue access point is a wireless access point that gives unauthorized access to secure networks leading to data that can be intercepted, analyzed, and modified.  This can be a physical device that is attached to a router.  It can be detected by looking for strange wireless signals.  

9. Partners make presentations to the class.  Everyone takes notes during the presentation so that when all are complete, each student will have a description and example of various types of security threats.

10. Great conversations can happen during or after each presentation.  You can cover privacy issues, data security issues, cyber laws, impact on economy or business, etc.

11. Scoring Rubric for Projects

Resources

• 3.10.1: Video guided notes for Cybersecurity (student worksheet)

• 3.10.1: Video guided notes for Cybersecurity KEY (teacher resource)

• 3.10.2: Eve's Evil Tools Project Directions (student resource)

• 3.10.2: Notes Sheet for Presentations (student resource)

• 3.10.2: Scoring Rubric for Eve's Evil Tools (teacher resource)