Embedded Files
What you need to know:-
What you need to know:-
What you need to know about cyber security:-
Describe the characteristics and explain the methods of protection against malware, viruses, worms and key loggers
Describe the different forms of attack based on technical weaknesses and/or user behaviour
Describe methods of identifying vulnerabilities
Explain different ways of protecting software systems during design, creation, testing and use
Describe the role of internet cookies
What were the risks taken?
What are the consquences for the characters involved in the video?
Hacking................... But WHY?
Hacking................... But WHY?
Now, not all hackers are are malicious cybercriminals intent on stealing your data (these people are known as Black Hats). There are also White Hats who hunt for bugs, close security holes, and perform security evaluations for companies.
There are a lot of different motivations for hackers—sometimes just amusement or curiosity, sometimes for money, and sometimes to promote social or political goals. Regardless, we're not going to teach you how to become a hacker in this episode but we are going to walk you through some of the strategies hackers use to gain access to your devices, so you can be better prepared to keep your data safe.
Cyber Attacks - Malware
Cyber Attacks - Malware
Google Security Princess Parisa Tabriz and Jenny Martin from Symantec introduce the most common types of cybercrime, including viruses, malware, DDOS attacks and phishing scams.
Difference between pharming and phising
Learn
Learn
Cyber attacks happen to individuals and large companies due to MALWARE being installed on computers as well as HACKERS who gain unauthorised access to data/to a computer system.
Malware is a catch-all term for any type of malicious software designed to harm or exploit any programmable device, service or network. Cybercriminals typically use it to extract data that they can leverage over victims for financial gain.
Malware takes different forms:
Viruses - computer program that copies itself from one program to another by attaching itself to an existing program due to security failures.
Worms - Self-replicating program that identifies weaknesses in operating systems and enables remote control of the infected computer.
Spyware (Keyloggers) - A program installed by opening attachments that can be used to collect stored data without the user's knowledge. Keylogger records every key stroke, designed to gain your password.
Trojans - A program that appears to performs a useful function but provides a backdoor that enables data to be stolen
Botnets - a network of private computers infected with malicious software and controlled as a group with the owners' knowledge e.g. to send spam
So how do we protect a system from these cyber attacks?
Anti-virus software
Operating system updates
Web browser updates
Firewalls
Internet protocols, operating systems and network equipment all present technical vulnerabilities to hacking. Other forms of cyber attack include:-
SQL injection - malicious users can inject SQL commands into an SQL statement, via a web page input. SQL statements can comprise the information held in the database
IP address spoofing - an attacker changes the IP address of a legitimate host so that a visitors who types in the URL of the legitimate site is taken to a spoof web page. Purpose to steal data or install malware (see above)
Social Engineering - Deception such as phishing (email) or pharming (website). Tricking a user into giving out sensitive information.
Shoulder surfing - Looking over someone's shoulder to watch key strokes
Denial of Service (DOS) attack - Making a website and servers unavailable to legitimate users, by swamping a system with fake requests.
Password based attacks - Brute force or dictionary attacks to discover passwords.
How do we to identify these vulnerabilities in hardware and software?
It order to identify these vulnerabilities, organisation will often employ ethical hackers (ethical hacking is an authorised attempt to gain unauthorised access to a computer system) to try and break into the system in order to improve it. They will use the techniques below to identify problems and weak points within the system.
Footprinting
First step in evaluating the security of a computer system
Involves gathering all available information about the computer system/network/devices
It should enable a penetration tester (see below) to discover how much detail a potential attacker could find out about a system
Purpose - It will allow an organisation to limit the technical information about its system that is available to a real attacker
Penetration Testing
This is the process of testing a computer system to find vulnerabilities that an attacker could exploit
These will include:-
Target testing - testing carried out by the organisation's IT team and the penetration testing team
External testing - find out if an outside attacker can get in and how far they can get into the system
Internal testing - estimate how much damage can be down internally, if an employee decides to hack from inside the organsiation
Blind testing - simulate the actions and procedures of a real attacker by limiting ifnormation given to the team performing the test
Page updated
Report abuse