3_6_1 Cyber Security Threats
You should be able to:
- Be able to define the term cyber security and be able to describe the main purposes of cyber security.
- Understand and be able to explain the following cyber security threats:
•• social engineering techniques
•• malicious code
•• weak and default passwords
•• misconfigured access rights
•• removable media
•• unpatched and/or outdated software
- Explain what penetration testing is and what it is used for
REVISE:
What is Cyber Security and Why do we need it?
Cyber security threats
Social engineering techniques
The humans that use a network are often the biggest threats to the security of that network. A social engineering hacker will try to gain access to a network by social means. For example, ringing and asking for a bank pin number whilst pretending to be from the bank.
Malicious code
This is any type of software that is designed to cause damage or access data on a computer.
Misconfigured access rights
A network administrator will give network users different access rights depending on their needs and levels of responsibility. If these are given inaccurately then users may gain access to information that they shouldn't be able to see.
Removable media
Memory sticks can take malware from a home PC to a network at school or a business. This is why removable media is often banned from some networks.
Memory sticks can also be lost or stolen and the data that is stored on them can be used maliciously.
Unpatched and/or outdated software
Software engineers are always updating the versions of their software when new vulnerabilities are discovered. This is why your phone and your computer want to update so much! If you don't update your software then it is open to vulnerabilities.
Weak and default passwords
Read this page: https://www.cyberaware.gov.uk/passwords
Watch the video clip below:
Penetration Testing
Penetration testing looks for weaknesses in a company's network. An ethical hacker will try and access the network to see how robust their security systems are.
There are two types; Black Box and White Box:
- BLACK BOX - is external - someone will be outside the network trying to get in
- WHITE BOX - is internal - someone will already have access to the network but will try and gain access to restricted parts of it
TEST:
- Download and print the test paper here: https://drive.google.com/open?id=0B5fLtQ0Xgr2Pb1p2QnRjNjZwdUE
- Try the mock test yourself.
- Use the 3.6.1 Walking Talking Mock below to guide you through answering the questions.
SOURCE RECOGNITION - PLEASE NOTE: The examination examples used in these walking talking mocks are samples from AQA from their non-confidential section of the public site. They also contain questions designed by TeachIT for AQA as part of the publicly available lesson materials.