network security

Why it is important

Stories

https://www.metacompliance.com/blog/5-examples-of-security-breaches-in-2018/

Social engineering

the use of centralized planning in an attempt to manage social change and regulate the future development and behaviour of a society. "the country's unique blend of open economics, authoritarian politics, and social engineering"
(in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. "people with an online account should watch for phishing attacks and other forms of social engineering"

A brute force attack is a trial and error method used by application programs to decode encrypted data such as passwords, through exhaustive effort (using brute force) rather than employing intellectual strategies.

A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service. In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses

The data or message which is sent by the sender is intercepted by an unauthourized individual - the attacker.

Security Risks & Threats

Security Risks

malware
- trojan horses
- viruses
- worms
- browser malware ()
social engineering
phishing
brute force attack
denial of service
data interception
SQL injection
poor network policy

---------------------------------

rogue security software
rootkit
man-in-the-middle attack
1. DNS spoofing
2. HTTPS spoofing
3. IP spoofing
4. ARP spoofing
5. SSL hijacking
6. Wi-Fi hacking

https://securitytrails.com/blog/top-10-common-network-security-threats-explained

Pharming: a fraudulent practice that directs internet users to a bogus website that mimics a legitimate one, in order to get their username, password and other confidential information.

Phishing: the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. "an email that is likely a phishing scam"

Security Measures

user access rights
using passwords along with username
network policy
acceptable use of network
backup
disaster recovery
network forensics
anti-malware
firewall
penetration testing
encryption

-----------------------------

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious (code |SQL statements) are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

A set of rules governing the setting up and usage of network. Poorly designed or poorly implemented rules will lead to weakness which will could be used by attackers.

Malware - malicious software that could harm the system.

Hacking exposed - 7th edition

footprintingcasing the setupwhoisconfig. Ipconfignetstat. ...tracert. ...ping. ...pathping. ...telnet. ...ftp. ...route.

Footprinting - Scanning - enumeration

ping, nmap traceroute, tracert,

detection and logging

prevention

Hacking Windows

a password of 8 characters in length, using cases and numbers will take 67 years to crack by brute force attack, if using Pentium 1.5GHz cpu. - p17226 + 26 + 10 = 5656 to the power of 8 combinations in total.1.5 billion calculations per secondif i7 3GHz? 6 cores? i7 is 44x more powerful than the preceding P1.5GHz - cpubenchmark.net

https://robertheaton.com/2014/03/27/how-does-https-actually-work/

HTTPS = HTTP + SSL (Transport Layer Security)

SSL establishment

Hello - client Hello (info for server) ; ServerHello (info for client)
Certificate exchange - trust building
Key exchange - public-private keys exchanged. Public key for encryption, private key for decryption

Year 7 October Assessment Revision Questions

Answer ALL the questions below. You may use your class notes and the Internet to find the answers.

DO NOT copy and paste answers.

1. What are the four main reasons people hack into computer systems? [4 Marks]

2. List three different types of Malware [3 Marks]

3. What are the five main characteristics of a strong password? [5 Marks]

4. Describe what happens in Phishing [2 Marks]

5. How can you identify a Phishing email? [2 Marks]

6. How do viruses spread? [1 Mark]

7. What is the Data Protection Act? (Who does it protect? What are the main principles) [4 Marks]

8. What is the Copyright Design & Patents Act? (Who does it protect? What are the main principles) [4 Marks]

9. What is the job of an Anti-virus software? [2 Marks]

10. Why is it important to update your anti-virus software regularly? [2 Marks]

11. Computer systems pose Health & Safety Threats to its users. Explain some potential health &safety threats associated with computer systems [5 Marks]

12. What is meant by the term "Ergonomics"? [1 Mark]

13. Why do people become addicted to computer games? Explain your answer using examples/real world scenarios [4 Marks]

Revision for KS3

1.       What is malware? How can Malware infect your computer? What can you do to prevent Malware?

2.       What is the difference between a Virus, a Trojan horse and a worm?

3.       What kind of damage can Ransomware do to your computer? How can you protect your computer from Ransomware?

4.       What is an SQL injection? Give an example and explain how SQL injection works. How can you stop SQL injection?

5.       What are internet cookies? Why do we use cookies?

6.       Can cookies store your personal information? Can cookies be seen by hackers or criminals? What are the main types of Trojan horses which can infect your computer?

7.       What is an Adware and how will it infect your computer?

8.       What are the main types of Spyware?

9.       What is a key logger? What does a Key logger do? How can you stop a key logger?

10.     What the steps that you should take to protect your computer from Spyware?

11.     Write down 8 main principles of Data Protection Act 1998?

12.     Explain in your own words - why do we need an Act like Data Protection Act?

13.     What is the main purpose of Computer Misuse Act?

14.     What is the main purpose of Copyrights, Designs and Patents Act?

15.     What is the difference between Hacking and Cracking?

16.     What is the difference between Hacking and Cracking?

17.     What is a Network Policy and why is it important to have a strong network policy?

18.     What is Social Engineering? What are the main types of Social Engineering?

19.     What is Pharming?

20.     What do you understand by the term "Network Forensics"?

21.     What is Penetration testing and why is it done?

22.     What is it important to Back up your data?

23.     What are the different types of Backup?

24.     What is the difference between Backup and Recovery?

Poor Network Policy

What is it?

It is: a set of rules governing the setting up of a network: user access rights, anti-malware installation, firewall installation, backup, disaster recovery, logging of activities, forensics, etc.

It is also a set of rules governing the use of the network: password policy, acceptable use of the network,

What is “user access rights”?

….

Explain ALL the terms above

Examples of poor network policy

Examples of - and damages of a poor network policy

Why is poor network policy a threat?

A network policy should cover the following aspects of setting up and usage of the network.

1. Password and username

2. Backup and recovery

If the password is weak, then….

Google Sites

Report abuse