Embedded Files
What is cyber security?
What is cyber security?
cyber security consists of the processes, practices and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access.
Cyber security threats
Cyber security threats
Social Engineering
Social Engineering
social engineering is the art of manipulating people so they give up confidential information.
Types of social engineering include:
blagging - the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.
phishing - a technique of fraudulently obtaining private information, often using email or text messages.
shouldering - observing a person's private information over their shoulder. For example, cash machine PIN numbers.
Malicious Code (Malware)
Malicious Code (Malware)
Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software. Its name comes from Malicious Software.
Types of malware include:
computer virus - a file that contains malicious code, spreads throughout the computer making copies of itself.
trojan - a malicious file or application that pretends to be helpful. For example, a free antivirus software that actually installs a virus itself.
spyware - malicious code that captures the coputer users data and sends it back to the malicious party that made it. For example, it might use a keylogger to recognise what you type in, steal your usernames and passwords and send them back to the hacker.
Removable Media
Removable Media
Removable media like a USB memory stick can be pre-loaded with malware and then left in public spaces and offices where someone may find it and plug it into their computer, infecting their computer with the malware that was on the USB memory stick.
Types of Hackers
Types of Hackers
White Hat Hackers
White Hat Hackers
Considered the good guys because they follow the rules when it comes to hacking into systems without permission and obeying responsible disclosure laws. Can typically earn anywhere from £44,000 - £100,000+ per year
Grey Hat Hackers
Grey Hat Hackers
May have good intentions but might not disclose flaws for immediate fixes. Prioritize their own perception of right versus wrong over what the law might say, they believe themselves to be morally justified.
Black Hat Hackers
Black Hat Hackers
Considered cybercriminals; they don't lose sleep over whether something is illegal or wrong. Exploit security flaws for personal or political gain-or for fun
Methods to detect and prevent cyber security threats
Methods to detect and prevent cyber security threats
Biometrics
Biometrics
bio = life
metric = measure
biometric = measuring life
Mostly found in mobile devices like smartphones and tablets, biometric methods include:
retina scanners
fingerprint scanners
facial recognition
voice recognition
They are generally considered secure as they are relatively unique to each person and are hard to copy.
Passwords
Passwords
Making a new, secure password makes it more difficult for hackers to guess or brute force (trying all possible passwords).
Passwords should be between 8 and 12 characters long, contain a mix of lowercase, uppercase, numbers and symbols and they should be changed regularly.
Passwords should never be shared with someone else.
Passwords can also be encrypted to increase their security on a network.
Automatic software updates
Automatic software updates
Setting software updates to happen automatically ensures you are always on the most up-to-date version with the latest security fixes, meaning that you won't have to remember to do it or keep on top of known vulnerabilities to keep yourself safe.
Authentication
Authentication
Authentication in this instance is referring to multiple ways of checking the user is who they say they are (two factor authentication) like, using email confirmations to confirm a user’s identity.
Penetration Testing
Penetration Testing
Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access.
There are two types:
Malicious Insider Testing: when the person or team testing the system has some knowledge of and possibly basic credentials for the target system, simulating an attack from inside the system (a malicious insider).
External Attack Testing: when the person or team testing the system has no knowledge of any credentials for the target system, simulating an attack from outside the system (an external attack).
CAPTCHA
CAPTCHA
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart.
CAPTCHA is used frequently on websites when you are signing up for or logging into an account and are used to ensure the user creating the account is human.
Encryption
Encryption
Encryption is the encoding of data so that it can no longer be easily understood. For example, encrypting a password entered into a website so that if the input was to be intercepted, it isn't readable.
Encryption Terminology:
Plaintext: the original message to be encrypted
Ciphertext: the encrypted message
Encryption: the process of converting plaintext into ciphertext
Key: a sequence of numbers used to encrypt or decrypt, often data using a mathematical formula
Encryption algorithm: the formula for encrypting the plaintext
There are 2 encryption methods you need to know:
Pig Pen
Caesar Cipher
Pig Pen
Pig Pen
The Pig Pen Cipher uses the shapes the letters are in to encrypt the message.
For example:
looking at the ciphertext above, we can see that the first shape has the letter P in it. If you repeat this process for the whole ciphertext, you get "PASSMORES".
Caesar Cipher
Caesar Cipher
The caesar cipher is named after Julius Caesar, the roman emporor who apparently used it to communicate with his generals.
Its a simple shift cipher where you move the alphabet along a number of places and write the letter that is now in its place. For example:
We can see from this that the alphabet has been shifted 5 places to the left and each letter has a new letter beneath it.
We can now use this shift to encrypt messages. For example:
HELLO would be MJQQT
PASSMORES would be UFXXRTWJX
To be able to decrypt this message, you must give the intended person the key so they know how far to shift the alphabet.
The Law
The Law
The Law is the governments views on how people should and shouldn't behave. There are punishments for behaving incorrectly and these rules are enforced by law enforcement agencies like the police.
Computer Misuse Act (1990):
Computer misuse is about ensuring peoplke use computers correclty and don't commit crime using them.
Part 1: Unauthorised access to computer material - gaining access to a computer system that isn't yours without permission of the owner. This law also covers modifying software or data without permission like changing the code of software to remove activation keys.
Part 2: Unauthorised access with intent to commit or facilitate crime - gaining access to a computer system that isn't yours without permission of the owner and using that computer system to commit or facilitate further crimes.
Part 3: Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer - using tools that can impair the function of the computer, for example, a zipbomb that will fill the RAM of the computer and cause it to crash and be unusable.
Part 3ZA: Unauthorised acts causing, or creating risk of, serious damage - doing something to a computer system that impairs its use to a point where serious damage may or did occur. For example, hacking a police system and causing a delay in response to emergency situations which could lead to serious consequences for others.
Part 3A: Making, Supplying or obtaining anything which can be used in computer misuse offences - Downloading or creating software that can be used to gain unauthorised access or harm a computer system, even if you haven't used it.
Punishments:
Up to 2 years in prison and a £5,000 fine for breaking part 1.
Up to 10 years in prison and an unlimited fine (judge will decide) for breaking part 2, 3 and 3A.
Up to life in prison (depending on situation) for breaking part 3ZA.
Page updated
Google Sites
Report abuse