top of page

LEARNING OBJECTIVES

  • Demonstrate an understanding of cyber security. 

SUCCESS CRITERIA

Success Criteria:

  • Research the threats to a network.

  • Define these threats and give an example of each one.

  • Explain what penetration testing is.

1.6  System security

Learners should have studied the following:

LO1 - forms of attack

  • threats posed to networks:

    • malware

    • phishing

    • people as the "weak point" in secure systems (social engineering)

    • brute force attacks

    • denial of service attacks

    • data interception and theft

    • the concept of SQL injection 

    • poor network policy

  • identifying and preventing vulnerabilities:

    • penetration testing

    • network forensics

    • network policies

    • anti-malware software

    • firewalls

    • user access levels

    • passwords

    • encryption.

KEYWORDS

Malware - Software that is designed to disrupt or harm a user's computer

Phishing - Sending emails pretending to be reputable company to try to gain people's personal details.

Social engineering - tricking people into breaking security procedures to break into a network.

Networks - LESSON 9 security

STARTER​

Complete the worksheet.  

Teacher's note: Check area (Answers)

Click on the link to access the worksheet for this task.

lo1- forms of attack

Networks are inherently vulnerable to being accessed by the wrong people. By their very nature, they cover and extensive, sometimes immense, area and they have numerous access points. This means that there are plenty of potential ways in for snoopers and others who want to steal or damage data. 

A network can come under attack in many different forms, and criminals are always inventing new methods of attack to overcome the increased security that is developed to prevent the attacks.

There are five main forms of attack a network can be subjected to:

lo1- threats posed to networks

Malware

Malware is short for malicious software, and this is what it is, software designed to cause malice to a person's computer system. It is designed to disrupt or damage the computer system and the data that it holds.

Malware is an all-encompassing term for a number of threats;

Other threats include:

  • Ransomware

  • Rootkits 

  • Back doors

One of the most recent Ransomware attacks:

We must be very careful when we choose to download a file from an email or a website. Most malware is disguised as a Trojan horse. It will look like an innocent application, file or game, but it could unleash a great deal of harm to your computer and files. If you are not certain that the download is from a reputable source, we should question whether it is safe to be downloading the at all.

Any good network policy will have strategies in place to avoid damage caused by malware:

  • Anti-malware software.

  • Makes sure ISP has good awareness of malware issues and carries out scans of traffic itself.

  • Perform regular system updates.

  • Email attachments should be treated with caution.

  • Care should be taken when opening emails from unknown sources.

  • Peer-to-peer file sharing is another common source of malware.

 

This is when an unauthorised person tries to collect personal and sensitive data by disguising themselves as a reputable individual or organisation. The kind of data they are looking to obtain are passwords and bank details. The perpetrator will send some kind communication, such as an email to their victim.

We should be aware of any email or communication that we get that states they are from a legitimate organisation.

Phishing

Social engineering 

Preys on the issue that people are often the weak point in the security of a network. It preys on the problem that people can often be influenced into aiding access to network, often without them even knowing or realising it is happening. 

An example of social engineering is when a perpetrator calls an employee in a company presenting themselves as a network administrator from the same company. They will often act like the employee has reported a problem with their computer by asking them what the problem is that they have reported. Many employees probably haven't reported an issue and will think the administrator is confused, then just forget about the call.

The perpetrator may then fall upon someone who has actually reported an issue and will seek to obtain details such as their login and password.

Other types of attacks include:

taSK 1

bottom of page