Methods to detect and prevent cyber security threats

Quick links

3.6

Cyber
Security

3.6.1

Cyber security
threats

3.6.1.1.

Social
engineering

3.6.1.2

Malicious
code

3.6.2

Methods to detect and prevent
cyber security threats

3.6.3

Questions on
cyber security

 

Useful
links

Syllabus content

Content   Additional Information

Understand and be able to explain the following cyber security threats:

  • social engineering techniques
  • malicious code
  • weak and default passwords
  • misconfigured access rights
  • removable media
  • unpatched and/or outdated software.
   
     
Explain what penetration testing is and what it is used for.  

Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access. Students should understand that the aim of a white-box penetration test is to simulate a malicious insider who has knowledge of and possibly basic credentials for the target system. Students should understand that the aim of a black-box penetration test is to simulate an external hacking or cyber warfare attack. (more..)

 

 

The benefits and risk of networks

Advantages and disadvantages of networks

Advantages

  • Sharing devices such as printers saves money.
  • Site (software) licences are likely to be cheaper than buying several standalone licences.
  • Files can easily be shared between users.
  • Network users can communicate by email and instant messenger.
  • Security is good - users cannot see other users' files unlike on stand-alone machines.
  • Data is easy to backup as all the data is stored on the file server.

Disadvantages

  • Purchasing the network cabling and file servers can be expensive.
  • Managing a large network is complicated, requires training and a network manager usually needs to be employed.
  • If the file server breaks down the files on the file server become inaccessible.
  • Email might still work if it is on a separate server. The computers can still be used but are isolated.
  • Viruses can spread to other computers throughout a computer network.
  • There is a danger of hacking, particularly with wide area networks. Security procedures are needed to prevent such abuse, eg a firewall.

.. OR ..

The Advantages (Benefits) of Networking

You have undoubtedly heard the “the whole is greater than the sum of its parts”. This phrase describes networking very well, and explains why it has become so popular. A network isn't just a bunch of computers with wires running between them. Properly implemented, a network is a system that provides its users with unique capabilities, above and beyond what the individual machines and their software applications can provide.

Most of the benefits of networking can be divided into two generic categories: connectivity and sharing. Networks allow computers, and hence their users, to be connected together. They also allow for the easy sharing of information and resources, and cooperation between the devices in other ways. Since modern business depends so much on the intelligent flow and management of information, this tells you a lot about why networking is so valuable.

Here, in no particular order, are some of the specific advantages generally associated with networking:

  • Connectivity and Communication: Networks connect computers and the users of those computers. Individuals within a building or work group can be connected into local area networks (LANs); LANs in distant locations can be interconnected into larger wide area networks (WANs). Once connected, it is possible for network users to communicate with each other using technologies such as electronic mail. This makes the transmission of business (or non-business) information easier, more efficient and less expensive than it would be without the network.
  • Data Sharing: One of the most important uses of networking is to allow the sharing of data. Before networking was common, an accounting employee who wanted to prepare a report for her manager would have to produce it on his PC, put it on a floppy disk, and then walk it over to the manager, who would transfer the data to her PC's hard disk. (This sort of “shoe-based network” was sometimes sarcastically called a “sneakernet”.) True networking allows thousands of employees to share data much more easily and quickly than this. More so, it makes possible applications that rely on the ability of many people to access and share the same data, such as databases, group software development, and much more. Intranets and extranets can be used to distribute corporate information between sites and to business partners.
  • Hardware Sharing: Networks facilitate the sharing of hardware devices. For example, instead of giving each of 10 employees in a department an expensive color printer (or resorting to the “sneakernet” again), one printer can be placed on the network for everyone to share.
  • Internet Access: The Internet is itself an enormous network, so whenever you access the Internet, you are using a network. The significance of the Internet on modern society is hard to exaggerate, especially for those of us in technical fields.
  • Internet Access Sharing: Small computer networks allow multiple users to share a single Internet connection. Special hardware devices allow the bandwidth of the connection to be easily allocated to various individuals as they need it, and permit an organization to purchase one high-speed connection instead of many slower ones.
  • Data Security and Management: In a business environment, a network allows the administrators to much better manage the company's critical data. Instead of having this data spread over dozens or even hundreds of small computers in a haphazard fashion as their users create it, data can be centralized on shared servers. This makes it easy for everyone to find the data, makes it possible for the administrators to ensure that the data is regularly backed up, and also allows for the implementation of security measures to control who can read or change various pieces of critical information.
  • Performance Enhancement and Balancing: Under some circumstances, a network can be used to enhance the overall performance of some applications by distributing the computation tasks to various computers on the network.
  • Entertainment: Networks facilitate many types of games and entertainment. The Internet itself offers many sources of entertainment, of course. In addition, many multi-player games exist that operate over a local area network. Many home networks are set up for this reason, and gaming across wide area networks (including the Internet) has also become quite popular. Of course, if you are running a business and have easily-amused employees, you might insist that this is really a disadvantage of networking and not an advantage!

Key Concept: At a high level, networks are advantageous because they allow computers and people to be connected together, so they can share resources. Some of the specific benefits of networking include communication, data sharing, Internet access, data security and management, application performance enhancement, and entertainment.

.. OR ..

Benefits Of Computer Networking

Technically speaking networking can be defined as a bunch of computers that have with wires running in between them. If proper implementation of a network is done it acts as a system that provides unique capabilities, to its users. These are much beyond the abilities of individual machines and software applications associated with them.

The benefits networking offers to its users can be separated into two main groups i.e. sharing and connectivity. Networks make computers and their users capable of being connected together. This facilitates sharing of resources and information between the users. The modern businesses are expanded all over the world. So, uses and significance of networking has gained momentum during the last years. The many benefits that networking offers to us are:

  • Helps to enhance connectivity: Networks connect and link unlimited number of computers. This in turn connects the people using those computers. Individuals within a work group are connected through local area networks. Many LANs in far off locations are interconnected through larger wide area networks (WANs). These connections ease out communication between people using technologies like e-mail. Today e-mail has become the easiest, and cheapest mode of transformation of information between the users.
  • Networking helps in sharing of hardware: Networks help in sharing of different kinds of hardware devices. For example, sharing of a single printer in an office of twenty people is done through networking of wires. This saves lot of cost that could otherwise have incurred if twenty different printers were provided for each computer in use.
  • Eases out management of data: Networking provides the advantage of centralization of data from all the user systems to one system where it can be managed in an easy and better way. Administrators can thus manage all this data efficiently and in the best interest of the company. Even the access of this data becomes easy for the users.
  • Internet: The most beautiful gift of networking is internet that is massively used by people all over the world. Whenever you are accessing Internet, you are making use of a network. The benefits of internet need no mentioning. Thanks to the wonderful world of networking.
  • Data Sharing: Sharing of data through the use of networks helps save a lot of time and energy. It also facilitates the use of applications like databases that are based on ability of many individuals to access and to share exactly the same data.
  • Networking has promoted gaming: Many internet games like WOW accounts are being played by players all over the world using common servers. These give fun and enjoyment to people and also improve their skills.

Such are the varied benefits of networking to the people all over the world. The success of networking in providing benefits to people depends upon the frequency of its use. So, make the maximum out of this wonderful gift of technology to man.

.. OR ..

The BBC's new website has this.

3.1 Fundamentals of algorithms

3.2 Programming

3.3 Fundamentals of data representation

3.4 Computer systems

3.5 Fundamentals of computer networks

3.6 Fundamentals of cyber security

3.7 Ethical, legal and environmental impacts of digital technology on wider society, including issues of privacy

3.8 Aspects of software development

Glossary and other links

Glossary of computing terms.

AQA 8520: The 2016 syllabus

General content

Keep cyber Threats from destroying your clients business

10 ways to secure your digital content

Flashpoint - Business risk intelligence report

Email secirity risk assessment inforgraphic

MimeCast email report

Cost of data breach study 2016

The cyber threat to UK businesses

Biggest cybersecurity threats in 2016

Social Engineering Report ISMG

How Identity Deception Increases the Success of Ransomware

5 Social Engineering Attacks to Watch Out For

Top 5 Social Engineering Exploit Techniques

Top 10 Social Engineering Tactics

Social Engineering Attacks: Common Techniques & How to Prevent an Attack

Hacking the mind

Understanding Social Engineering Attacks

Social Engineering - Definition

Infoseceye (Read the blog entries!)

NCSC Managing Information Risk

The cyber advisory service

NCSC_glossary

Malicious code and malware.

What is Malicious Code?

Program Security

Finding the kill switch to stop the spread of ransomware

Common Malware Types: Cybersecurity 101

Rogue Sheep

Encryption

The Story of Bob, Alice, and Eve: A Love Triangle Gone Bad (or, How I Came to Love PKI)

The Alice and Bob After Dinner Speech

History of Encryption

Past, present, and future methods of cryptography and data encryption

The Alternative History of Public-Key Cryptography

How PGP works

Beginners guide to PGP

Passwords

Identity and passwords blog

Even Jedi can't achieve Password Perfection

NCSC Password Security

63% of data breaches involve weak, default or stolen passwords

Password meter

How secure is my password?

Cyber security

NCSC 10 Steps To Cyber Security NCSC

NCSC Bring Your Own Device

NCSC Cyber Attacks

Active Cyber Defence

How Every Cyber Attack Works – A Full List

Misconfigured access rights

Lesson Plan Misconfigured Access Rights

Wireless threats

Risks of portable devices

Risks Of Portable Devices

Advert of sorts

AQA: New computer science gcse arms students with cyber security knowledge

https://cybersecuritychallenge.org.uk/novice-toolkit


The Story of Alice and Bob

(Short extract from after-dinner speech by John Gordon at The Zurich Seminar April 1984) I go to lots of conferences on Coding Theory in which complicated protocols get discussed. You know the sort of thing:

"A communicates with someone who claims to be B. So to be sure, A tests that B knows a secret number K. So A sends to B a random number X. B then forms Y by encrypting X under key K and sends Y back to A." and so on.

Because this sort of thing is is quite hard to follow, a few years ago theorists stopped using the letters A and B to represent the main players, and started calling them Alice and Bob.

So now we say "Alice communicates with someone claiming to be Bob. So to be sure, Alice tests that Bob knows a secret number K. Alice sends to Bob a random number X. Bob then forms Y by encrypting X under key K and sends Y back to Alice."

It's supposed to make it easier to understand. Now there are hundreds and hundreds of papers written about Alice and Bob. Alice and Bob have been used to illustrate all sorts of protocols and bits of coding theory in scientific papers. Over the years Alice and Bob have tried to defraud insurance companies, they've exchanged secret messages over a tapped line, and the've played poker for high stakes by mail. Now if we put together all the little details from lots of papers - a snippet from here, a snippet from there - we get a facinating picture of their lives.

This may be the first time in the history of coding theory that a definitive biography of Alice and Bob has been given.

Take Bob. Bob is often selling securities to speculators so we can be pretty sure he's a stockbroker. But from his concern about eavesdropping he is probably into something subersive on the side too.

Take Alice. From the number of times Alice tries to buy stock from him we can say she is probably a speculator. And she's also worried that her husband doesn't get to find out about her financial dealings.

So Bob is a subversive stockbroker and Alice is a two-timing speculator. But Alice has a number of serious problems. She and Bob only get to talk by telephone or by email. And in the country where they live the phone service is very expensive. And Alice and Bob are cheapskates.

So the first thing Alice must do is MINIMISE THE COST OF THE PHONE CALL.

The telephone in their country is also pretty lousy. The interference is so bad that Alice and Bob can hardly hear each other. So the second thing Alice must do is to PROTECT HER MESSAGES AGAINST ERRORS in transmission. On top of that Alice and Bob have very powerful enemies. One of their enemies the is the Tax Authority. Another is the Secret Police.

These enemies have almost unlimited resources. They always listen in to telephone conversations between Alice and Bob. This is a pity since Bob and Alice are always plotting tax frauds and overthrowing the government.

So the third thing ALICE must do is PROTECT HER COMMUNICATIONS FROM EAVESDROPPING. And these enemies are very sneaky. One of their favourite tricks is to telephone Alice and pretend to be Bob. So the fourth thing Alice has to do is to BE SURE SHE IS COMMUNICATING WITH WHOM SHE THINKS SHE IS. Well, you think, so all Alice has to do is listen very carefully to be sure she recognises Bob's voice. But no. You see Alice has never met Bob. She has no idea what his voice sounds like.

All in all Alice has a whole bunch of problems. Oh yes, and there is one more thing I forgot so say - Alice doesn't trust Bob.

Now most people in Alice's position would give up. Not Alice.She has courage which can only be described as awesome. Against all odds, over a noisy telephone line, tapped by the tax authorities and the secret police, Alice will happily attempt, with someone she doesn't trust, whom she can't hear clearly, and who is probably someone else, to fiddle her tax return and to organise a cout d'etat, while at the same time minimising the cost of the phone call.

A coding theorist is someone who doesn't think Alice is crazy. (C) John Gordon 1984