Back

Cyber Security | O Level Computer Science 2210 & IGCSE Computer Science 0478 | Detailed Free Notes To Score An A Star (A*)

Views 0

Cyber Security Threats

  • Personal and commercial data must be kept safe.
  • Both malicious acts and accidental damage can cause the loss of data.
  • Brute Force Attack
    • Not a very sophisticated technique
    • Hacker tries crack password by systematically trying all the different combination of letters, symbols and numbers
    • Number of attempts required to crack a password can be reduced through logical steps
      • Check for the most common passwords
        • Simple passwords that most people use.
      • Next, try a strong word list
        • A text file containing words that can be used in brute force attack
        • Programs can generate millions of such words
        • Still faster than total trial and error
      • Longer and more complex passwords can be very hard to crack using this technique
      • Takes a lot of time
    • Data Interception
      • Stealing the data by tapping into a wired or wireless communication link.
      • Compromise privacy and obtain confidential information
      • Packet sniffer
        • Examines packets being sent over a network
        • Intercepted data sent back to hacket
        • Commonly used in wired networks
      • Wardriving
        • Access Point Mapping
        • Used for wireless data (Wi-Fi) data
        • Intercepted using a laptop/ smartphone, GPS device and antenna.
        • Software used as well.
        • Personal data can be revealed without eh user’s knowledge
        • Need to be in close proximity to the user.
        • Safeguard
          • Encryption makes data completely incomprehensible for the hacker
            • IT DOES NOT STOP HACKING ITSELF
          • Wired Equivalency Privacy (WEP) encryption protocol + a firewall is recommended
          • Protecting wireless router with complex passwords is also important
          • Avoid wireless connectivity in public spaces
            • No data encryption is used here
            • Anyone can intercept the data.
          • Distributed Denial of Service (DDoS) Attacks
            • A denial of service (DOS)attack
              • Attempt to prevent users from accessing part of a network.
              • Usually on the internet.
              • Temporary but damaging
              • Can result in large breach of security
              • Individual targets may also occur
                • Email access denied
                • Website/ web page access denied
                • Online services denied
              • Flooding network traffic with spam
                • When a user searches for a site
                • A request is sent to the server with the website
                • Only a finite number of requests can be handled by the server at any time
                • Overloaded server with spam traffic won’t be able to cater legitimate users
              • Difference between DDoS and DoS
                • In DDoS many different computers are used to generate the spam attack
                • Therefore, it is harder to block the attack
              • In case of emails
                • Sending too many spam emails to the user’s account
                • Can clog the email
                • User can not get real emails
              • Some guard is possible
                • Up to date malware checking system
                • Firewall to restrict traffic
                  • Filter unwanted traffic
                • Applying email filters to take out unwanted traffic
              • How to know a DDoS has happened
                • Slow network performance
                • Inability to access certain sites
                • Large amounts of spam emails reaching user’s email account.
              • Hacking
                • Gaining illegal access to a computer system without user’s permission
                • Identity theft
                • Personal information gained
                • Data can be deleted, changed, corrupted
                • Encryption can not stop hacking
                  • It makes hacked data uselss
                  • But it won’t stop the hacket from deleting, corrupting or passing the data.
                • Hacking can be prevented through firewalls
                  • Usernames and strong passwords also help
                  • Changing password frequently as well
                  • Anti-hacking software and intrusion detection software can help as well.
                • Malicious hacking
                  • Taking data without user’s permission.
                  • Always illegal
                • Ethical hacking
                  • Paid hackers by companies to check their security measures
                  • How well their safety systems are.
                • Malware
                  • Many forms
                  • Viruses
                    • Programs or program codes that can replicate
                      • Create copies of themselves
                    • Intention is to corrupt the files
                    • Cause computer to malfunction
                      • Deleting .exe files
                      • Filling drive with useless data
                    • Need an active host program on the target computer
                      • This is already infected
                      • Then they can run and cause harm
                      • A trigger is required to make them work
                    • Often sent as email attachments
                    • Can be on infected website or software
                  • Worms
                    • Stand-alone malware
                    • Can self-replicate
                    • Spreads to other computers and complete networks
                    • Don’t need an active host program
                    • Inside the applications that helps them move throughout networks
                    • Replicate without targeting or infecting specific files on a computer
                    • Rely on security failures within networks to spread without hindrace
                    • Often in the form of message attachments
                      • Opening it can infest entire networks
                    • Anti-virus programs can hep.
                    • Their ability to spread without any action of the user makes them really troublesome.
                    • Example is the I love you worm, attacked every email almost in the world.
                    • Even brought down television networks
                  • Trojan Horse
                    • Disguised as a legitimate software
                    • Has malicious instructions inside it.
                    • Replaces all or part of the legitimate software with the intent of carrying harm
                    • Need to be executed by the user.
                    • Arrive as downloads or email attachments
                    • For example, a fake anti-virus program
                    • Can give cyber criminals access to personal information on the computer
                    • IP Addresses, passwords and other personal data can be compromised
                    • Can install spyware and ransomware.
                    • Firewalls and security systems are often useless in this regard
                      • Users can overrule them and initiate the software
                    • Spyware
                      • Gathers information by monitoring user’s activities
                      • The data is sent back to cybercriminal
                      • Monitor and capture web browsing and other activities
                      • Anti-spyware software can remove them
                      • The main issue is how did the spyware enter the user’s computer
                      • Shows a weakness in security and can show that even more dangerous malware can enter the system.
                    • Adware
                      • Type of malware
                      • It will flood the user with unwanted advertising
                      • Redirect a user’s browser to a website with promotional advertising
                      • Appear in the form of pop-ups and appear in redirects search requests
                      • It is not always harmful
                      • But it shows weakness in the security system
                      • Hard to remove as difficult to determine
                      • Can hijack a browser and create own default search requests
                    • Ransomware
                      • Encrypt data on a user’s computer and hold the data hostage
                      • Ransom money has to be paid
                      • Sometimes they send decryption key to the user
                      • Considerable damage can be caused
                      • Restricts access to the computer and all the data as it is encrypted
                      • Trojan horse or social engineering can be use to inject it in the computer.
                      • Encrypts files directly or wait to determine how much ransom the user can afford
                      • Once executed, almost impossible to reverse the damage
                      • Regular backups of key files is important
                    • Phishing
                      • When a cybercriminal sends out legitimate looking emails to users
                      • Contains links or attachments that can fake a website and gain personal data by tricking the user
                      • It feels like the email is usually coming from a legitimate bank or service provider
                      • Some action must be done by recipient for any damage or harm to occur
                      • If emails are detected or not opened, it causes no harm
                      • How to prevent
                        • Awareness is important – security training provided
                        • Don’t open emails that look unsafe
                        • Anti-phishing toolbars to alert if phishing is occurring
                        • https sign must be considered on sites to check if data is encrypted on transfer.
                        • Regularly check online accounts and maintain passwords
                        • Up to date browsers
                        • Firewalls at all times
                        • Both software and hardware firewalls (desktop and network firewalls)
                        • Block wrong pop-ups
                      • Spear phishing
                        • Specific individuals or companies are targeted to get sensitive financial information
                        • Industrial espionage occurs
                        • Regular phishing is not concerned with who is the target.
                      • Pharming
                        • Malicious code is installed on user’s computer or infected wesite
                        • Redirects to a fake website without user’s knowledge
                        • No action is required to initiate it.
                        • Personal data can be taken
                        • The websites often look real
                        • DNS cache poising
                          • The browser contacts the DNS server when a URL is typed
                          • IP address of the website will be sent back to the browser
                          • DNS cache poising changes the real IP with fake website values
                          • User’s computer connects to the fake website
                        • Risk of pharming mitigation
                          • Anti-virus software to detect unauthorized altercations to a website address and warn the user of potential risks
                          • DNS server infected then difficult to mitigate
                          • Modern browsers can alert about pharming and phishing
                          • Check of the https green padlock sign.
        • Social Engineering
          • Relies on manipulating and deceiving people into providing confidential or personal data
          • Used for criminal activity
          • Take many different forms
          • Phishing is a form of social engineering
          • Quizzes online to take data
          • Data can be used against people
          • Target companies and individuals for data
          • Contact with the company and manipulation tried
Hunain Zia

Hunain Zia has previously achieved considerable success in the high-school educational stream, gaining a massive 154 Total A Grades and 7 Major Distinctions, a process in which he broke/ set 11 different world records, including the most A grades ever achieved, most subjects ever appeared in, most distinctions, gaining distinctions across two separate boards (Pearson Edexcel and CAIE) within the same year/ ever, and even 19 hours of constant examination. All records stand intact today. Hunain pursued his Honors Accounting Degree from the prestigious Bentley University, and then completed an LLB (in Honors) from University of London. Currently, he manages multiple social and commercial projects, has founded digital streams and works tirelessly in the education sector.

Educate A Change focuses on truly bringing change in the educational sector worldwide. All our courses are designed to ensure success, and provide complete preparation without requiring any other external material. Therefore, it takes away the expense of academies, books, past paper compilations and other miscellaneous items. Instead, by just the courses we offer, the student can prepare fully for the best grades in their CAIEs, Edexcel and other high-school exams. The earnings from our course-sales are invested in social projects and growing the free educational activities of Educate A Change.