Lesson Objectives Aims You should be able to:

Slides:



Advertisements
Similar presentations
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Advertisements

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Threats to I.T Internet security By Cameron Mundy.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Reliability & Desirability of Data
IT security By Tilly Gerlack.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Topic 5: Basic Security.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Outline of this module By the end of this module, you will be able to: Identify the benefits of using social networking to communicate with family and.
Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.
Cyber security. Malicious Code Social Engineering Detect and prevent.
Technical Implementation: Security Risks
Security Risks Todays Lesson Security Risks Security Precautions
Internet Safety.
AP CSP: Cybercrime.
Chapter 40 Internet Security.
What they are and how to protect against them
An Introduction to Phishing and Viruses
3.6 Fundamentals of cyber security
Learn how to protect yourself against common attacks
Unit 4 IT Security.
Social Engineering Charniece Craven COSC 316.
Protecting What’s Yours: Your Identity
How to use the internet safely and How to protect my personal data?
Level 2 Diploma Unit 11 IT Security
Ways to protect yourself against hackers
Types of Cyber Crimes Phishing - is a scam to steal your online username and password. Phishing attacks work by tricking you into entering your username.
How to use the internet safely and How to protect my personal data?
Lesson 3 Safe Computing.
Secure Software Confidentiality Integrity Data Security Authentication
I S P S loss Prevention.
Lesson Objectives Aims You should be able to:
How to Protect Yourself from ID Theft and Social Engineering
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Big Picture How many ways can a system be attacked? What can we do about it?
Protect Your Computer Against Harmful Attacks!
Year 10 ICT ECDL/ICDL IT Security.
Forensics Week 11.
Teaching Computing to GCSE
Lesson 2- Protecting Yourself Online
STOP. THINK. CONNECT. Online Safety Quiz.
Security Threats Haunting the E-Commerce Industry. How Can Security Testing Help?
Unit 1.6 Systems security Lesson 3
Risk of the Internet At Home
Malware, Phishing and Network Policies
Unit 1.6 Systems security Lesson 2
HOW DO I KEEP MY COMPUTER SAFE?
Phishing Don’t fall for fake
Faculty of Science IT Department By Raz Dara MA.
Cyber security and Computer Misuse
Easy-Speak How easy is it?
Internet Safety – Social Media
Unit 1 Fundamentals of IT
WJEC GCSE Computer Science
Lesson 2- Protecting Yourself Online
Security in mobile technologies
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
1.2.2 Security aspects • Show understanding of the security aspects of using the Internet and understand what methods are available to help minimise the.
G061 - Network Security.
Unit 1.6 Systems security Lesson 1
Week 7 - Wednesday CS363.
CS101 Security.
Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.
Presentation transcript:

Lesson Objectives Aims You should be able to: Describe threats posed to networks from this list: Malware Phishing Social Engineering Brute Force Denial of Service Data interception and Theft SQL Injection Poor Networking Policy Explain the forms of attack a computer or network may come under

Forms of Attack Networks contain really valuable information Think about what you give away when you sign up to a site: Name Address DOB Credit Card Details All very useful for identity theft, fraud, emptying you bank account…

L33t h4xor5 bruv Hacking exists for a reason: It can make you very rich It can also make you be very much in jail People also hack computers for various other reasons: Fun Simply for a challenge To do something people say can’t be done Research and better security Because it’s their job! (more later)

Methods There are a few main methods of attack: Zero Day exploits Finding new exploits Writing code to steal credentials (key loggers, virri, malware) Sheer brute force Social Engineering Some require physical access to a machine, some remote and some… none at all.

This is NOT hacking Films and TV dramas involving technology drive me NUTS because it’s all utter rubbish. This is hacking in a TV show:

Whereas real life hacking works like this: “Hello user, I’m calling from ICT support, you’ve had a problem with your printer and I’ll just need your username and password to check that out for you” “Sure! No problem, here you go…” “Roflcopter.”

Software written to deliberately: Malware Software written to deliberately: Damage Spy/Collect data Infect/Compromise security How it gets you: Clicking on links in emails or infected sites “drive by” attacks by visiting infected websites Dodgy email attachments

Examples

“scarier” version

Fake Anti Virus…

Phishing Deliberately posing as a known organisation in order to trick users into providing personal data Passwords Log in details Personal info such as address or DOB

Examples Recently hit well over 10 million Gmail users:

Examples

Social Engineering Social engineering is the coercion of people into revealing sensitive or private information or performing tasks which will gain unauthorised access to a system The single biggest weak spot in any security system is the users Social engineering takes advantage of peoples human nature to trust people who “look” or “sound the part”

Social engineering works by: How does it work Social engineering works by: Befriending a person and simply talking them in to revealing information Calling and posing as a person in authority, using language and terms that you would expect of such a person Simply dressing as an employee of a business or an engineer and walking straight in!

Examples History is full of examples of people who have managed to socially engineer their way through their entire lives…

http://www. theregister. co http://www.theregister.co.uk/2017/05/25/nigerians_sentenced_to_prison_online_scamming/

Brute Force This is the oldest form of “hacking” Simply go through every possible combination of password until you are successful This is why you’re always told to have a “strong” password.

Password strength There is another variation of brute force called “dictionary” attacks This works by trying known or obvious passwords Most people, sadly, have a password that would take milliseconds to brute force.

Try it out Lets see how long some passwords would survive a brute force attack: https://howsecureismypassword.net/

Denial of Service Denial of service is one of the few network attacks designed NOT to steal data or compromise security A denial of service attack is a deliberate attempt to flood a web server with requests until it cannot respond, thus appearing to be “offline”

How? A web server can only support a certain number of active sessions Usually a “bot net” of computers that have been infected are used These internet connections are then all asked to flood traffic to one place, at one time You can easily rent out a bot net online! (but don’t…)

Interception/Theft What’s the best way to get someones data? Steal it. Instead of breaking in to a system, you can just intercept data as it is transmitted This is why free WIFI is super, super insecure.

SQL Injection Most websites today are connected to a database Sites communicate with databases using a language called Structured Query Language (SQL) Some beardy people discovered you can type SQL into forms on websites and do very naughty things

Example This is really bad because if a website doesn’t check the data entered (validation) then you can literally delete all the data or create yourself an admin account.

Poor Policy All networks should have a security policy which would include: Password strength rules Terms of use (think acceptable use policy) Access rights What monitoring takes place on the network User credentials/rights What users can/cannot do However… Most people ignore this policy or it is really badly implemented For example, not checking the ID a person is wearing

To answer a long answer question you must: Task This lesson has “long answer question in the exam” written all over it. To answer a long answer question you must: State facts (bottom mark band, 1-2 marks) Explain what those facts mean (middle mark band, 3-4 marks) Then discuss the impact or consequences of those points (top mark band, 5-6 marks)

Lets try it out Poor network security can lead to severe data loss. Discuss some threats to network security and highlight the impact these may have on an organisation. [6 marks] Phishing, malware and brute force are three methods of online attacks. Explain these threats and discuss how a user could protect themselves against such threats. [6 marks]

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.