Unit 1.6 Systems security Lesson 3

This lesson covers the following from specification 1 This lesson covers the following from specification 1.6 System Security: Forms of attack Threats posed to networks: Malware Phishing People as the weak point in secure systems (social engineering) Brute force attacks DDOS Data interception and theft SQL injection Poor network policy Identifying and preventing vulnerabilities Penetration testing Network forensics Network policies Anti-malware software Firewalls User access levels Passwords Encryption

Key Words Network forensics Penetration testing Network policies Anti-malware software Firewalls Anti-virus Legislation Packet sniffing

Big Picture Threats to networks are far more prevalent in recent years. How can organisations protect themselves from attack? http://www.youtube.com/watch?v=rrbv26ukhPg&t=0m53s

Learning Objectives Explain what is meant by ’network forensics’ Understand the legalities and consequences of unlawfully intercepting data Understand the concept of penetration testing Explore network policies and how they can help protect networks

Engagement Activity What is the ’official title’ of the person who is responsible for exploring vulnerabilities of computer systems and reporting of this in an organisation? What vulnerabilities may they discover?

Network Forensics A branch of digital forensics Covers the forensic investigation of networks and their devices attached to them Primarily involves the examination of data sent across a network (or networks) May involve the use of various forensic techniques including ‘packet sniffing’

Network Forensics Packet sniffing involves the interception of packets across a network Packet sniffing tools can help users understand what is being sent around the network at the time Most tools reveal all data sent over the network, although a lot of it may be encrypted! Performing packet sniffing without express written permission of all parties is in breach of UK law.

Activity 1 What law is being broken if a user were to gain access to a system or intercept user data without permission? Law enforcement agencies can intercept information under what law and for which reason?

Activity 1 - Answers Computer Misuse Act / Investigatory Powers Act Investigatory Powers Act (recently updated) & others (dependent on offence)

Penetration Testing Tests performed under a controlled environment by a qualified person Checks for current vulnerabilities and explores potential ones in order to expose weaknesses in the system so they cannot be maliciously exploited May use tools to help them in their duties Performed by a ‘penetration tester’

Anti malware software Software with the aim of preventing malware from entering the system. Malware - Otherwise known as ‘malicious software’ Software which can be malicious if damaging to a computer or network Examples include viruses, worms and trojan horses

Firewalls Software that performs a ‘barrier’ between a potential attacker and the computer system Can be held on a server, or a standalone computer Many have this feature as part of an anti-virus package Not 100% effective – an attacker could exploit a vulnerability Monitor application and network usage Has the ability to block access from certain computer users and disable processes which may be perceived as a threat

Network Policies Defines how a system can be secured through specific rules or requirements Explains how particular users should access and treat a system Specifies rules for use, for example: Who should access particular parts of a system (no distributing of passwords) What systems can be used for (eg. Work only / no personal use) How to handle specific systems like email (no passing chain mail)

Activity 2 Look at your school’s security policy (exemplar policy available in resources) What is the point of a security policy? Why key things does it cover? What would you make your ‘Top 3’ of important things to have in a policy and why? Extension: Create a resource to inform other people how security policies help prevent attacks

Activity 3 Write your own security policy for an organisation using a template to help you: Low Challenge Small accountancy firm Medium Challenge University High Challenge Supermarket chain

Plenary Develop revision cards using shared resource Check questions and answers by shuffling cards and sharing around to test each other.

OCR Resources: the small print OCR’s resources are provided to support the teaching of OCR specifications, but in no way constitute an endorsed teaching method that is required by the Board, and the decision to use them lies with the individual teacher. Whilst every effort is made to ensure the accuracy of the content, OCR cannot be held responsible for any errors or omissions within these resources. © OCR 2017 - This resource may be freely copied and distributed, as long as the OCR logo and this message remain intact and OCR is acknowledged as the originator of this work. OCR acknowledges the use of the following content: n/a Please get in touch if you want to discuss the accessibility of resources we offer to support delivery of our qualifications: resources.feedback@ocr.org.uk