Unit 1.6 Systems security Lesson 1

Slides:



Advertisements
Similar presentations
Let’s Talk About Cyber Security
Advertisements

Computer Viruses.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.
IT Security for Users By Matthew Moody.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
A Level Physics A Delivery Guide Modelling decay of charge Key Concepts.
Topic 5: Basic Security.
Security risks in a network. Remote access  When you connect a computer to a network it is visible to all other computers on the network. When you connect.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
Technical Implementation: Security Risks
Security Risks Todays Lesson Security Risks Security Precautions
The purpose of one Christian Aid Agency
A Level Business Investment Appraisal Lesson Elements.
Chapter 40 Internet Security.
Vectors H070 Topic Title H470 Topic Title.
Burglary picture game.
3.6 Fundamentals of cyber security
Unit 2.5 Translators and Facilities of Languages – Lesson 1
Delivery Guide Distinctive Landscapes © OCR 2017
Big Picture Consider this How many online threats might you be faced with a day?
Unit 2.5 Translators and Facilities of Languages – Lesson 2
H070 Topic Title H470 Topic Title Urban Futures
Systems Security Keywords Protecting Systems
A Level Physics Delivery Guide.
Lesson Objectives Aims You should be able to:
Watch this video clip taken from Futurama
Answer the questions to reveal the blocks and guess the picture.
Unit 2.3 Robust Programs Lesson 1 - Defensive Design Consideration
Protect Your Computer Against Harmful Attacks!
Unit 1.4 Wired and Wireless Networks Lesson 2
Unit Network Topologies, protocols and layers Lesson 3
Landscapes of the UK Learner Resource 3 Comparing characteristics.
Teaching Computing to GCSE
Unit 1.4 Wired and Wireless Networks Lesson 1
Unit 1.6 Systems security Lesson 3
Unit Network Topologies, protocols and layers Lesson 2
– Communication Technology in a Changing World
Unit Network Topologies, protocols and layers Lesson 1
Malware, Phishing and Network Policies
Theft picture game.
A Level Business Lesson Elements.
Electromagnetic spectrum
Combination of Transformations
Electromagnetic spectrum
ISNE101 Dr. Ken Cosh Week 13.
Unit 1.6 Systems security Lesson 4
Unit 1.6 Systems security Lesson 2
Roots and Shoots Lesson Element.
Unit 1.4 Wired and Wireless Networks Lesson 3
Unit 1.3 Storage Lesson 2: Storing Data
What makes these UK landscapes distinctive?
Faculty of Science IT Department By Raz Dara MA.
Unit 1.1 Systems Architecture Lesson 1
TCP/IP routing simulation
H070 Topic Title H470 Topic Title Urban Futures
Unit 1.3 Storage Lesson 1: Storage Devices
Unit 1.1 System Architecture Lesson 2
Unit 1.3 Storage Lesson 1: Storage Devices
A Level Business Investment Appraisal Lesson Elements.
What is Phishing? Pronounced “Fishing”
WJEC GCSE Computer Science
Who… What… Why… When… Where… How… Could… Should….
Who… What… Why… When… Where… How… Could… Should….
What evidence is there to suggest climate change is a natural process?
1.2.2 Security aspects • Show understanding of the security aspects of using the Internet and understand what methods are available to help minimise the.
Describing Graphs Describe the overall trend shown on the graph
Unit 6.10 – L3 Internet Security
Presentation transcript:

Unit 1.6 Systems security Lesson 1

This lesson covers the following from specification 1 This lesson covers the following from specification 1.6 System Security: Forms of attack Threats posed to networks: Malware Phishing People as the weak point in secure systems (social engineering) Brute force attacks DDOS Data interception and theft SQL injection Poor network policy Identifying and preventing vulnerabilities Penetration testing Network forensics Network policies Anti-malware software Firewalls User access levels Passwords Encryption

Key Words Malware Viruses Worms Trojan Horses Phishing Social Engineering Data Interception Network Policies

Big Picture What computing threats are out there in the world? https://www.youtube.com/watch?v=dVW1FNWSaTg

Learning Objectives Explain the different types of malware Discuss a real life malware-related event Understand how phishing operates Discuss how data can be intercepted

Engagement Activity What technological threats do modern companies face?

Malware Otherwise known as ‘malicious software’ Software which can be malicious if damaging to a computer or network Examples include viruses, worms and trojan horses

Viruses Malicious software designed to cause harm to a network or computer system Attaches itself to programs or files on a computer or server Can affect all components of an operating system Around 82,000 viruses are made each day Famous viruses include Stuxnet and CryptoLocker Source: https://uk.norton.com/norton-blog/2016/02/the_8_most_famousco.html

Worms Replicates itself in order to spread to other computers Often using a computer network In order to achieve this, the worm exploits vulnerabilities across the computer network Unlike a virus, it does not need to attach to a program

Trojan Horses Malicious computer program Designed to access a computer by misleading users of its intent Example: Email appearing to have been sent from a bank asking to download security software which would improve security where in fact the software intention is to give unauthorised access to the system

Activity 1 Complete Activity 1 – Table Explain the different types of malware and use resources in order to expand on your answers.

Social Engineering Relies on human interaction (social skills) Commonly involves tricking users into breaking normal security procedures Method does not revolve around technical cracking techniques such as worms or viruses

Computer Phishing Form of social engineering Designed to acquire sensitive information such as usernames, passwords, card details etc. Most common phishing attacks are sent through email

Phishing To: John Smith <john.smith@email.com> From: MyBank <banking.services@mdhebznuyw.ru> Subject: IMPORTANT – Update your banking informations!!!!!! Message: Dear valued customer, We are writing to inform you that there may have been some fraudulent activity on your account. In order to verify your details and identify any issues with your banking service, please click on the link below in order to access your online account and confirm your information. You will need to confirm your card information, so please have these details ready. Click here to log in Regards, MyBank

Telephone (IVR) Phishing Telephone system mirroring – direct phone calls that pretend to be an official service For example, a telephone phishing system would request similar prompts to a bank if the exploit was to gain banking information User could be asked to enter bank number, expiry, CCV, PIN and system may reject or ask for re-entry to ensure original digits are correct

Activity 2 Look at the Activity 2 email Identify how you could tell this email may be a phishing email What are the ‘tell-tale’ signs?

Data Interception and Theft Data travels across networks in packets Packets can be intercepted If packets are encrypted, they cannot be read without a key Unencrypted packets can be re-assembled using signatures Data can also be intercepted physically, for example portable hard drives and other external hardware can be stolen

Network Policies Outlines rules for network access Most common is Acceptable Use Policy (AUP) You may have been asked to agree to an AUP when joining your school Other policies more suitable for contractors and those in charge of maintaining the network Find out more: https://www.youtube.com/watch?v=Kk-58HULBYM

Poor Network Policy Could expose a network to numerous threats Users could be unaware of the risks of: using software opening emails turning off firewalls etc. Most networks restrict users to what they can/cannot do Can you install software on your school PC? Do you have filters on your email and internet browser?

Activity 3 Short research, discussion and present findings What different ways are there to intercept data? What risks are there to the following stakeholders: Individuals Companies Governments Military

Plenary What is Phishing? Are there different types of phishing? If so, what are they?

OCR Resources: the small print OCR’s resources are provided to support the teaching of OCR specifications, but in no way constitute an endorsed teaching method that is required by the Board, and the decision to use them lies with the individual teacher. Whilst every effort is made to ensure the accuracy of the content, OCR cannot be held responsible for any errors or omissions within these resources. © OCR 2017 - This resource may be freely copied and distributed, as long as the OCR logo and this message remain intact and OCR is acknowledged as the originator of this work. OCR acknowledges the use of the following content: n/a Please get in touch if you want to discuss the accessibility of resources we offer to support delivery of our qualifications: resources.feedback@ocr.org.uk