Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lesson Objectives Aims You should be able to:

Published byAlfred Hoover Modified over 6 years ago

Similar presentations

Presentation on theme: "Lesson Objectives Aims You should be able to:"— Presentation transcript:

1 Lesson Objectives Aims You should be able to:
Describe threats posed to networks from this list: Malware Phishing Social Engineering Brute Force Denial of Service Data interception and Theft SQL Injection Poor Networking Policy Explain the forms of attack a computer or network may come under

2 Forms of Attack Networks contain really valuable information
Think about what you give away when you sign up to a site: Name Address DOB Credit Card Details All very useful for identity theft, fraud, emptying you bank account…

3 L33t h4xor5 bruv Hacking exists for a reason:
It can make you very rich It can also make you be very much in jail People also hack computers for various other reasons: Fun Simply for a challenge To do something people say can’t be done Research and better security Because it’s their job! (more later)

4 Methods There are a few main methods of attack:
Zero Day exploits Finding new exploits Writing code to steal credentials (key loggers, virri, malware) Sheer brute force Social Engineering Some require physical access to a machine, some remote and some… none at all.

5 This is NOT hacking Films and TV dramas involving technology drive me NUTS because it’s all utter rubbish. This is hacking in a TV show:

6 Whereas real life hacking works like this:
“Hello user, I’m calling from ICT support, you’ve had a problem with your printer and I’ll just need your username and password to check that out for you” “Sure! No problem, here you go…” “Roflcopter.”

7 Software written to deliberately:
Malware Software written to deliberately: Damage Spy/Collect data Infect/Compromise security How it gets you: Clicking on links in s or infected sites “drive by” attacks by visiting infected websites Dodgy attachments

8 Examples

9 “scarier” version

10 Fake Anti Virus…

11 Phishing Deliberately posing as a known organisation in order to trick users into providing personal data Passwords Log in details Personal info such as address or DOB

12 Examples Recently hit well over 10 million Gmail users:

13 Examples

14

15 Social Engineering Social engineering is the coercion of people into revealing sensitive or private information or performing tasks which will gain unauthorised access to a system The single biggest weak spot in any security system is the users Social engineering takes advantage of peoples human nature to trust people who “look” or “sound the part”

16 Social engineering works by:
How does it work Social engineering works by: Befriending a person and simply talking them in to revealing information Calling and posing as a person in authority, using language and terms that you would expect of such a person Simply dressing as an employee of a business or an engineer and walking straight in!

17 Examples History is full of examples of people who have managed to socially engineer their way through their entire lives…

18 http://www. theregister. co

19 Brute Force This is the oldest form of “hacking” Simply go through every possible combination of password until you are successful This is why you’re always told to have a “strong” password.

20 Password strength There is another variation of brute force called “dictionary” attacks This works by trying known or obvious passwords Most people, sadly, have a password that would take milliseconds to brute force.

21 Try it out Lets see how long some passwords would survive a brute force attack:

22 Denial of Service Denial of service is one of the few network attacks designed NOT to steal data or compromise security A denial of service attack is a deliberate attempt to flood a web server with requests until it cannot respond, thus appearing to be “offline”

23 How? A web server can only support a certain number of active sessions
Usually a “bot net” of computers that have been infected are used These internet connections are then all asked to flood traffic to one place, at one time You can easily rent out a bot net online! (but don’t…)

24 Interception/Theft What’s the best way to get someones data? Steal it.
Instead of breaking in to a system, you can just intercept data as it is transmitted This is why free WIFI is super, super insecure.

25 SQL Injection Most websites today are connected to a database Sites communicate with databases using a language called Structured Query Language (SQL) Some beardy people discovered you can type SQL into forms on websites and do very naughty things

26 Example This is really bad because if a website doesn’t check the data entered (validation) then you can literally delete all the data or create yourself an admin account.

27 Poor Policy All networks should have a security policy which would include: Password strength rules Terms of use (think acceptable use policy) Access rights What monitoring takes place on the network User credentials/rights What users can/cannot do However… Most people ignore this policy or it is really badly implemented For example, not checking the ID a person is wearing

28 To answer a long answer question you must:
Task This lesson has “long answer question in the exam” written all over it. To answer a long answer question you must: State facts (bottom mark band, 1-2 marks) Explain what those facts mean (middle mark band, 3-4 marks) Then discuss the impact or consequences of those points (top mark band, 5-6 marks)

29 Lets try it out Poor network security can lead to severe data loss. Discuss some threats to network security and highlight the impact these may have on an organisation. [6 marks] Phishing, malware and brute force are three methods of online attacks. Explain these threats and discuss how a user could protect themselves against such threats. [6 marks]

Download ppt "Lesson Objectives Aims You should be able to:"

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Reliability & Desirability of Data

Reliability & Desirability of Data
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Phishing scams Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice e-mail safety Learn how to protect yourself against common e-mail attacks.

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Topic 5: Basic Security.

Topic 5: Basic Security.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Outline of this module By the end of this module, you will be able to: Identify the benefits of using social networking to communicate with family and.

Outline of this module By the end of this module, you will be able to: Identify the benefits of using social networking to communicate with family and.
Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.

Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.
Cyber security. Malicious Code Social Engineering Detect and prevent.

Cyber security. Malicious Code Social Engineering Detect and prevent.
Technical Implementation: Security Risks

Technical Implementation: Security Risks
Security Risks Todays Lesson Security Risks Security Precautions

Security Risks Todays Lesson Security Risks Security Precautions
Internet Safety.

Internet Safety.
AP CSP: Cybercrime.

AP CSP: Cybercrime.

Similar presentations

Ads by Google