Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit 1.6 Systems security Lesson 3

Published byDennis Silvester Gilbert Modified over 6 years ago

Similar presentations

Presentation on theme: "Unit 1.6 Systems security Lesson 3"— Presentation transcript:

1 Unit 1.6 Systems security Lesson 3

2 This lesson covers the following from specification 1
This lesson covers the following from specification 1.6 System Security: Forms of attack Threats posed to networks: Malware Phishing People as the weak point in secure systems (social engineering) Brute force attacks DDOS Data interception and theft SQL injection Poor network policy Identifying and preventing vulnerabilities Penetration testing Network forensics Network policies Anti-malware software Firewalls User access levels Passwords Encryption

3 Key Words Network forensics Penetration testing Network policies
Anti-malware software Firewalls Anti-virus Legislation Packet sniffing

4 Big Picture Threats to networks are far more prevalent in recent years. How can organisations protect themselves from attack?

5 Learning Objectives Explain what is meant by ’network forensics’
Understand the legalities and consequences of unlawfully intercepting data Understand the concept of penetration testing Explore network policies and how they can help protect networks

6 Engagement Activity What is the ’official title’ of the person who is responsible for exploring vulnerabilities of computer systems and reporting of this in an organisation? What vulnerabilities may they discover?

7 Network Forensics A branch of digital forensics
Covers the forensic investigation of networks and their devices attached to them Primarily involves the examination of data sent across a network (or networks) May involve the use of various forensic techniques including ‘packet sniffing’

8 Network Forensics Packet sniffing involves the interception of packets across a network Packet sniffing tools can help users understand what is being sent around the network at the time Most tools reveal all data sent over the network, although a lot of it may be encrypted! Performing packet sniffing without express written permission of all parties is in breach of UK law.

9 Activity 1 What law is being broken if a user were to gain access to a system or intercept user data without permission? Law enforcement agencies can intercept information under what law and for which reason?

10 Activity 1 - Answers Computer Misuse Act / Investigatory Powers Act
Investigatory Powers Act (recently updated) & others (dependent on offence)

11 Penetration Testing Tests performed under a controlled environment by a qualified person Checks for current vulnerabilities and explores potential ones in order to expose weaknesses in the system so they cannot be maliciously exploited May use tools to help them in their duties Performed by a ‘penetration tester’

12 Anti malware software Software with the aim of preventing malware from entering the system. Malware - Otherwise known as ‘malicious software’ Software which can be malicious if damaging to a computer or network Examples include viruses, worms and trojan horses

13 Firewalls Software that performs a ‘barrier’ between a potential attacker and the computer system Can be held on a server, or a standalone computer Many have this feature as part of an anti-virus package Not 100% effective – an attacker could exploit a vulnerability Monitor application and network usage Has the ability to block access from certain computer users and disable processes which may be perceived as a threat

14 Network Policies Defines how a system can be secured through specific rules or requirements Explains how particular users should access and treat a system Specifies rules for use, for example: Who should access particular parts of a system (no distributing of passwords) What systems can be used for (eg. Work only / no personal use) How to handle specific systems like (no passing chain mail)

15 Activity 2 Look at your school’s security policy (exemplar policy available in resources) What is the point of a security policy? Why key things does it cover? What would you make your ‘Top 3’ of important things to have in a policy and why? Extension: Create a resource to inform other people how security policies help prevent attacks

16 Activity 3 Write your own security policy for an organisation using a template to help you: Low Challenge Small accountancy firm Medium Challenge University High Challenge Supermarket chain

17 Plenary Develop revision cards using shared resource
Check questions and answers by shuffling cards and sharing around to test each other.

18 OCR Resources: the small print OCR’s resources are provided to support the teaching of OCR specifications, but in no way constitute an endorsed teaching method that is required by the Board, and the decision to use them lies with the individual teacher. Whilst every effort is made to ensure the accuracy of the content, OCR cannot be held responsible for any errors or omissions within these resources. © OCR This resource may be freely copied and distributed, as long as the OCR logo and this message remain intact and OCR is acknowledged as the originator of this work. OCR acknowledges the use of the following content: n/a Please get in touch if you want to discuss the accessibility of resources we offer to support delivery of our qualifications:

Download ppt "Unit 1.6 Systems security Lesson 3"

Similar presentations

A Level Business Investment Appraisal Lesson Elements.

A Level Business Investment Appraisal Lesson Elements.
A Level Physics A Delivery Guide Modelling decay of charge Key Concepts.

A Level Physics A Delivery Guide Modelling decay of charge Key Concepts.
Topic 5: Basic Security.

Topic 5: Basic Security.
© OCR 2016 H070 Topic Title H470 Topic Title Urban Futures Learner Resource 4 – Push and Pull Factors.

© OCR 2016 H070 Topic Title H470 Topic Title Urban Futures Learner Resource 4 – Push and Pull Factors.
© OCR 2016 H070 Topic Title H470 Topic Title Rotations.

© OCR 2016 H070 Topic Title H470 Topic Title Rotations.
The purpose of one Christian Aid Agency

The purpose of one Christian Aid Agency
Marriage and the wedding ceremony

Marriage and the wedding ceremony
Learner Activity 2: Boltzmann Distribution Curves Part of the ‘Rates of reaction and the Arrhenius equation’ Topic Exploration Pack.

Learner Activity 2: Boltzmann Distribution Curves Part of the ‘Rates of reaction and the Arrhenius equation’ Topic Exploration Pack.
The Boltzmann Distribution

The Boltzmann Distribution
A Level Business Investment Appraisal Lesson Elements.

A Level Business Investment Appraisal Lesson Elements.
Chapter 40 Internet Security.

Chapter 40 Internet Security.
Vectors H070 Topic Title H470 Topic Title.

Vectors H070 Topic Title H470 Topic Title.
Burglary picture game.

Burglary picture game.
China and its rulers activities

China and its rulers activities
Balancing Equations Lesson Element.

Balancing Equations Lesson Element.
Unit 2.5 Translators and Facilities of Languages – Lesson 1

Unit 2.5 Translators and Facilities of Languages – Lesson 1
Delivery Guide Distinctive Landscapes © OCR 2017

Delivery Guide Distinctive Landscapes © OCR 2017
Unit 2.5 Translators and Facilities of Languages – Lesson 2

Unit 2.5 Translators and Facilities of Languages – Lesson 2
H070 Topic Title H470 Topic Title Urban Futures

H070 Topic Title H470 Topic Title Urban Futures
Glacier National Park, MT

Glacier National Park, MT

Similar presentations

Ads by Google