Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit 1.6 Systems security Lesson 1

Published byวรรณา วอชิงตัน Modified over 5 years ago

Similar presentations

Presentation on theme: "Unit 1.6 Systems security Lesson 1"— Presentation transcript:

1 Unit 1.6 Systems security Lesson 1

2 This lesson covers the following from specification 1
This lesson covers the following from specification 1.6 System Security: Forms of attack Threats posed to networks: Malware Phishing People as the weak point in secure systems (social engineering) Brute force attacks DDOS Data interception and theft SQL injection Poor network policy Identifying and preventing vulnerabilities Penetration testing Network forensics Network policies Anti-malware software Firewalls User access levels Passwords Encryption

3 Key Words Malware Viruses Worms Trojan Horses Phishing
Social Engineering Data Interception Network Policies

4 Big Picture What computing threats are out there in the world?

5 Learning Objectives Explain the different types of malware
Discuss a real life malware-related event Understand how phishing operates Discuss how data can be intercepted

6 Engagement Activity What technological threats do modern companies face?

7 Malware Otherwise known as ‘malicious software’
Software which can be malicious if damaging to a computer or network Examples include viruses, worms and trojan horses

8 Viruses Malicious software designed to cause harm to a network or computer system Attaches itself to programs or files on a computer or server Can affect all components of an operating system Around 82,000 viruses are made each day Famous viruses include Stuxnet and CryptoLocker Source:

9 Worms Replicates itself in order to spread to other computers
Often using a computer network In order to achieve this, the worm exploits vulnerabilities across the computer network Unlike a virus, it does not need to attach to a program

10 Trojan Horses Malicious computer program
Designed to access a computer by misleading users of its intent Example: appearing to have been sent from a bank asking to download security software which would improve security where in fact the software intention is to give unauthorised access to the system

11 Activity 1 Complete Activity 1 – Table
Explain the different types of malware and use resources in order to expand on your answers.

12 Social Engineering Relies on human interaction (social skills)
Commonly involves tricking users into breaking normal security procedures Method does not revolve around technical cracking techniques such as worms or viruses

13 Computer Phishing Form of social engineering
Designed to acquire sensitive information such as usernames, passwords, card details etc. Most common phishing attacks are sent through

14 Phishing To: John Smith <john.smith@email.com> From:
MyBank Subject: IMPORTANT – Update your banking informations!!!!!! Message: Dear valued customer, We are writing to inform you that there may have been some fraudulent activity on your account. In order to verify your details and identify any issues with your banking service, please click on the link below in order to access your online account and confirm your information. You will need to confirm your card information, so please have these details ready. Click here to log in Regards, MyBank

15 Telephone (IVR) Phishing
Telephone system mirroring – direct phone calls that pretend to be an official service For example, a telephone phishing system would request similar prompts to a bank if the exploit was to gain banking information User could be asked to enter bank number, expiry, CCV, PIN and system may reject or ask for re-entry to ensure original digits are correct

16 Activity 2 Look at the Activity 2 email
Identify how you could tell this may be a phishing What are the ‘tell-tale’ signs?

17 Data Interception and Theft
Data travels across networks in packets Packets can be intercepted If packets are encrypted, they cannot be read without a key Unencrypted packets can be re-assembled using signatures Data can also be intercepted physically, for example portable hard drives and other external hardware can be stolen

18 Network Policies Outlines rules for network access
Most common is Acceptable Use Policy (AUP) You may have been asked to agree to an AUP when joining your school Other policies more suitable for contractors and those in charge of maintaining the network Find out more:

19 Poor Network Policy Could expose a network to numerous threats
Users could be unaware of the risks of: using software opening s turning off firewalls etc. Most networks restrict users to what they can/cannot do Can you install software on your school PC? Do you have filters on your and internet browser?

20 Activity 3 Short research, discussion and present findings
What different ways are there to intercept data? What risks are there to the following stakeholders: Individuals Companies Governments Military

21 Plenary What is Phishing?
Are there different types of phishing? If so, what are they?

22 OCR Resources: the small print OCR’s resources are provided to support the teaching of OCR specifications, but in no way constitute an endorsed teaching method that is required by the Board, and the decision to use them lies with the individual teacher. Whilst every effort is made to ensure the accuracy of the content, OCR cannot be held responsible for any errors or omissions within these resources. © OCR This resource may be freely copied and distributed, as long as the OCR logo and this message remain intact and OCR is acknowledged as the originator of this work. OCR acknowledges the use of the following content: n/a Please get in touch if you want to discuss the accessibility of resources we offer to support delivery of our qualifications:

Download ppt "Unit 1.6 Systems security Lesson 1"

Similar presentations

Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Computer Viruses.

Computer Viruses.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
A Level Physics A Delivery Guide Modelling decay of charge Key Concepts.

A Level Physics A Delivery Guide Modelling decay of charge Key Concepts.
Topic 5: Basic Security.

Topic 5: Basic Security.
Security risks in a network. Remote access  When you connect a computer to a network it is visible to all other computers on the network. When you connect.

Security risks in a network. Remote access  When you connect a computer to a network it is visible to all other computers on the network. When you connect.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.

Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.

SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
Technical Implementation: Security Risks

Technical Implementation: Security Risks
Security Risks Todays Lesson Security Risks Security Precautions

Security Risks Todays Lesson Security Risks Security Precautions
The purpose of one Christian Aid Agency

The purpose of one Christian Aid Agency
A Level Business Investment Appraisal Lesson Elements.

A Level Business Investment Appraisal Lesson Elements.
Chapter 40 Internet Security.

Chapter 40 Internet Security.
Vectors H070 Topic Title H470 Topic Title.

Vectors H070 Topic Title H470 Topic Title.
Burglary picture game.

Burglary picture game.
3.6 Fundamentals of cyber security

3.6 Fundamentals of cyber security

Similar presentations

Ads by Google