Presentation is loading. Please wait.

Presentation is loading. Please wait.

Teaching Computing to GCSE

Published byBertha Fleming Modified over 5 years ago

Similar presentations

Presentation on theme: "Teaching Computing to GCSE"— Presentation transcript:

1 Teaching Computing to GCSE
Session 5 Theory: Cybersecurity Practical: Functions & Parameters

2 Specification Content (1)
OCR Forms of attack. Threats posed to networks: malware, phishing, social engineering, brute force attacks, denial of service attacks, data interception and theft, the concept of SQL injection, poor network policy. Identifying and preventing vulnerabilities: penetration testing, network forensics, network policies, anti-malware software, firewalls, user access levels, passwords, encryption.

3 Specification Content (2)
AQA Be able to define the term cyber security and be able to describe the main purposes of cyber security. Understand and be able to explain the following cyber security threats: social engineering techniques, malicious code, weak and default passwords, misconfigured access rights, removable media, unpatched and/or outdated software. Explain what penetration testing is and what it is used for. Define the term social engineering. Describe what social engineering is and how it can be protected against. Explain the following forms of social engineering: blagging, phishing, pharming, shouldering. Define the term ‘malware’. Describe what malware is and how it can be protected against. Describe the following forms of malware: computer virus, trojan, spyware, adware. Understand and be able to explain the following security measures: biometric measures, password systems, CAPTCHA codes, using confirmations to confirm a user’s identity, automatic software updates.

4 Specification Content (3)
Edexcel Understand the importance of network security and be able to use appropriate validation and authentication techniques (access control, physical security and firewalls). Understand security issues associated with the ‘cloud’ and other contemporary storage. Understand different forms of cyberattack (based on technical weaknesses and behaviour) including social engineering (phishing, shoulder surfing), unpatched software, USB devices, digital devices and eavesdropping. Understand methods of identifying vulnerabilities including penetration testing, ethical hacking, commercial analysis tools and review of network and user policies. Understand how to protect software systems form cyber attacks, including considerations at the design stage, audit trails, securing operating systems, code reviews to remove code vulnerabilities in programming languages and bad programming practices, modular testing and effective network security provision.

5 Cyber Security Cyber security is the protection of computer systems, networks and data from unauthorised access, attack and damage. Cyber security is very important in the modern world as cyber attacks can have huge financial implications to an organisation, they can also severely damage an organisation’s reputation.

6 Activity 1 Complete this cyber security threats table using the text in the notes section: Threat Description Social Engineering Malware Brute Force Attacks Denial of Service Attacks Data Interception and Theft SQL Injection Any form of malicious software that is designed to cause harm to a computer system. Intercepting data being sent to/from a over a network computer system. Flooding a system with traffic to prevent legitimate users from using it. Entering code into web forms in order to gain access to online databases. Attacks designed to trick people into giving away personal information and/or providing access to systems. Using software to try every possible password or encryption key until the correct one is found.

7 Social Engineering The term social engineering is used to refer to any methods that involve the manipulation of people in order to gain access to systems. These methods include: Blagging – inventing a scenario to trick the victim into giving away information (for example pretending to be a police officer or from a charity). Phishing – sending fake s pretending to be from a bank or building society, designed to trick you into giving away personal information. Pharming – uses software installed on the victim’s personal computer to redirect users to fake websites which are designed to capture personal information. Shouldering – observing someone in order to gain usernames, passwords and other personal information (also known as shoulder surfing).

8 Activity 2a Place boxes around the clues that tell you this is a phishing .

9 Activity 2b Place boxes around the clues that tell you this is a phishing .

10 Malware Examples of malware include: Computer Virus – programs that are hidden within other programs or files and are self replicating. They are usually designed to cause harm to the computer system. Worm – unlike a virus, a worm doesn’t need to be hidden in a file or program and it doesn’t need a human to help spread it, for example by sending itself through a network. Trojan – a malicious program that is disguised as legitimate software, in order to trick users into installing it. Spyware – software that is designed to collect personal information, often installed without the user’s knowledge when they are installing other software. Adware – opens unwanted adverts in pop-up windows that often can’t be closed.

11 Cyber Security Vulnerabilities
A number of factors can increase the risk of cyber attack, these include: Unpatched software – patches and updates often fix potential security flaws in software, if these aren’t installed you put yourself at greater risk of cyber attack. Removable devices – can be infected with malware, which may transfer between computer systems (either intentionally or unintentionally). Weak and default passwords – simple passwords are easier to guess or brute force, also many systems have default passwords, which are not always changed. Misconfigured access rights – users may have access to files and folders they don’t need. Poor network policy – for example no acceptable use policy in place.

12 Activity 3 Think of actions that could be taken to minimise these vulnerabilities: Vulnerability Action Unpatched Software Removable Devices Weak and Default Passwords Misconfigured Access Rights Poor Network Policy

13 Identifying Vulnerabilities
A number of different methods can be used to identify potential vulnerabilities: Ethical hacking – ethical hackers are people who are given permission to try and hack into an organisation’s systems to identify vulnerabilities. Penetration testing – a form of ethical hacking that focuses on a specific system rather than a whole network. Commercial analysis tools – there are many tools available that organisations can use to scan a system to identify vulnerabilities. Review of network and user policies – ensuring policies are in place that require users to follow safe working practices when using systems. Network forensics – monitoring the traffic on a network in order to identify security flaws and potential attacks.

14 Activity 4 There are two types of penetration testing; white box and black box. Carry out some research to help you complete this table: Type of Penetration Testing Description White Box Black Box

15 Protecting Software It is important to consider security throughout the development of all new software. A number of techniques are used to minimise the risk of security flaws being introduced: Design stage considerations – it is important to consider security right from the start, for example will users have to login?, how will the data be stored securely? etc. Modular testing – testing each part of the program separately to ensure they are no potential security flaws.

16 Activity 5 Complete this security measures table using the text in the notes section: Method Description Biometric Password Systems CAPTCHA codes confirmations Anti-Malware Software Firewall Encryption Used to confirm a user has access to the account they have used to sign up to a service. Designed to prevent people signing other people up for services they don’t want. Makes data unreadable without a specific key, this means even if it is intercepted it will be meaningless. Used in online forms to ensure the user is human to prevent automated systems from filling them in. Using human characteristics to identify people, for example finger prints. Using usernames and passwords to authenticate people when accessing systems. Scans files entering a system to ensure they don’t contain malware, can also be configured to perform regular scans of the whole system. Filters the data entering or leaving a network or system, designed to prevent unauthorised access to systems and networks.

17 Break After the break we will look at functions and parameters.

Download ppt "Teaching Computing to GCSE"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
Unit 19 INTERNET SECURITY

Unit 19 INTERNET SECURITY
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
I.T Security Advice for Dummies By Kirsty Pollard Kirsty Pollard Campsmount Academy.

I.T Security Advice for Dummies By Kirsty Pollard Kirsty Pollard Campsmount Academy.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands 100 200 300 400 500RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Topic 5: Basic Security.

Topic 5: Basic Security.
Module 2.2 1. 2  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Computer Skills and Applications Computer Security.

Computer Skills and Applications Computer Security.

Similar presentations

Ads by Google