Topic 2 – Unit 1 - ICT-IAL HARDWARE AND SOFTWARE

2.1 Network models and protocols

2.1.1 Understand the features and functions of computer network models:
Basic:
Network - It is a collection of computer systems linked together.
Node - It refers to each device on a network
What is the difference between LAN and WAN?
LAN covers a small geographical area located on a single site whereas WAN is used
to connect LANs in different geographical locations
Hardware for LAN is owned by the organisation while organisations hire
infrastructure from telecommunications companies who manage it
LANs are usually wired or wireless while WANs are usually connected using fibre or
copper telephone lines, satellite links or radio links
What factors affect the performance of networks?
1. Available bandwidth 2. Number of users 3. Traffic volume e.g.
streaming video
4. Wired or wireless connections. Wired connections are more reliable and faster
than wireless connections 5. Choice of hardware 6. Network topology
What affects the performance of wireless networks?
1. Signal quality 2. Range of device
3. Amount of interference from other devices 4. Physical obstructions
What is UTP?
Unshielded Twisted Pair. Cable made from copper wiring that are twisted around
each other to minimise induction and cross-talk between cables
What are some advantages and disadvantages of wireless networks?
+1. Avoids the need to install cables
+2. Easy connection of devices
-1. Less transmission speed as compared to wired networks as all users share the
same bandwidth
-2. Security is a potential problem as wireless signals can be easily intercepted.
What are 3 different types of wired cables used for networking?
1. Ethernet cables or Unshielded Twisted Pair (UTP) cables
2. Coaxial cable. Single copper wire shielded with with metallic mesh and insulation
3. Fibre optic cables. They transmit data as light.
 Client-Server Network
Server
- One centralized/powerful computer - Hub
Client
- Many less powerful/personal - Computers/ workstations - Connected
- Clients run programs/access data - Data stored on server
+1. Easier to keep track of files
+2. Easier to perform backups
+3. Easy to install and update software
+4. Easier to maintain software security
+5. Easier to manage network security
-1. Expensive of setup. Needs IT support specialists to maintain network and server
-2. Server dependence. If server goes down, all clients lose access to their work
-3. Potential to overload server with too many clients

 Peer-to-Peer (P2P) Network

- Systems connected to each other - By Internet
- Files shared directly between systems on network - No need central server
- Each computer = file server/client
Store files on individual devices and share them with others
+1. Easy to maintain
+2. No dependence on server
-3. No centralised management. Devices need to install their updates and security
individually. Backups are complicated.
-4. Duplicates can be created. It is easy to lose track of the most updated copy of the
file and where it is stored.
Name 4 network topologies.
1. Star 2. Ring 3. Bus 4. Mesh

Topologies
Star Topology
▪ Most popular physical LAN topologyis a network topology in which each network
component is physically connected to a central node such as a router, hub or switch.
Bus Topology
All the devices/nodes are connected sequentially to the same backbone or
transmission line. This is a simple, low-cost topology, but its single point of failure
presents a risk.
Ring Topology
All network devices are connected sequentially to a backbone as in bus topology
except that the backbone ends at the starting node, forming a ring. Ring topology
shares many of bus topology's disadvantages so its use is limited to networks that
demand high throughput.
Mesh Topology
The topology in each node is directly connected to some or all the other nodes
present in the network. This redundancy makes the network highly fault-tolerant but
the escalated costs may limit this topology to highly critical networks.
Tree Topology
A root node is connected to two or more sub-level nodes, which themselves are
connected hierarchically to sub-level nodes. Physically, the tree topology is similar to
bus and star topologies; the network backbone may have a bus topology, while the
low-level nodes connect using star topology.
+1. If a device fails or a cable is disconnected, the rest of the network is unaffected.
+2. Simple to add more devices to the network
+3. Better performance as the devices can transmit at once and there are fewer data
collisions
-1. Expensive as every device needs a cable to connect to the central switch or
server
-2. If there is a problem with the switch or server, the whole network is affected
 Ad Hoc Network
- Temp network connection - Made for specific purpose
If network set up for longer PoT = LAN
A group of wireless computers sharing data directly with each other without the use
of a wireless access point such as a router
- scalable: devices - limited setup: - flexible:
A wireless ad hoc network (WANET) is a type of local area network (LAN) that is
built spontaneously to enable two or more wireless devices to be connected to each
other without requiring typical network infrastructure equipment, such as a wireless
router or access point.
In most cases, a PC, laptop or smartphone Wi-Fi interface is used to build an ad hoc
network (Figure 1). In other situations, devices such as wireless sensors are
designed to work primarily in an ad hoc mode.
 Tethering
- Sharing wireless connectivity - By linking
- wireless-connected devices to unconnected devices
•Connects a device without a network connect to one with a network connection
•Transfers data to and from the network using the device tethered
•Connects a device to an internet connection using a mobile phone
•Can use a wired tether (usually USB) or wi-fi to create a hotspot

2.1.2 Understand the features and purposes of network communication

protocols:

 Wi-Fi
- Facility - Allows devices to connect to Internet/communicate w/each other
- Wirelessly w/in area
 ZigBee
- Wireless tech - Use low-power digital radio signals for PAN - Used to create
networks need : - low data transfer rate/energy efficiency/secure networking
- Security systems - Heating/cooling control systems.
Advantages
• Easy To set up • Easy to monitor/ control home appliances from far
Disadvantages
• Short range • One place damage = all system damaged
 cellular – Global System for Mobile (GSM) communications (3G/4G)
GSM stands for global system for Mobile Communication. It is a digital cellular
technology used for transmitting mobile voice and data

 Infrared
Infrared wireless networking uses infrared beams to send data transmissions
between devices. As expected, infrared light beams cannot penetrate objects;
therefore, the signal is disrupted when something blocks the light.
Advantages
Simplcity Inexpensive Limited Interception Power Efficiency
Dis
Line of sight issue Short range Obstructions Security
 Ethernet
Ethernet is the traditional technology for connecting devices in a wired local area
network (LAN) or wide area network (WAN). It enables devices to communicate with
each other via a protocol, which is a set of rules or common network language.
Advantages of Ethernet
relatively low cost; backward compatibility; generally resistant to noise;
good data transfer quality; speed; reliability; and
data security, as common firewalls can be used.
Disadvantages of Ethernet
intended for smaller, shorter distance networks; limited mobility; use of
longer cables can create crosstalk; doesn't work well with real-time or
interactive applications; speeds decrease with increased traffic;
receivers don't acknowledge the reception of data packets; and troubleshooting
is hard when trying to trace which specific cable or node is causing the issue.

Ethernet vs. Wi-Fi

Wi-Fi is the most popular type of network connection. Unlike wired connection
types, such as Ethernet, it does not require a physical cable to be connected.
Instead, data is transmitted through wireless signals.

2.1.3 Understand the features, functions, and use of network standards and
protocols:
Basic:
Protocol - A protocol is a set of rules for how devices communicate and how data is
transmitted across the network.
MAC - It is a unique identifier for every device on the network
What is an NIC and what is it used for?
NIC stands for network interface controller and it sends and receives signals on the
network using a protocol
Wireless access point - This is the point which a wireless enabled device connects
to a network
Switch - Switches connect devices on a LAN
A network switch is a device that forwards and filters OSI layer 2 datagrams (frames)
between ports based on the destination MAC address in each frame.[16] A switch is
distinct from a hub in that it only forwards the frames to the physical ports involved in
the communication rather than all ports connected. It can be thought of as a multi-
port bridge.[17] It learns to associate physical ports to MAC addresses by examining
the source addresses of received frames. If an unknown destination is targeted, the
switch broadcasts to all ports but the source. Switches normally have numerous
ports, facilitating a star topology for devices, and cascading additional switches.
Multi-layer switches are capable of routing based on layer 3 addressing or additional
logical levels. The term switch is often used loosely to include devices such as
routers and bridges, as well as devices that may distribute traffic based on load or
based on application content (e.g., a Web URL identifier).
Router - A router is responsible for transmitting data between networks
A router is an internetworking device that forwards packets between networks by
processing the routing information included in the packet or datagram (Internet
protocol information from layer 3). The routing information is often processed in
conjunction with the routing table (or forwarding table). A router uses its routing table
to determine where to forward packets. A destination in a routing table can include a
"null" interface, also known as the "black hole" interface because data can go into it,
however, no further processing is done for said data, i.e. the packets are dropped.
IP addresses - IP addresses are assigned manually (static) or automatically
(dynamic) to devices when sending data over a TCP/IP network

 Transmission Control Protocol/Internet Protocol (TCP/IP)

TCP is responsible for breaking down a message into smaller packets, creating a
connection between two computers, and ensuring that data are reliably transmitted
and arrive in the correct sequence
- Set of networking rules - Control how data sent - From a
machine (as defined by its IP address)
- To another.
Application Layer
- Interact w/user - Give access services/data
Transport Layer
- Manages end to end communication
Network Layer
- Routes data - one network to another
Datalink Layer
- Controls sending/receiving - Packets of data - To local network
 Voice over Internet Protocol (VoIP)
- Phone calls - Transferred in digital packets - Over the Internet
- Rather than circuit-switched telephone wires
Benefits
• Saves money • Multi functional • Portable
 Session Initiation Protocol (SIP)
- Signaling protocol - Use set up/maintain/ tear down - VoIP phone calls
Session Initiation Protocol (SIP) is a signaling protocol used for initiating,
maintaining, modifying and terminating real-time communications sessions between
Internet Protocol (IP) devices. SIP enables voice, messaging, video and other
communications applications and services between two or more endpoints on IP
networks.
 7 layer Open System Interconnection (OSI) Model

- Conceptual framework - Describes functions of networking system.

Benefits
• Narrow down problems • Allows network hardware/software communicate
OSI Layers
(7) Application Layer
- Interact w/user - Give access services/data
(6) Presentation Layer
- Preparation/translation of applic
Transfers to computer language also compresses and encrypts.
Convert Copmress Encrypt
ation format to network format - (Vise versa)
(5) Session Layer
- Two devices need "speak" - Session created - Setup/coordination (how long
wait for response) - Termination @ session end
Authentication Authorization Session Management
Also keep a track of files downloaded
(4) Transport Layer
- Manages end to end communication
Segmentation Flow Control Error Control Connection Orientated
and connectionless transmission
(3) Network Layer
- Routes data - one network to another
Routing Path determining
(2) Datalink Layer
- Controls sending/receiving - Packets of data - To local network
Access the media Controls how data is placed and recievd from the media
(1) Physical
- Electrical/physical parts of the system
Convert binary to signal , also again to bin and then to application layer
2.2 Network design and implementation
2.2.1 Understand the characteristics of different network transmission media:
Define Transmission Media
- Pathway - Carries info - From sender/receiver
Transmission media is a communication channel that transmits information from the
source/transmitter to the receiver.
Wireless:
 Microwave:
- Radio transmission - Electromagnetic signal
- Point to point = line of sight
Advantages
• Excess bandwidth
Disadvantages
• Distance limited • Not Secure
 Radio
- Easy gen/penetrate through buildings = big wave length
- Sending/receiving antennas NO align
Advantages
• Wide spread • Cost less
Disadvantages
• Low frequency • Can't transmit simultaneous
 Light
- Use light/optical signalling - By laser
- Travel in straight line
.•. Transmission = unidirectional
Advantages
• Less expensive
Disadvantages
• Can't go through obstacles
 Satellite
Satellite internet is a wireless connection spread across multiple satellite dishes
located both on earth and in space, they provide remote areas of the planet with
valuable access to core networks.
- Space station receives microwave signals - From an earth-based station
- Strengthens signals/broadcasts signals back
- Over wide area to any number of earth-based stations
Advantages
• Multipoint communication • No distance limit
Disadvantages
• Delay • Over-crowding (of available bandwidth)
Wired:
 Fiber Optic Cables
- Uses reflection of light through core - Core = glass/plastic surrounded by less
dense glass/plastic covering - Transmits large volumes data
Radio frequency signals are sent over coaxial wire. It can be used for cable
television signal distribution, digital audio (S/PDIF), computer network connections
(like Ethernet), and feedlines that connect radio transmitters and receivers to their
antennas.
Advantages
• Light weight • No interferences
Disadvantages
• High cost • Fragile
 Copper/Twisted Pair Cables
- 2 separately insulated conductor wires - Wound together
Two types
• Unshielded Twisted Pair (UTP)

- Block internal interference - No need physical shield

UTP consists of two insulated copper wires twisted around one another. This type of
cable has the ability to block interference and does not depend on a physical shield
for this purpose. It is used for telephonic applications.
Applications:
Used in telephone connections and LAN networks
Advantages
• Not expensive • Easy install
Disadvantages
• Lower performance • Short distance transmission
Shielded Twisted Pair (STP)

- Jacket block external interference

Applications:
The shielded twisted pair type of cable is most frequently used in extremely cold
climates, where the additional layer of outer covering makes it perfect for
withstanding such temperatures or for shielding the interior components.
Advantages
• Faster • Better performance
*Disadvantages
• More expensive • Bulky
 Powerline
- Transmit electrical energy - Across large distances
Advantages
• Lowest-cost • Large quantities of electric energy
Disadvantages
• Slow connection • Not secure
- Needs all data encrypted
2.2.2 Understand a variety of network metrics:
 Speed
- Transfer # - bps
 Bandwidth
- Max # bits - That can flow through network connection - In PoT
Units = bps
 Throughput
- Actual # bits - Flows through network connection - In PoT
the amount of data passing through the network from point A to point B in a
determined amount of time
 Scalability
- Measure - How well network grow
- To meet rising performance demand
 Latency
- Delays - Happen when processing network data
Most delays are actually undetectable from a user’s perspective and can therefore
go unnoticed but can have a huge impact when using VoIP, or unified
communication systems such as Zoom, Skype, Microsoft Teams and so on.

 Error Rate
- Error # - Meet during data transmission
- Over communications/network connections
# errors
----------------
Total # bits sent
 Packet Loss
- One/more data packets - Traveling across network
- Fail reach destination
the number of data packets that were successfully sent out from one point in a
network, but were dropped during data transmission and never reached their
destination.

 Availability
- Overall "uptime" of system
Availability %
Uptime
-----------
Total Time
Total Time
Downtime + Uptime

 Jitters
- Variance in time delay - Between data packets - Over network
jitter is a variation in delay. Otherwise known as a disruption that occurs while data
packets travel across the network.
If you’ve ever been talking to someone on a video call or other unified
communication system, and suddenly their voice speeds up significantly, then slows
down to catch up, or keeps fluctuating between the two - you have a jitter problem.
*Disruption in normal sequence of sending data packets*

2.2.3 Understand the role of components in networks:

 Switch
- High-speed device - Recieves incoming data packets
- Redirects to destination - On LAN
Switch is a network device that connects other devices to Ethernet networks through
twisted pair cables. It uses packet switching technique to receive, store and forward
data packets on the network. The switch maintains a list of network addresses of all
the devices connected to it.
 Bridge
- Device - Connects two networks - Provides communication between
is a device used to connect multiple LANs together with a larger Local Area Network
(LAN).
 Gateway
- Device - Connect two different networks - Connection to Internet.
 Router
- Connects to networks - Share single internet connection
 Multi-Function Device
Combined Switch/Router
- Device - Forward data - Switch = based on device's physical address
- Router = based on next hop adress location
 Modem
- Provides connection between - Computer/internet
- Converts analog signals into digital - (Vise versa)
A modem is a hardware networking device that helps to convert signals from one
computer network to another
 Repeater
- Electronic device - Amplifies signal - Before transmitting it again
- Extend network cable distance
A repeater is a network device that retransmits a received signal with more power
and to an extended geographical or topological network boundary than what would
be capable with the original signal.
 Server
- Computer/prog - Manages access to centralized resource/service
- In network.
 Netwrok Interface Card (NIC)
- Provides network capabilities - Wired/wireless connection
- Chip installed into computer - Connect to network
 Wireless Access Point (WAP)
- Enables devices connect to wireless network
- To communicate w/ each other
 Hubs
Simple devices that connect network components
- Sends data packets to all other connected devices
Hub vs Switch
Hubs
• Used in smaller networks • "Dumb" devices
- Pass on anything received - On one connection to all others

Switch
• Used in larger networks • "Semi-intelligent" devices
- Learn which devices are on which connection

2.2.4 Be able to produce outline designs for networks to meet specified

requirements that take account of location of devices.
Steps to Build a Good Network
1. Verify bus goal/technical needs
2. Determine feat/funct need to meet needs identified
3. Perform network readiness assessment
4. Create solution/site acceptance test plan
5. Create project plan
Fundamental Design Goals
• Scalability
- Grow include new users/remote sites
• Availability
- Reliable 24/7 performance
• Security
- Designed into network - Safeguard resources
• Manageability
- Network staff managed - Hard maintain = Not work efficiently
Hierarchical Network Design
- Groups Devices into multiple networks - Organized in layers
- Physically separated using different switches
Core Layer
• Connects distribution layer devices
Distribution Layer
• Interconnects smaller local networks
Access Layer
• Provides connectivity • For network hosts/end devices
(Three separate broadcast domains)
Flat Network Design
- Reduces # routers/switches on network - Connects devices to single switch
(One large broadcast domain)
2.2.5 Understand the characteristics and function of:
Internet Protocol (IP)
- Unique id # - Given to every device - Connected to internet
- Reps location
.•. Allowing device communication globally

Example
62.102.245.31
 Internet Protocal Version 4 (IPV4)
- 32 bit numeric - four # 0 – 255 - Separated by dotted decimal
- Most common
192.0.2.126
The Internet Protocol version 6 (IPv6) is more advanced and has better features
compared to IPv4. It has the capability to provide an infinite number of addresses. It
is replacing IPv4 to accommodate the growing number of networks worldwide and
help solve the IP address exhaustion problem.
 Internet Protocal Version 6 (IPV6)
- eight 16-bit hexadecimal # - Separated by colon
- Built-in authentication/privacy support
FE80:CD00:0000:0CDE:1257:0000:211E:729C
 Static IP Address
- Manually configured - Doesn't change
 Dynamic IP Address
- Automatically assigned by DHCP - Changes w/connection to network
Difference between IPv4 and IPv6:
IPv6 is based on an alphanumeric addressing method, while IPv4 is only numeric.
IPv6 binary bits are separated by a colon, while IPv4 binary bits are separated by a
period.
IP security is required by IPv6, while it is optional in IPv4.
IPv6 uses an IP security (IPSec) protocol, while IPv4 relies on applications.
Networks can be automatically configured with IPv6, while IPv4 networks have to be
configured either manually or through Dynamic Host Configuration Protocol (DHCP).
 Dynamic Host Configuration Protocol (DHCP)
- Give quick/automatic/central management - For IP address distribution
- W/in networks
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that
automatically provides an Internet Protocol (IP) host with its IP address and other
related configuration information such as the subnet mask and default gateway.

How DHCP Works

Router = DHCP server
• Client (device) requests IP address
- From host (router)
• Host assigns available IP address
- .•. Allow client communicate on network
• Once Device on/connected DHCP server send request to server =
DHCPDISCOVER
• After DISCOVER packer reaches DHCP sever
- Server holds onto IP address device can use
• Offers client address w/DHCPOFFER packet

 Media access control (MAC) addressing.

- Hardware id #
- Uniquely identifies each device on network - Manufactured into NIC
.•. Can't be changed.
Example: 00-14-22-01-23-45
A MAC address (media access control address) is a 12-digit hexadecimal number
assigned to each device connected to the network. Primarily specified as a unique
identifier during device manufacturing, the MAC address is often found on a device's
network interface card (NIC). A MAC address is required when trying to locate a
device or when performing diagnostics on a network device.
Both MAC addresses and IP addresses serve the same purpose, which is to identify
a device on a network. While the MAC address identifies the physical address of a
device on the same local network, the IP address identifies the device globally or
through its internet address.
Exam Type
The system designer should consult with the people who will be working with
the new IT system. One of these would be the business owner.
Give two other people who should be consulted
employee/user (1)
network manager (1)
network administrator (1)
(network) technician (1)
architect (1)

Explain two network-based security processes that should be specified and

designed for the new IT system.
Award up to two marks for each of two descriptions such as:
• a security process involving backup such as:
a secondary/remote backup stage (1) using cloud/external storage / with a recovery
process (1)
• a security process involving the firewall such as:
controlling external access (1) setting the permissions/port numbers/other specified
property (1)
• a security process involving the server such as:
controlling access (1) setting password parameters/other specified property (1)
system anti-malware (1) centralised control/co-ordination of scans (1)
• a security process involving a networked computer/PC such as:
enforcing time out on inactivity (1) so PCs are not left open (1)

Discuss how network metrics could be used to evaluate this network

Network metrics include speed, bandwidth, throughput, scalability, latency, error
rate, packet loss, availability, jitter. Note: candidates only need to look at a selection
of these.
Metrics are a way of assessing network performance.
Metrics may be assessed qualitatively or quantitatively. Scalability and availability
may be assessed qualitatively but they could also be quantitative.
Quantitative: metrics are given numerical values which may be measured by network
monitoring and logging tools. The data should be logged over time and then
analysed by analytical software.
Qualitative: metrics are given descriptive values. The values may be based on
measurements, but they could be assessed by e.g. user complaints, customer
reviews.
Desirable metrics quantities are:
• high; speed, bandwidth, throughput, scalability, availability
• low; latency, error rate, packet loss, jitter.
All of the metrics are suitable for the network in the question. Contexts could be:
• LAN speed/performance
• server performance
• communications equipment/router/switch performance
• storage access
• backup and/or restore process
• Internet access to cloud storage. Not general internet performance as this would be
an ISP responsibility
Network metrics apply to the hardware. They may apply to network operating
systems and firmware. They would not normally apply to applications.
2.3.1 Understand the impact of network security issues on individuals and
organisations (threats and solutions, open networks).
Vulnerabilities and Attacks
Unauthorized access
Attackers can exploit by launching attacks :
• Sniffing packet data
- Steal vulnerable info
• Denial of service to legit users
- By flooding network medium w/spurious packets
• Spoofing physical identities of legit hosts
- Stealing data - Launching 'man-in-the-middle' attack
Three Pillars of Network Security
Confidentiality
• Protect valuable bus data • Make sure data available only to authorized ppl

Integrity
• Maintaining/assuring accuracy/consistency of data
• Make sure data reliable/not changed
Availability
• Make sure data/network resources/services continuously available to legit users
when need
Threats:
Malware
Malware is malicious software such as spyware, ransomware, viruses and worms.
Malware is activated when a user clicks on a malicious link or attachment, which
leads to installing dangerous software. Cisco reports that malware, once activated,
can:
Block access to key network components (ransomware)
Install additional harmful software
Covertly obtain information by transmitting data from the hard drive (spyware)
Disrupt individual parts, making the system inoperable
Spyware is software that allows attackers to obtain information about your computer
activities by transmitting data covertly from your hard drive.
Ransomware is designed to encrypt files on a device, rendering any files (and the
systems that rely on them) unusable. Usually, malicious actors demand a cash
ransom in exchange for decryption.
Trojans are malware or code that acts as a legitimate application or file to trick you
into loading and executing the malware on your device. A trojan’s goal is to damage
or steal your organization’s data or inflict some other harm on your network.
A computer virus is a malicious piece of computer code designed to spread from
device to device. These self-copying threats are usually intended to damage a
machine or steal data.
Worms are malware that spreads copies of themselves from computer to computer
without human interaction and do not need to attach themselves to a software
program to cause damage.
Phishing and Spear Phishing
Phishing is a type of social engineering that attempts to trick users into giving up
sensitive data such as usernames and passwords, bank account information, Social
Security numbers, and credit card data.
Spear phishing is a more sophisticated form of phishing attack, where cybercriminals
target only privileged users such as system administrators and C-suite executives.
The attackers might use details from a person’s social media accounts to seem even
more legitimate to the target.
Spotting:
The message uses subdomains, misspelled URLs (typosquatting) or otherwise
suspicious URLs.
The recipient uses a Gmail or other public email address rather than a corporate
email address.
The message is written to invoke fear or a sense of urgency.
The message includes a request to verify personal information, such as financial
details or a password.
The message is poorly written and has spelling and grammatical errors.
Prevent
Antivirus software;
Both desktop and network firewalls;
Antispyware software;
Antiphishing toolbar (installed in web browsers);
Gateway email filter;
Web security gateway;
A spam filter; and
Pharming
With this type of online fraud, a cybercriminal installs malicious code on a computer
or server that automatically directs the user to a fake website, where the user may
be tricked into providing personal information.
Prevent
Keep computers updated. Keeping a computer's operating system (OS) and other
software updated is important for protecting against pharming because the latest
software patches fix the vulnerabilities that hackers use to attack computers.
Clear browser cache
Download antivirus and antimalware software
Use a virtual private network (VPN).
Use bookmarks. Bookmarking frequently accessed sites and not clicking on links in
emails or on social networking sites will reduce the chance of pharming.
Unauthorized access
Unauthorized access is when a person gains entry to a computer network, system,
application software, data, or other resources without permission.
Prevent
use a (strong) password (1)
use a password manager (1)
keep their password securely/secret (1)
use two-factor authentication (1)
log off after visiting (when using public computer) (1)
For Community:
encrypt the data/files (1) and use secure sockets layer (SSL) /encrypt the link to the
(users) browser / so that hackers can’t decode the data (1)
install/use a (web application) firewall (1) to protect the data/files/application
server /prevent external/internet attacks (1)
use a Turing test/method of detecting bots (1) to recognise/reject
non-human/automated input (1)
two-factor authentication/biometrics could be used (1) to ensure that only authorised
users can access the data/files (1)
prevent SQL injection (1) by formatting/checking input fields / checking for
unexpected/malicious input (1)
Insider Attack
An insider attack is a malicious attack perpetrated on a network or computer system
by a person with authorized system access.
Insiders that perform attacks have a distinct advantage over external attackers
because they have authorized system access and also may be familiar with network
architecture and system policies/procedures. In addition, there may be less security
against insider attacks because many organizations focus on protection from
external attacks.
Distributed Denial of Service (DDoS)
A DDoS attack aims to take down a company’s website by overwhelming its servers
with requests. It’s analogous to calling a company’s phone number constantly, so
that legitimate callers only get a busy signal and never get through.
DDoS, multiple source.
In this attack, requests come from hundreds or thousands of IP addresses that have
probably also been compromised and tricked into continuously requesting a
company’s website.
A DDoS attack can overload your servers, slowing them down significantly or
temporarily taking them offline. These shutdowns prevent customers from accessing
your website and completing orders.
Prevent
Monitoring your traffic to look for abnormalities, including unexplained traffic spikes
and visits from suspect IP address and geolocations. All of these could be signs of
attackers performing “dry runs” to test your defenses before committing to a full-
fledged attack. Recognizing these for what they are can help you prepare for the
onslaught to follow.
Keep an eye on social media (particularly Twitter) and public waste bins (e.g.,
Pastebin.com) for threats, conversations and boasts that may hint on an incoming
attack.
Consider using third-party DDoS testing (i.e., pen testing) to simulate an attack
against your IT infrastructure so you can be prepared when the moment of truth
arrives. When you undertake this, test against a wide variety of attacks, not just
those with which you are familiar with.
Create a response plan and a rapid response team, meaning a designated group of
people whose job is to minimize the impact of an assault. When you plan, put in
place procedures for your customer support and communication teams, not just for
your IT professionals.
Ransomware
Ransomware is a subset of malware in which the data on a victim's computer is
locked -- typically by encryption -- and payment is demanded before the ransomed
data is decrypted and access is returned to the victim. The motive for ransomware
attacks is usually monetary, and unlike other types of attacks, the victim is usually
notified that an exploit has occurred and is given instructions for how to recover from
the attack. Payment is often demanded in a virtual currency, such as bitcoin, so that
the cybercriminal's identity is not known.
Prevent
Back up computing devices regularly.
Update software, including antivirus software.
Have end users avoid clicking on links in emails or opening email attachments from
strangers.
Avoid paying ransoms.
Avoid giving out personal information.
Do not use unknown USB sticks.
Only use known download sources.
Personalize antispam settings.
Monitor the network for suspicious activity.
Use a segmented network.
Adjust security software to scan compressed and archived files.
Disable the web after spotting a suspicious process on a computer.
Exam Type
Describe what is meant by personal data.
Award one mark for each point to a maximum of two marks for a linked description:
• information/data that relates to an individual/person (1)
• unique to person/would allow them to be identified (1)
• by several separate items of information being combined (1)
2.3.2 Understand how to secure a network using both hardware and software:
 Firewall:
• Define
- Hardware/software - Positioned at network perimeter
- Act as gatekeep for incoming/outgoing traffic
A firewall is software or firmware that prevents unauthorized access to a network. It
inspects incoming and outgoing traffic using a set of rules to identify and block
threats.
• Purpose
- Keep uninvited guests - From browsing network
• Mechanisms use
Packet Filtering
- Intercepts network traffic - Evaluates against your rules
Circuit-Level Gateway
- Blocks incoming traffic - To any host but self
- Internally clients need run software to connect w/CLG
Proxy Server
- Boost network performance - Hide internal addresses
Application Gateway
- Another proxy server - Determines if connection allowed/not
 Security Settings
• Password based authentication
- Non-trivial - Updated frequently
• Disable file/media sharing
- If not needed
 Anti-Malware
Malware
Define
- Any software designed w/malicious intent
Types
• Virus - Infects files
• Spyware - Collects personal info
• Worm - Replicate self across network
• Trojan horse - Looks/operates like legit prog
• Browser hijacker - Modifies web browser
• Rootkit - Gains admin rights for malicious intent
• Malvertising - Use legit online ad to spread malicious software
Anti-Malware
Define
- Prog prevent/detect/remove malware
Antimalware is a type of software program created to protect information technology
(IT) systems and individual computers from malicious software, or malware.
Antimalware programs scan a computer system to prevent, detect and remove
malware.
Types
• Firewall
• Parental controls - Restrict what content accessed
• Anti-spam
• Phishing email protection
• Browser security
 User Controls/Access Rights
User Control
- Stop specified applications from starting - Block access to blacklisted
websites - Stop access to OS components

User Access
- Permissions granted to user/app - Read/write/erase files in computer
 Authentication Types
• Passwords
• Biometrics
• Two Factor
- Method
- User granted access only after successfully presenting two/more evidence to
authentication mechanism - Knowledge (only user knows)
- Possession (only user has)
 Encryption Techniques
Define
- Process converting info into code - Prevent unauthorized access.
Encryption method - Uses keys
.•. Plaintext = Ciphertext (vise versa)
• Symmetric (secret key) - Same key for both encryption/decryption.
• Asymmetric (public key) - Different key for encryption/decryption
 Physical Controls
Definition
- Controls protect physical environment
Types
• Locks
• Fire management
• Gates/guards

Exam Type:
Explain one way in which an operating system could manage security in the
school's network.
Award one mark for each point to a maximum of two marks for a linked explanation
such as:
OS runs/uses/has anti-malware (1) which prevents students loading malware/virus
(onto a PC) (1)
OS controls logins/user accounts (1) only allowing students to use their own account
(1)
OS controls file access (1) only allowing students to access approved files (1)
OS controls file access (1) allows different rights to students and teachers (1)
OS has built in firewall (1) preventing unauthorised access from outside the
network/from the internet (1)

Anti-malware may be used to reduce the risk of malware.

State two activities that anti-malware performs that reduce the risk
check/monitor activity (on the system) / scans for malware (1)
check any incoming files (1)
(could) use heuristics/behaviour to detect malware (activity) (1)
quarantine/remove/disable/report malware (allow malware example) (1)
ensures database/list of known malware is kept up-to-date (1)

Explain one security risk, other than malware, to customer data stored online.
phishing/fraudulent emails/human fallibility/social engineering (1) allowing an
attacker to bypass security measures (1)
insider threat/disgruntled employee/accidental damage (1) damaging the data (1)
external attack/hacking (1) stealing/corrupting/encrypting the data / exploiting
vulnerability in firewall/OS/software (1)

Explain what measures could be taken to reduce the threat of hackers from the
internet.
Firewall, on router or a separate hardware.
• Check for open ports, with port scanner
• Close all ports except those needed for e.g. email, browser
• Keep firewall patched / up to date
Server / data stores.
• Encrypt data
• Set access levels, user rights, passwords on files
• Enforce strong passwords / two factor authentication
• Set up anti-malware, keep it updated
• Ensure OS, and other software is patched up to date
Other.
• Switch off internet access out of hours
• Train staff on security, e.g. avoiding phishing, mailworms, etc.
• Hire white hat/ethical hackers to probe the system for weak points
• Ensure router/modem password is changed from default to something more robust