Computing

Studies Information Systems

Design and Development

Networks, Security,
Legality and the
Environment

&

Buckhaven High School

Version 1
Networks, Security, Legality and the Environment

Contents Nat 4/5 Nat 5

Page 1 Contents
Page 2 How to use this booklet
Page 3 What is a Network? Stand Alone, Local Area Network (LAN)
Page 4 Room LAN
Page 5 Wide Area Network (WAN)
Page 6 Other Devices
Page 7 The Internet, WWW, Search Engines, Browsers, Other Services
Page 8 Network Interface Cards
Task 1: LANs & WANs (N4)
Page 9 Types of Transmission media in Networks
Page 10 WiFi and Bluetooth
Page 11 Task 2: Networking Consultant (N5)
Page 12 Types of Network: Client/Server
Page 13 Types of Network: Peer to peer
Page 14 Task 3: Comparison of Peer to peer and Client/Server Networks (N5)
Page 15 Cloud Computing
Task 4: Cloud Storage (N5)
Page 16 Comparison of Local versus Cloud
Page 17 Security Risks: Malware, Viruses
Page 18 Security Risks: Trojans, Worms
Task 5: Research Infamous Viruses (N4)
Page 19 Security Risks: Spyware, Phishing
Page 20 Security Risks: Online Fraud, ID Theft
Page 21 Security Risks: Denial of Service Attacks
Page 22 Task 6: Malware (N5)
Task 7: Security Risks (N5)
Page 23 Security Precautions: Passwords, Encryption
Page 24 Security Precautions: Firewall Software, Biometrics
Page 25 Security Precautions: Anti-virus Software, Security Suites
Task 8: Internet Security Suites (N5)
Page 26 Legal Implications - Data Protection Act 1998
Page 27 Legal Implications - Computer Misuse Act 1990
Page 28 Legal Implications - Copyright, Designs & Patents Act 1988
Page 29 Legal Implications - Communications Act 2003
Page 30 Task 9: Legal Implications (N5)
Page 31 Health & Safety Regulations
Page 32 Environmental Impact - Carbon Footprint of IT Equipment
Page 33 Energy Usage of IT Equipment, Disposal of IT Equipment
Page 34 Recycling of Computer Equipment, Disposing of Data
Page 35 Task 10: Disposal Task (N5)

1 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment
How to use this booklet
This booklet has been written to cover the following content in National 4 and National 5 Computing.
The booklet will be colour coded as shown below.

National 4 National 5
Technical Implementation Stand-alone or networked Peer-to-peer networks
(networking/connectivity) LAN/internet Client/server networks
Wired/wireless Wired, optical, wireless

Low-Level Operations and Interfaces (network interface card)

Computer Architecture
Security Risks Viruses, worms, Trojans Spyware, phishing, keylogging
Hacking Online fraud, identity theft
Denial of service (DOS) attacks

Security Precautions Anti-virus software

Passwords/encryption
Biometrics
Security protocols and firewalls
Security Suites

Legal Implications Computer Misuse Act

Data Protection Act
Copyright, Designs and Patents Act
Health and Safety Regulations
Communications Act 2003
Environmental Impact Energy Use
Disposal of IT Equipment
Carbon Footprint

For assessment purposes, pupils working at National 4 level need only learn the N4 content.
Pupils attempting National 5 assessments, coursework and a final exam should study N4 AND N5 content.

ISDD 2
Networks, Security, Legality and the Environment

What is a Network?
A network is two or more computers or devices connected together. Every computer or device on a
network can send and receive data from any of the other computers or devices connected to the network.
In class you use a network when you save or open files on the school server. Networks are being used for
more and more interactive applications every day. (e.g. e-mail, online shopping, online banking, social
networking and social gaming).

Stand-alone Computer
Computers can and still are being used on their own without being connected
to a network. All the software applications the user needs are held on the
computer and any peripheral devices (e.g. a printer) can be connected via
cables. If you have a computer which is not attached to a network it is called
a stand-alone computer. In order to share resources and data you need to
connect your computer to a network. All modern computers have the
capability to connect to a network.

Local Area Network (LAN)

A network that covers a small area is
known as a Local Area Network (LAN).
This could be in a building or a small site.
LANs are often found in schools and
businesses.
Computers and devices connected in a
LAN are either wired or wireless. The
method used to connect them is called their
transmission media. Home networks
increasingly use wireless transmission
media.

Advantages of a LAN:
● Allows you to share data, information (file sharing, e-mails etc)
● Allows you to share expensive computer hardware. e.g. printers, large hard disks
● Allows many computers to share one Internet access point
● Very fast data transmission (many Gb of data transferred per second is possible)
● Very reliable data transmission (the short distances mean very few errors)

3 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Each computer in the school is part of the school LAN. These allow each room to share files and
peripherals through cables and wall sockets.

All computers and peripherals are connected to the network with cables, connected through sockets in
the wall.

The cables from each computer’s wall socket run round the
classroom, under floors or through roof space eventually
arriving at a switch unit. Every computer in the school
connects to a switch unit in a cabinet like the one shown.

ISDD 4
Networks, Security, Legality and the Environment

Wide Area Network (WAN)

Some businesses have offices in many cities in a country; some have offices all over the world. These
networks cover a far greater distance and are known as Wide Area Networks (WANs) because they
cover a large area such as across cities or over continents.

Wide Area Network (WAN)

WANs often connect lots of smaller local area networks. The transmission media used to communicate
across a WAN are long distance telecommunication systems like telephone lines or satellite technology.

The best example of a WAN is the Internet which is often described as “a network of networks”.

Advantages of a WAN:
Ÿ Allows the business to share data, information
Ÿ Allow users to send messages between offices around the world
Ÿ Allows access to files from any computer anywhere on the network
Ÿ Allows businesses to provide customers with services.
For example, ATMs (cash machines) are computers attached to a bank’s WAN

5 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Other Devices
It’s not just desktop computers that can be connected to a network (LAN or WAN)

Smart TVs

MP3 Players

Laptops

Tablets

Smart Phones

Games Consoles

ISDD 6
Networks, Security, Legality and the Environment

The Internet
The Internet is a global system of interconnected computer networks (LANs & WANs) that enables
computers and peripheral devices worldwide to connect with each other using a range of
telecommunications systems. It can be thought of as many different, smaller networks connected
together. The Internet allows users to access files, for example, databases and web pages stored all round
the world. This information can be found using search engines and viewed using browsers.

World Wide Web (WWW)

The world wide web (www) is millions of multimedia web pages that are
stored on computers across the world. Web pages display different data
types; text, sounds, graphics, animations and video. The term web comes
from the fact that most web pages are linked to other pages using hyperlinks.

Computer uses often misuse the terms Internet and world wide web. A good way to remember the
difference between them is to remind yourself that the Internet is hardware and the world wide web is
software and data (or information). The world wide web is stored on the Internet.

Search Engines
These help users find their way around the world wide web (www) by
searching all web pages for keywords. Examples:- Google, Ask,
Yahoo.

Browsers
These programs allow Internet users to view data on the World Wide Web (WWW).
Examples:- Internet Explorer, Firefox, Google Chrome.

Other services available on the Internet and world wide web include online banking, online shopping,
e-mail, forums, file sharing, chat rooms and other examples social networking (Facebook, Twitter etc.).

7 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Network Interface Cards

The computers in a LAN or WAN can be linked using cables (wired) or a wireless connection (Wi-Fi).
Regardless of the network being wired or wireless, all computers need to have either a Network Interface
Card (NIC) or a Wireless Network Interface Card. This device allows the computer to connect with the
network.

Network Interface
Card Wireless Network
Interface Card

Every device that is connected to a LAN will need a network interface card to send and receive the data
sent to and from another device on the network.

Task 1 - LANs and WANs

Using a suitable application, copy and complete the questions below.
1. Copy and complete the following table.
LAN WAN
Full Name
Distance Covered
Advantages of:
Example of where is it used?
Wired, wireless or both?

2. What is meant by the term “stand-alone computer”?

3. Today’s homes commonly have broadband Internet access through a wireless router.
The wireless router may be accessed by a variety of computer systems, mobile phone’s,
TVs, games consoles and other connected devices.
State why the above statement tells us that most houses are part of both a LAN and a
WAN.
Note that questions 4 and 5 are National 5 level questions.
4. How much does it cost to purchase a network interface card? Look for the cheapest card
you can find.
5. Can you purchase a wireless network card for the same price?
Print your answers and submit them to your teacher.

ISDD 8
Networks, Security, Legality and the Environment

Types of Transmission Media in Wired Networks

A network requires two or more computers or devices to be connected together to share data. The means
by which the data is transferred from one device to another is called the transmission media.
There are several types of cables used as transmission media in a wired local area network:
Copper Cabling
Twisted Pair: A simple type of cabling made up of two copper wires twisted
around each other. It is probably used in your school network as it is quite
cheap and allows fast data transfer (over 100 Mbps).

Coaxial: The central cable that transmits the data is surrounded by a shield of copper
braiding which protects the central cable from interference. Found in places like
factories and manufacturing plants where there is a large amount of possible
interference. Coaxial cable is more expensive than twisted pair.

Fibre Optic
Fibre Optic cable is made up of fine strands of glass that carry pulses of light.
These pulses of light carry the data being transferred. It is more secure than
copper cabling as any break in the cable can be detected. Fibre optic cable
does not suffer from electromagnetic interference and can transmit data at
very high speeds.
Fibre optic cable is commonly used to connect buildings together in a LAN
although it is expensive. It can also be used between floors in a building. It is
also the preferred medium for telephone lines. If you have a broadband router
at home it will normally be connected to the Internet using a fibre optic
telephone line.

Types of Transmission Media in Wireless Networks

Wireless networks do not need cables. Wireless networking transmits data through the air using radio
waves and microwaves. Each computer or device needs a transmitter/receiver and the network needs a
control device such as a router, to pass data around the network.

9 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

The most popular standard for wireless networking is Wi-Fi, which uses radiowaves to transmit data
through the air. Wi-Fi can connect devices up to 100 meters apart at a data transfer rate of 600 Mbps.

Bluetooth is another wireless standard which uses short, wavelength microwaves to transmit data. It is
commonly used for mobile phones and a variety of other peripheral devices. Bluetooth can only cover an
area up to around 10 metres and transfers data at a rate of 721 Kbps.

Wireless communications also exist for wide area networks. The image below shows microwave towers.
The microwave dishes are positioned in high places and pointed towards another microwave tower to
form a relay. Currently the furthest distance between two towers in 360km across the Red Sea. This
form of communication is capable of transferring extremely large quantities of data very quickly.

The main disadvantage with a wireless connection is that security can be a problem. Data has to be
encrypted to prevent hackers from accessing networks without authorisation. If you have a secure
wireless router (hub) at home you’ll have noticed a password is required to access the router.

ISDD 10
Networks, Security, Legality and the Environment

Task 2 - Networking Consultant

The diagram below shows the layout of a modern house.

The owners currently have a telephone land line but no Internet access. They do have the
following Internet enabled devices in the house:
● A desktop computer in the Drawing Hall (living room)
● A Smart TV in the downstairs Bedroom
● An ipod docking station in the Kitchen
● A PS4 games console upstairs in the Master Bedroom with an HD TV
● A laptop computer in the second upstairs bedroom
● 3 mobile smart phones

You have been given the job of a network consultant. Describe how you would network the
house to provide Internet access to all of the above devices. Include in your description the
following…
1. the type of router you would buy and where you would position it
2. will your network be wired, wireless or both
3. if required, what type of cables will you install and what rooms will you run the cables
to and from.
E-mail your completed description to your teacher.

11 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Types of Network
Client / Server Networks
In a client/server network, users work at client workstations.
A workstation may be a desktop or laptop computer with a
network interface card (to allow communication with the
server) or other devices such as tablets with Wi-Fi
capability. One or more servers may be responsible for
allocation resources such as printing, Internet access, email,
file storage etc.
Servers are also responsible for security on the network.
Users working at client workstations are usually required to
log in. This identifies the users to the server which then
allocates the users different levels of access.

Server types
Servers provide functions to the client/server network.
Common servers are:
File Server This provides all users of the network with centrally
controlled file storage. Every user will have their
own allocated storage space and will be given read
only or read/write access to shared files. The image
shows a file server with a bank of hard disk drives.
Print Server This allows data sent from client workstations to be
output to the appropriate printer on the network. The set of jobs waiting to be
printed is called a print queue. Jobs may be given priorities determining which
prints first.
Mail Server This allows users to send emails and have them stored on the server hard drives.
Web Server This server connects to the Internet via a security system called a firewall
(software which prevents unauthorised access from outside the network). It also
allows frequently accessed Web pages to be cached (stored) on the server’s hard
drives so that they can be accessed faster.
Application Server This allows programs (applications) to be held centrally on a server and loaded
from there into the RAM of individual client workstations.

Advantages of a client/server network:

Ÿ Centralised control of resources and data.
Ÿ Easier to backup all network files (as they are held centrally on the file server) at regular intervals.
Ÿ Network Operating System will have built in security measures (user access rights etc).
Ÿ Accessibility - the server can be accessed remotely and across multiple platforms (e.g. Apple,
Microsoft PC, Sun workstations etc).
Disadvantages of a client/server network:
Ÿ Expense - requires initial investment in dedicated server(s) and a network operating system.
Ÿ An administrator will be required to maintain the server (adding new users etc)

ISDD 12
Networks, Security, Legality and the Environment

Peer-to-Peer Networks
In a client/server network the central server controls the running of the network. Peer-to-peer networks
allow users to share resources and files located on their computers and to access shared resources found
on other computers in the network.
On peer-to-peer networks, all computers are considered equal. Peer-to-peer networks are designed
primarily for small local area networks with, typically, up to six machines. Home, small offices or
businesses are typically Peer-to-peer networks.

An Infamous Peer-to-Peer Network

Napster was a high profile company that was taken to court by the music
industry. Napster created a peer-to-peer network which allowed millions
of users to share music, films, software and many other types of file. File
sharing itself is not illegal, it’s the copyright associated with the files that
make it illegal in some circumstances. Napster argued that they were not responsible for the illegal
action of their networks users and that Napster themselves stored no copyright files. They lost their court
case and were ordered to shut down.

Advantages of a Peer-to-Peer network:

Ÿ They are cheaper as there is no need for dedicated servers or specialised network operating systems.
Ÿ They are easy to setup. Most modern operating systems can be set up for peer-to-peer operations.

Disadvantages of a Peer-to-Peer Network:

Ÿ There is no easy central backup of all files possible as they are stored locally in the hard drives on
each machine, rather than centrally on a server.
Ÿ Security of data is hard to implement as files are not stored centrally.
Ÿ Works best in an environment where users trust each other (e.g. in the home or very small office).

13 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Task 3 - Comparison of Peer-to-Peer and Client/Server Networks

Using a suitable application, create and complete the following information in a table
format.

Peer-to-Peer Client/Server
Constituent Elements
Resources
Storage
Backups
Security
Environment

Complete the table by placing each of the statements below under the correct network type
and beside the correct heading.
Ÿ With a central backing store, regular backups can be organised or implemented easily.
Ÿ There is no centralised storage so each workstation stores data independently.
Ÿ There is no mechanism to manage access to the network. Often the individual
workstation can only set up whether all or no users can access the files.
Ÿ Best suited to a ‘trusting environment’ like the home.
Ÿ All resources on the network are managed by servers which provide access to
resources such as data files, printers and web access to the workstations.
Ÿ Holds a database of all Usernames, Passwords and permissions, detailing which files
and folders the user can access.
Ÿ All computers are managed independently and have equal status when communicating
with each other.
Ÿ Each workstation backs up data independently. It is very difficult to backup the whole
network as there is no centralised backing store.
Ÿ It is commonly used in businesses and organisations.
Ÿ Network composed of workstations operated by users, and central computers which
control the resources to all workstations.
Ÿ Data is stored in a central backing store monitored by the server.
Ÿ Allows users to share resources and files located on their computers and to access
stored resources found on other computers on the network.

ISDD 14
Networks, Security, Legality and the Environment

Cloud Computing
Cloud computing is the use of hardware and software to deliver services over a network (typically the
Internet).
Companies selling cloud services use banks of servers and hard disks which are accessed remotely by
users.
Services available over the cloud include:
● Online Data Storage
Users can purchase storage space which can be accessed from any Internet connection. The cloud
provider will backup the users’ data to ensure it is never lost.
● Software Hosting
Rather than programs being installed on each computer system, they are installed on the cloud
servers and downloaded when needed.
● Virtual Servers
Users can maintain servers which can be used to host database or websites.
Cloud services can be accessed by any device that has Internet access and the software or app to do so.

Popular cloud services available to home users are:

● Dropbox
● SkyDrive
● GoogleDrive
● iCloud.

Users of these services see additional folders on their computer.

The folders look and behave like any other folder on the users computer.
Sub-folders can be created within them and files can be saved to the storage
space. Although they look local, in reality the folders exist on a cloud
server and are being accessed through the Internet.
Folders can be shared with other users who then also see all the same files and sub-folders as if they were
on their own computer systems.

Task 4 - How much storage do cloud companies offer users?

Select one of the four cloud companies shown above. For your selected company answer
the question below.
Q - How much free online storage will the company give you if you register with them?
Send the company name and amount of storage to your teacher in an e-mail.

15 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Comparison of Local versus Cloud

Businesses now have the choice of buying and installing their own
computer hardware and software, paying for network connections,
maintenance and updates, or they can use the ‘Cloud’. This means
they can rent equipment, software, storage facilities and access to the
Internet on a pay-as-you-go basis.

Advantages of buying into cloud computing:

Ÿ Users do not own the physical components of
their systems so have no large initial purchase
of expensive systems. The powerful servers
that provide the computing power are owned
by the cloud provider.
Ÿ Users pay for storage space on servers. They
decide how much they need and are able to
change their requirements when it suits them.
Ÿ Users can access a wide range of application
software that they need and only pay for
however long they use it. Software will not
require updates as new versions will be
upgraded by the cloud provider.
Ÿ Some users may not have the expertise to set up the facilities offered by a cloud provider. This is
often true of smaller companies who lack the expertise and large IT teams of larger businesses.
Ÿ Users are billed for either the time they spend using the service provided, or on a monthly/quarterly
basis. Knowing exactly how much they are spending each month can be financially beneficial to a
company.

Advantages of using local computing:

Ÿ The simple fact that cloud services are located on remote servers means that there will always be a
difference in speed compared to using local hardware resources. Local use is not limited by the
speed of the user’s Internet connection (bandwidth). Files will open and save faster and applications
will load far more quickly.
Ÿ Security concerns about hacking into online cloud storage areas mean that some users may prefer to
keep all their data within their building.
Ÿ Users may prefer an initial payment to purchase hardware and software rather than subscribing to a
monthly payment. A single payment may be cheaper in the long run.
Ÿ Cloud providers may not be able to offer the
precise set-up required by a user. Larger
companies will have their own IT specialist
capable of setting up a more personalised
version of what a cloud provider would offer.

ISDD 16
Networks, Security, Legality and the Environment

Security Risks
As computers have taken over a greater role in today’s society and technology has advanced,
opportunities for a different type of crime have been created. All networks need to have security
measures in place or they could be remotely accessed by a hacker.
A hacker is a computer enthusiast who spend lots of time and effort trying to gain
unauthorised access to a computer system. Hackers hack into systems for fun or
simply for the challenge. If they are malicious they may disrupt systems by
changing, deleting or copying data while others are deliberately intent on
defrauding companies. Millions of pounds are lost every year because of
computer fraud when hackers steal money electronically.
Nowadays a great deal of time, effort and money is spent attempting to make computer networks as
secure as possible from unauthorised access.
It is particularly important to make sure wireless networks are secure because wireless data can be easily
intercepted. Both wired and wireless networks should be password protected and the transferred data
encrypted to make sure only authorised people can access the network.

Hackers all over the world have been put in prison for illegally accessing computer systems. A British
man was charged with hacking offences in the USA for gaining unauthorised
access to Pentagon files.
A group calling themselves ‘Anonymous’ hacked into Facebook systems and
illegally obtained passwords and other personal information.

Malware
The term ‘Malware’ (Malicious Software) is used to describe
any piece of software which is malicious, or damaging to a
computer. Viruses, worms and trojan horses are some
examples of malware.

Viruses
A virus is a malicious piece of code which can cause damage to a computer system. It is a computer
program that attaches itself to programs and files on your computer.
You can tell when your computer has a virus as it starts doing unusual things. These include data going
missing, space being used up on your hard disk or simply your computer running slowly. If a computer
on a network has a virus, it can easily spread to the other computers through the network. A virus can
even cause a computer to break down by changing its voltage settings.
For a piece of computer code to be a virus is has to do two things:
1. create copies of itself to create a new file
2. attach itself to a file.

17 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Worms
A worm copies itself like a virus but it can not attach itself to a file. For this reason it is not technically
a ‘virus’ but it can have the same effect. They can quickly spread by ‘crawling’
through networks.
The most harmful worms reside in the computer’s memory only. They don’t save
any code to hard disks or any other type of backing storage. This means that when
you switch your computer off the worm is lost.

MS Blast was a famous worm which forced the user’s computer to run a
Windows Update. In just 24 hours, MS Blast spread onto some 120,000
computers around the world. It didn’t cause any harm to the user’s computer
but it crashed Microsoft’s systems because so many computers were attempting
to download the update at the same time. The teenage hacker who created MS
Blast was jailed for 18 months.

Trojans
A trojan is a program which can attach itself to a file but cannot self-replicate. It is a program which
looks harmless and tricks you into running it on your computer. It then carries out its
real task, for example displaying adverts on the desktop or installing unwanted toolbars.
The most common thing they do is open a ‘back door’ to give remote access to the
computer. It is named after the Trojan Horse story from classical history when the
Greek warriors hid inside a huge wooden horse to gain access to the city of Troy.

Note that the term ‘virus’ is often used loosely to cover Worms and Trojans too.

Task 5 - Researching infamous viruses

Search the Internet for “most famous computer viruses”.
Spend 15 minutes reading about the most infamous computer viruses, who created them,
what the viruses did to computer systems and the outcome of the story.
Type a short report on two of the viruses including the following information about each
virus…
Ÿ the year the virus was released
Ÿ who wrote the virus program
Ÿ what was the effect of the virus on computer systems
Ÿ was anybody prosecuted for creating and distributing the virus
Print out your report and hand it into your teacher.

ISDD 18
Networks, Security, Legality and the Environment

Spyware
Spyware is a type of malware which secretly monitors the user’s computer. These programs gather
information about you from your computer. This can be personal information or information about
the websites you have visited.
A keylogger is an example of spyware. The program detect the
keys a user presses on a keyboard. The ASCII code for each key is
identified and saved in a file which can then be analysed. It is most
commonly used by hackers to detect usernames, passwords and
credit card numbers.
Online games are especially targeted by hackers using keylogger
technology to detect usernames and passwords.

Phishing
Phishing is an attempt to get your personal information such as your login or bank details by
pretending to be, for example, a charity or claiming that you have won a prize. Phishing can use key
loggers, trojans, spyware and even ordinary e-mail to steal your personal information. If you are a
victim of phishing you may receive an email asking you to confirm your bank account details or a
password. The authors of Phishing e-mails spend a lot time ensuring that the e-mails look as
legitimate as possible.
Most companies would never ask for this information in an email so you should not reply to it.
Examples of fake emails:

19 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Online Fraud
Online fraud is the use of the Internet to commit crime for financial gain.
There are many types of online fraud…
● Bank and cheque fraud
● Charity donation fraud
● Government agency scams
● Holiday fraud
● Identity theft (see later)
● Loan scams
● Online shopping fraud

Identity Theft
This is when people steal your personal information such as bank account details. The information could
then be used to:
● shop online
● apply for a loan
● withdraw money from your account
● get a work permit to stay in a country
● pretend to be another person to rent a property
● and many more…
Keyloggers, trojans, spyware and ordinary email can be used to steal your identity.

There a number of ways your identity can be stolen:

● Criminal Identity Theft (posing as another person when arrested for
a crime)
● Synthetic Identity Theft (in which identities are completely or
partially fabricated)
● Identity Cloning (using another person’s information to assume
their identity in life)
● Medical Identity Theft (using another person’s identity to obtain
medical care or drugs)
● Child Identity Theft (occurs when a minor’s Social Security number
is used by another person for the imposter’s personal gain

To find out more access: www.actionfraud.police.uk/fraud_protection/identity_fraud

ISDD 20
Networks, Security, Legality and the Environment

Denial of Service (DOS) Attacks

This is a particularly nasty type of attack targeted mostly at large corporations that someone has a
grudge against. There are two main forms of Denial Of Service:
● Attacks that consume network
resources like processor time, disk
space, memory, network connections
and modems, that there are none left
for normal users.
● Attacks on a specific network Hacker DOS Attacks
resource, for example attacking and
disabling a server
Network
Router/Switch

Network
Servers
Network
Client PCs

Methods Used
Resource starvation
Bandwidth consumption
Hacking network software
Attacking the routers
Domain Name Server
(DNS) attacks
This means using up a network resource (server processor time,
network storage) so that real users can’t access it.
This means flooding the network with useless traffic. An example of
this is flooding an email server until it either crashes or denies email
services to legitimate users because its too busy.
If networking software like firewalls or operating systems are not
protected or have bugs in them, hackers can use these weaknesses to
crash servers.
Routers are vulnerable to PING (Packet INternet Groper) attacks
where bad data is sent.
This type of attack disrupts network access by causing the server to
keep looking for things that do not exist. This means that correct
requests are not dealt with.

Effects of Dos Attacks

Whichever method is adopted, the effects are clear: the attack disrupts use of the network and denies the
legitimate users access to the network services and resources, for example, email is not available, data
files can’t be accessed or Internet access is denied.

21 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Task 6 - Security Risks - Malware

Open the file called “N5 Malware Task”. Your teacher will tell you where to find it
Complete the task in the file.
Print the completed file and submit it to your teacher.

Task 7 - Security Risks

Using a suitable application, answer the following questions. You may have to research
some of the answers as not all the information can be found in the previous pages.
1. What happens to data when it is encrypted?
2. State one reason why criminals would wish to steal a user’s identity?
3. Who is responsible in the UK for tackling Computer Fraud?
4. Search for DOS attacks on the Internet and write a short summary of one infamous DOS
attack story.
5. State three features of the email below which are suspicious.

From: no_reply@emailonline.yourbank.com
Subject: Account Status
Dear Customer,
Due to recent activity on your account, we have issued the following
security requirements. For your security, we have temporarily prevented
access to your account. Bank of Scotland safeguards your account when
there is a possibility that someone other than you tried to sign on. You
may be getting this message because you signed in from a different
location or device. If this is the case, your access may be restored when
you return to your normal sign on method. For immediate access, you are
required to follow the instruction below to confirm your account in order
to secure your personal account informations.
Click To Confirm Your Account
Regards,Carter Franke
Chief Marketing Officer
CardMember Services

ISDD 22
Networks, Security, Legality and the Environment

Security Precautions
Passwords
The most common way of controlling access to a computer system or
network is to use a system of IDs (user names) and passwords.
You must be careful to use passwords that are hard to break. Favourite
bands, family names etc are all easily to hack.

Encryption
Encryption is a means of encoding/scrambling data using encryption keys. Today, very sophisticated
encryption keys are used involving carrying out calculations on the binary data. For an encryption key
to be effective it should take a computer many years to work out the decryption algorithm.

Message Received

Message Sent
HELLO
HZPMTFJQ@VLKQ HZPMTFJQ@VLKQ
HELLO

Message Message
Encrypted Decrypted

Encrypted Message Transferred

Subject: Hello H%?G* Subject:
Subject: Hello
Hello Subject: Hello

Encrypting and decrypting files is big business as companies and governments race to protect their
own information and access others. The article below discusses the building of a “quantum” computer
by the American government developed specifically to crack encryption keys.
Data is scrambled using an DataData is unscrambled
is scrambled using an(decrypted) Data is unscrambled (de
encryption on the proper receiver’s on the proper receiv
NSAkey (e.g. the
Seeks to access
Buildkey
Quantum encryption key
Computer Tocomputer (e.g.
Crack Most the access key
TypesPCof Encryption
(e.g. another computer (e.g. anothe
on a wireless home hub) on a wireless home hub)
In room-size metal boxes secure connected to the wireless hub)leaks, the American
against electromagnetic connected to the wirele
National Security Agency is racing to build an $80 million computer that could
break nearly every kind of encryption used to protect banking, medical,
business and government records around the world.
For the NSA's purposes, a quantum computer would be able to crack an
encryption key much more quickly than traditional computers. The standard encryption tool
today is called RSA and in 2009, it took hundreds of traditional computers nearly two years
to crack this 768-bit code. Typically, 1024-bit encryption keys are used for online banking,
medical, government and business records, which could take 1,000 times longer to crack.
The development of a quantum computer has long been a goal of many in the scientific
community, with revolutionary implications for fields such as medicine as well as for the
NSA’s code-breaking mission. With such technology, all current forms of public key
encryption would be broken, including those used on many secure Web sites as well as the
type used to protect state secrets.

23 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Firewall Software
Network managers keep their networks safe and secure by installing firewall software or firewall
hardware. Firewalls help prevent unauthorised access to computers by stopping hackers accessing
private information stored on computers.
Network
Firewall software or hardware can allow us Hacker
Client PCs
to block the IP address of a computer we
think might be trying to access our
computers illegally. Network
Servers
Anyone who gains unauthorised access to a Internet
computer system is breaking the Computer
Misuse Act.

Firewall
Software/Hardware

Biometric Systems
Biometrics is the science and technology of measuring and analysing
biological data.
In computing, biometrics refers to technologies that measure and analyse
human body characteristics, such as DNA, fingerprints, eye retinas and
irises, voice patterns, facial patterns and hand measurements, for
authentication purposes.
Biometrics systems can be used to limit access to computer rooms or computer systems.
Ÿ Retina & iris recognition
The person’s unique retina and/or iris are recognized using a
biometric sensor. If the unique pattern in their eye is recognised
the person is allowed access to the computer room.
Ÿ Fingerprint recognition
Every person’s fingerprint patterns are different.
By reading the fingerprint with a scanner that reads
key points in the pattern the user may be recognised.
Ÿ Face recognition
Face recognition uses biometric sensor to map landmarks (nodal
points) on the users face. Examples of landmarks are:
Distance between the eyes
Width of the nose
Depth of the eye sockets
The shape of the cheekbones
The length of the jaw line
These measurements are converted to numerical values which are stored in a database

The advantage of using biometric systems for security is that it is much harder to forge a fingerprint or
retina pattern than it is to hack to system that relies on passwords or PIN numbers. Additionally, there is
no need for the user to remember passwords.

ISDD 24
Networks, Security, Legality and the Environment

Anti-Virus Software
Anti-virus software is used to prevent computer viruses from damaging computer systems. It locates the
virus program code and then quarantines (locks it away from the rest of the system) and deletes it.

There are many anti-virus programs available but they all operate in similar ways. Virus scans are
performed as often as the user requires (hourly, daily weekly) by changing settings in the program. At
regular intervals, the software will download ‘definitions’ of new viruses, allowing the software to keep
up-to-date with the latest threats.

Security Suites
Nowadays companies selling security software offer more than just anti-virus software. The following
packages may come bundled as a Security Suite:
Ÿ Antivirus protection
Ÿ Firewall
Ÿ Spamkiller
Ÿ Spyware protection
Ÿ E-mail protection
Note that security software is often sold as a time-limited licence, usually for one year. This forces
customers into an annual payment if they wish to keep their computer systems protected.

Task 8 - Internet Security Suites

On the Internet search for the top selling Internet security suites and select one.
For your selected suite write a short report using the following headings.
Ÿ Name of suite
Ÿ Price
Ÿ Length of licence
Ÿ List of main features
Ÿ Detailed description of 2 features

25 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Legal Implications Relating to Computing

The National 5 course requires that pupils are aware of the basic principles of the following laws:
Ÿ Data Protection Act
Ÿ Computer Misuse Act
Ÿ Copyright, Designs and Patents Act
Ÿ Communications Act

The Data Protection Act 1998

The data protection Act was first introduced to protect the rights
of anybody who has their personal information stored on a
computer system.
Within the act:
Ÿ Data Subjects are the people who data is stored about.
Ÿ Data Users are the companies or organisations (clubs,
charities etc) who are using the subjects’ data.
Ÿ Data Registrars are government appointed individuals who
maintain a list of who is storing what data. All companies
who store personal data must register with the data registrar.

The 8 principles of the Data Protection Act are:

1. Data is processed fairly and lawfully
This requires that data is not used for any criminal activity such as fraud, identification theft etc.
2. Data is obtained for specified and lawful purposes
Subjects must be assured that data users have legitimate grounds for collecting and using the personal
data and only collect relevant data.
3. Data stored is adequate, relevant and not excessive
Customers must be assured that you hold personal data about them that is sufficient for the purpose
you are holding it for in relation to that individual.
4. Data is always accurate and up to date.
Subjects must be assured that their data is accurately stored as inaccuracies could affect them
negatively. For example a wrongly recorded debt could lead to a poor credit rating and a loan being
refused.
5. Data is not kept any longer than necessary
Subjects data is deleted or removed after it has not been used for a set period of time. For example a
survey that collects personal data would have to delete the original data once the survey is complete.
6. Data is processed in accordance with the data subject’s rights
Customers have a right of access to a copy of the information comprised in their personal data
(although data users are allowed to charge a small administration fee for this service)
7. Data is securely stored
Data users must insure that data is held in a secure location, with security in place to prevent access
by unauthorised personnel.
8. Data is not transferred to another country without similar data protection legislation.
Data users must be assured that their data will not be passed to countries without adequate security in
place to meet the principles of the UK’s data protection laws.

ISDD 26
Networks, Security, Legality and the Environment

The Computer Misuse Act 1990

This legislation makes it illegal to misuse computers to perform the
following actions:
Ÿ Unauthorised access to computer material

Commonly known as ‘hacking’, the act of using software and

hardware to access data without permission is made illegal by the
Computer Misuse Act.
Hackers often delete, steal or alter the data they access but by
then the crime has already been committed as they have already
gained access to the data unlawfully.

Ÿ Unauthorised access with intent to commit or facilitate commission of further offences

The act states that if the hacker accesses protected data so that they can use the data for illegal
purposes (selling data on, fraud, bribery etc) they may also be charged under the act.

Ÿ Unauthorised acts with intent to impair the operation of computer systems

There may be several examples of how this part of the law could be broken:
Deliberately crashing a website by overloading the host server (DOS attacks).
Deliberately spreading viruses (creating a virus does not break the law).

Famous Hackers and Hacks - Albert "segvec" Gonzalez

In 2009, Albert Gonzalez pleaded guilty to
hacking into numerous companies'
computer systems in connection with the so-called TJX identity
theft ring. The group that Gonzalez was a part of stole 36 million
credit card numbers from TJX, which owns TJ Maxx and other
large stores, although 70 percent or so of these cards were
expired. Still, the costs to the companies responding to the attacks
were immense; TJX alone spent more than $170 million.
What's particularly strange about Gonzalez's case is that for years
he worked as an informant for the secret service, providing information on other credit
card thieves. However, by continuing and even expanding his criminal behaviour, he left
himself open to prosecution and was eventually sentenced to 20 years in prison. Several
other men also were sentenced to prison time for their participation in the ring, although
Gonzalez's sentence remains the longest ever handed down to a hacker in the United
States.
Albert Gonzalez sent the data he stole to the TJX ring's mastermind, Maksym "Maksik"
Yastremskiy. He was sentenced to 30 years in prison by Turkish authorities in 2009.

27 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Copyright, Designs and Patents Act 1988

The Copyright, Designs and Patents Act 1988, is the current UK
copyright law. It gives the creators of literary, dramatic, musical and
artistic works the right to control the ways in which their material
may be used. The rights cover: Broadcast and public performance,
copying, adapting, issuing, renting and lending copies to the public.
In many cases, the creator will also have the right to be identified as
the author and to object to distortions of his work.
Copyright arises when an individual or organisation creates a work,
and applies to a work if it is regarded as original, and exhibits a
degree of labour, skill or judgement.
The act covers works rather than ideas. For example, your idea for a book would not itself be
protected, but the actual content of a book you write would be. In other words, someone else is still
entitled to write their own book around the same idea, provided they do not directly copy or adapt
yours to do so.
Names, titles, short phrases and colours are not generally considered unique or substantial enough to be
covered, but a creation, such as a logo, that combines these elements may be.
Normally the individual or collective who authored the work will exclusively own the rights. However,
if a work is produced as part of employment then normally the work belongs to the person/company
who hired the individual.
Only the owner, or his exclusive licensee can bring proceedings in the courts against an infringement.

A few examples of infringements of the CD&P Act relating to computing are listed below:
Ÿ Copy a single copy of software onto multiple machines without buying additional licences.
Ÿ Download works (music, films etc) from the Internet without the owner’s permission to use it
Ÿ Put software you do not own, including shareware you have not paid for, onto any machine
Ÿ Copying works and distributing them to other people

A DVD Copying Bit Torrent Software - used to illegally download film,

Machine music software, books etc

ISDD 28
Networks, Security, Legality and the Environment

The Communications Act 2003

This act deals with abuses of telecommunication (phonelines, Wi-Fi,
mobile phone network), television, broadcasting and postal services.
Offences related to Computing are listed below:
Ÿ Dishonestly obtaining electronic communications services:

Using someone’s Internet services (usually Wi-Fi) without

permission.
This is an offence as the perpetrator is stealing a service that
another user is paying for.

Cloning a mobile phone.

This involves copying the phone’s SIM card. The copy is then inserted into another phone. The
owner of the original SIM will subsequently end up paying the bill for both phones. Often cloned
phones are sold to people who wish to make international calls so the bills may be huge.

Ÿ Possession of equipment used to dishonestly obtain communications services:

Examples of this could be owning software using to illegally connect to password protected Wi-Fi
hotspot or owning hardware used to copy phone SIMs.

Ÿ Improper use of a public electronic communications network:

Sending a message of a grossly offensive, indecent, obscene or menacing nature.

This could apply to an e-mail, text message or even a social network post.

Sending a message that is deliberately designed for the purpose of causing annoyance, inconvenience
or needless anxiety to another.
This relates to ‘trolling’/‘stalking’ on social networking sites or again could relate to e-mail or texts.

Mobile Firms Bleed Billions to Fraud

Mobile phone firms are losing $58bn (£36bn) a year worldwide to billing
errors and fraud, a report says.
The report identifies 12 different types of mobile fraud:
Ÿ Subscription fraud is regarded as the biggest threat and sees fraudsters activating
accounts either using false details or stolen IDs.
Ÿ SIM card cloning is also a big problem, and in South Africa there have even been
cases of people stealing SIM cards from smart traffic lights.
This fraud can lead to losses of up to 90% on international call revenues. One single
fraudulent SIM card on a network can lose an operator in excess £1,885 a month and these
operations usually use thousands of cards.

29 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Task 9 - Legal Implications

Using a suitable application, answer the following questions for each of the scenarios given:
Has a law has been broken?
Which Act has been broken?
Explain what aspect of the Act has been broken.

a) Steve has ‘chipped’ his Sky HD box so he doesn’t have to pay for movies or sport.
b) The owners of Rockbuster Video are reviewing their computer records of the last 15
years and discover account details of customers who have not been video club
members for 10 years.
c) John has downloaded a copy of the new Hobbit film from the Internet. He makes
several copies and sells them to the public at a car boot sale.
d) Tracy is on holiday in London. While sitting in her holiday home she connects to the
neighbours unlocked Wi-Fi connection.
e) David knows his friend’s Facebook login details. He logs in and adds inappropriate
comments on his friend’s page causing him to be banned by Facebook.
f) Jean-Michelle buys a multiple DVD copying machine. Tomorrow he will start
copying films to sell on his website.
g) Barry is opening a new restaurant and surveys passers-by in the High Street about
what food they would like to see in his new place. He records their personal details
and hopes that he can use the survey data to send advertising flyers to them later.
h) Niander receives a threatening e-mail from a customer. She responds saying that she
has posted the e-mail on facebook and invited Internet Trolls to tell the customer what
they think of the threatening e–mail.
i) Jean has been sent a reminder letter for a bill she’s sure she paid two weeks earlier.
She asks the company for a printout of her account but they refuse, saying they do not
have the available staff to print out the details.
j) Matthew has just launched his new Gamers website for Minecraft enthusiasts. The
homepage of the website contains an animated introduction containing the Foo
Fighters song “Pretender”.
k) Kula uses a bit-torrent website to download the Christmas special of Dr Who onto his
iPod. He tells his friends that this is not against the law as the episode is available for
free on BBC iPlayer.
l) Penny is unhappy with a comment her teacher made on a recent report. While the
teacher is dealing with an unruly pupil Penny uses the teachers computer to access her
report and change the comment.

E-mail your answers to your teacher.

ISDD 30
Networks, Security, Legality and the Environment

Health and Safety Regulations

Employers have a responsibility to ensure that computer users can safely use a computer system without
a detrimental affect on their health.
These responsibilities include:
Ÿ Monitors - Providing workstation users with tilt and swivel, anti-glare
monitors to avoid eye and neck strain.
Ÿ Keyboards - Providing workstation users with adjustable keyboards
with clearly defined characters and enough space in front to provide
wrist support.
Ÿ Chairs - Providing workstation users with fully adjustable chairs to
allow users to sit comfortably to prevent back strain.
Ÿ Environment - Providing an environment which has appropriate desk
space, is spacious enough and has appropriate lighting to avoid eye
strain.

The law relating to health and safety issues for work with computers is contained in the Health and
Safety (Display Screen Equipment) Regulations 1992.
In addition to providing a healthy working environment, employers are also responsible for:
Ÿ Conducting a risk assessment (measuring length of time at workstations, assessing equipment use).
Ÿ Providing free eye exams for staff who continually use computer systems.
Ÿ Providing training in correct computer use (posture, positioning of equipment, the importance of
regular short breaks, how to use a mouse)

Health problems associated with working with computers include:

Ÿ Repetitive strain injury (RSI)
Pain from muscles, nerves and tendons caused by repetitive movement and overuse. The condition
mostly affects parts of the upper body, such as the forearm, elbow, wrist, hands, neck and shoulders,
and may also cause stiffness and swelling.
Ÿ Eye strain
Eye strain is a condition that manifests itself through symptoms such as fatigue, pain in or around the
eyes, blurred vision, headache and occasional double vision. Symptoms often occur after reading,
computer work, or other close activities that involve tedious visual tasks.
Ÿ Back pain
These problems relate to users being crouched and hunched
towards the monitors and computer components due to the design
and positioning of these peripherals. This can cause severe and
acute pain in the upper back, particularly pain in the neck and or
shoulders.
Ÿ Computer Related Stress
Symptoms of stress caused by computer use include getting tight
shoulders whilst sat at the computer, having a fuzzy and unclear
mind (not able to think clearly) and getting angry at computer
crashing or losing your data.

31 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Environmental Impact
Manufacturers of electronic devices are becoming more responsible for the impact their
products have on the environment.

The Carbon Footprint of IT Equipment

The definition of a carbon footprint can be described as:
“The total set of greenhouse gases emitted by a device, a person or an organisation.”

Greenhouse gases such as carbon dioxide and methane are harmful to the earth.
The process of creating and storing electricity produces a great deal of carbon
dioxide, which is a greenhouse gas, therefore, any device which uses electricity
(even in battery form) will contribute to the problem and have a ‘carbon footprint’.
The carbon footprint of an organisation can include the amount of electricity it
uses, the amount of toxic waste it produces and the amount of waste it sends to
landfill sites.

To reduce carbon footprints, manufacturers of electronic devices need to consider how much energy
their products will use. “Green” devices are devices which use low levels of electricity.
Computer users can reduce their carbon footprint by:
Ÿ Buying green computers and peripherals
Ÿ Switching off computers when they are not in use
Ÿ Setting computers, monitors, hard disk drives and peripherals to energy saving modes

ISDD 32
Networks, Security, Legality and the Environment

The Energy Usage of IT Equipment

Office equipment is the fastest growing energy user in the business world,
consuming 15% of the total electricity used in offices.
There are also associated costs which are often overlooked, specifically
increasing cooling requirements to overcome the additional heat computer
equipment produces.

In addition to economic benefits, there are social and

environmental advantages to reducing energy consumption,
such as preserving fossil fuel supply and minimising climate
change.
Around 66% of the energy consumed by office equipment is
attributed to computers (PCs and monitors) however, all
office equipment is a potential source of energy waste.

The Disposal of IT equipment

Electronic rubbish and computer equipment in particular, is rapidly expanding as
low prices allow consumers to replace "gadgets" often. Rapid technological
change means there are always newer, better and more powerful products on the
market leading to fast replacement of products by consumers.
Why is it important to recycle computer equipment?
Also known as e-waste, discarded computer equipment comprises monitors, printers, hard drives and
circuit boards. Such items should not be thrown out with your household rubbish because they contain
toxic substances and are effectively hazardous waste.

What’s in My PC?
Material Proportion
Plastic 23%
Ferrous metals 32%
Non-ferrous metals 18%
Electronic boards 12%
Glass 15%

Under European Law, manufacturers have a legal responsibility to comply with the Waste Electrical and
Electronic Equipment Directive.

33 Created by Mr A. Kerr, Buckhaven High School - July 2013

 Networks, Security, Legality and the Environment

Recycling of Computer Equipment

Many materials used in computer hardware can be recovered by recycling
for use in future production. Reuse of tin, silicon, iron, aluminium and a
variety of plastics that are present in bulk, in computers or other
electronics can reduce the costs of constructing new systems. Components
frequently contain lead, copper, gold and other valuable materials suitable
for reclamation.
The UK Government is required to offer recycling facilities to companies
under European law.

Disposing of Data
Under the Data Protection Act, organisations have to ensure that data is kept for no longer than is
necessary. When data is no longer required it should be destroyed or deleted to prevent it from being
accessed.
This is not a simple as deleting the files. When files are deleted, the operating system changes it’s file
index to mark the blocks on the hard disk as being empty. The data in the file remains there until another
file is written over the top of it. Deleted files can be easily recovered by recovery programs.

According to most governments and standards organizations, there are only three effective methods of
erasing a hard drive:
Ÿ Erase the hard drive using free data destruction software
By far, the easiest way to completely erase a hard drive is to use free data destruction software,
sometimes called hard drive eraser software or disk wipe software.
Regardless of what you call it, a data destruction program is a piece of software designed to overwrite
a hard drive so many times, and in a certain way, as to make the ability to extract information from
the drive nearly impossible.
Ÿ Use a Degausser to erase the hard drive
Another way to permanently erase a hard drive is to use a degausser to
disrupt the magnetic domains on the drive - the very way that a hard
drive stores data.
Ÿ Physically destroy the hard drive
Physically destroying a hard drive is the only way to absolutely and forever ensure that the data on it
is no longer available. Just as there is no way to extract the written information from a burned piece of
paper, there is no way to read the data from a hard drive that is no longer a hard drive.
You can destroy a hard drive yourself by nailing or drilling through it several times, making sure the
hard drive platter is being penetrated each time. In fact, any method of destroying the hard drive
platter is sufficient including sanding the platter after being removed.

ISDD 34
Networks, Security, Legality and the Environment

Task 10 - Disposal Task

Using what you have learned and the world wide web state:
● Why each of the devices below should be disposed of correctly (in other words what
danger do they pose to the environment)?
● What could be recycled from each device?

A Cathode Ray Tube

(CRT) monitor

A Flatbed
Scanner

An Empty Laser
Printer Cartridge

E-mail your answers to your teacher.

35 Created by Mr A. Kerr, Buckhaven High School - July 2013