Scribd Logo
Upload

Welcome to Scribd!

  • LKW Network Threats

    Uploaded by

    Scott Descombe
    10 views18 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views18 pages

    LKW Network Threats

    Uploaded by

    Scott Descombe

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    GCSE Systems software

    OCR and
    Security
    Computer Science
    J276 Unit 3
    System Security

    1
    Objectives
    • Understand threats to a computer system and what
    they are targeting.

    • Explain the different threats that can effect a system

    • Discuss ways to protect a system from threats.


    The CPU
    Unit 1 Systems architecture, memory and storage

    Silent Starter
    Name the vulnerability!

    Malware Phishing Hacking


    Intrusive software like Exploits weaknesses in a computer Exploits weaknesses in a
    computer viruses and system. computer system.
    Trojan Horses. Prevent with encrypting personal Prevent with firewall, changing
    Prevent with Anti-Virus / data and not following suspicious passwords, not opening
    Malware Software email links suspicious emails or using anti-
    spyware
    The CPU
    Unit 1 Systems architecture, memory and storage

    What are threats


    Threats are types of software or human interference
    that cause lose of data, or access to information that
    should not be seen.

    These are all big risks to companies and individuals


    where it can cause them to loose important
    information, and in some cases even loose money.
    The CPU
    Unit 1 Systems architecture, memory and storage Malware
     

    Activity
    Phishing 

    Social Engineering

    Time – <10mins Brute Force Attack

    Denial of service attacks


    You have a worksheet in front of you,  
    with the main threats written on it. SQL Injection

    Network Policy
    Each of you on your pod will be
    responsible for one threat. Extension: Fill the second
    table about other non-
    You need to research; listed threats
    Help box:
    • What the threat is http://www.teach-ict.com
    /2016/GCSE_Computing/
    OCR_J276/1_6_network_s
    • What it effects ecurity/network_threats/
    miniweb/index.php
    • How to protect against it
    The CPU
    Unit 1 Systems architecture, memory and storage

    Student Teacher
    • You now need to teach the rest of your group about
    the threat you were given
    • The rest of the group MUST complete the table at
    the same time Malware
     
    Phishing 

    Social Engineering

    Brute Force Attack

    Denial of service attacks


     
    SQL Injection

    Network Policy
    The CPU
    Unit 1 Systems architecture, memory and storage

    Malware
    Malware is the correct name for ALL forms of Virus.
    The aim of the virus is to infect your computer and
    start to replicate itself across your hard drive to make it
    difficult to remove.
    Viruses are usually spread through attachments in
    email, downloads from suspicious websites or by
    connecting to a infected computer with a memory
    stick.
    Anti Virus software will protect against most Malware.
    The CPU
    Unit 1 Systems architecture, memory and storage

    Phishing
    Phishing is a type of fraud that happens online.
    Emails will be sent where the sender is trying to make
    the read feel sorry for them, or think that they are a
    respectful business man.
    They will ask for bank details, or personal information
    in order to take money or steal their identity.
    You should never click a link from a suspicious email,
    and always check the email address to see if it is
    believable.
    The CPU
    Unit 1 Systems architecture, memory and storage

    Human Error
    On average, people have more than 25 accounts where
    they need to log in with a password.

    However the average person only has 3-4 different


    passwords, because of this, if one account gets lost,
    many of their other accounts can become a hijacked.
    People can also loose information, or even hardware
    such as laptops which have important information
    present.

    http://www.bbc.co.uk/news/technology-37431335
    Brute Force Attacks
    Brute force attacks are a form of hacking where the
    user tries to guess a password by entering in different
    combinations of letters, words and symbols.
    A program will make use of a collection of the most
    commonly used passwords and attempt to log in using
    that.

    Password Checker

    Brute Force
    The CPU
    Unit 1 Systems architecture, memory and storage

    Denial Of Service attacks(DoS)


    Denial of Service attack is a threat where a website or
    service is shut down.
    A user causes a website to get thousands of “Pings” per second,
    where each ping looks like a user visiting the website.

    This causes the website to be either extremely slow, or


    crash due to the increased traffic.
    Think of a door being a normal website, then push a
    few thousand students through it, people will get stuck,
    and a lot of people will end up waiting due to the
    traffic.
    Data Interception
    Data Interception is a form of attack where a user
    collects data as a user is entering or using it.
    This includes watching someone enter their PIN, entering a
    password.

    This can also happen if a user creates a Wi-Fi hotspot


    without a password, people who connect to it have to
    send their information to their device first before
    connecting to the internet.
    The data can then be read and stored, including important
    information such as Usernames and Passwords
    The CPU
    Unit 1 Systems architecture, memory and storage

    SQL Injection
    SQL Injection is a method of taking advantage of poor
    security or poorly written code in websites.
    When you log into a computer you have to enter a User name and
    password.
    A computer will then return True or False (1 or 0) if the
    user name or password has been accepted.

    Some systems however will allow access if a user enters 1=1 or 1


    into the username and password box as the system thinks it has
    already checked and returned a True value, bypassing the log in
    screen.
    Bad Network policies
    Some security problems can simply down to bad Network policies,
    because of poor management by the network admin.
    These can include;
    • Poor standard of Password requirements
    • Not changing a password after a set amount of time
    • Giving users too much privilege to access restricted files
    • Allowing users to install programs that could be infected with
    malware
    8 Questions in 5 Minutes
    • Elect one runner from your pod
    • Elect one scribe from your pod
    • The runner is the only person allowed out their seats
    • Each pod will be given a team colour
    • The runner must collect the correct coloured paper
    each time they get a question
    • The team must decide an answer. The scribe must
    write in full sentences on lined paper
    • The runner will bring the paper to me then collect
    another question.
    • ONE question at a time. Cheating = disqualification
    Plenary
    The CPU
    Unit 1 Systems architecture, memory and storage

    A form of hacking where the user tries to guess a password by


    Malware entering in different combinations of letters, words and symbols.
      Prevent with a very strong password.

    Any hostile or intrusive software - including computer virus’ and


    Phishing  spyware. Prevent with Anti-virus software

    Attacks that target people rather than hardware or software, such as


    bribing a user to break their company's network policy and provide
    Social Engineering
    personal data.

    A type of fraud that happens online. Prevent by not clicking and


    Brute Force Attack
    following the links.

    A method of taking advantage of poor security or poorly written


    Denial of service attacks code in websites. Prevent by having strongly coded websites.

    Poor management by the network admin. Prevent by encouraging


    SQL Injection
    users change their passwords regularly.
    When a user causes a website or service is shut down. Prevent with
    an Emergency Operating Procedures (EOP) and making sure
    Network Policy
    administrators know configuration details.
    The CPU
    Unit 1 Systems architecture, memory and storage

    Plenary - Answers
    Malware Any hostile or intrusive software - including computer virus’ and
      spyware. Prevent with Anti-virus software
    A type of fraud that happens online. Prevent by not clicking and
    Phishing 
    following the links.
    Attacks that target people rather than hardware or software, such as
    Social Engineering bribing a user to break their company's network policy and provide
    personal data.
    A form of hacking where the user tries to guess a password by
    Brute Force Attack entering in different combinations of letters, words and symbols.
    Prevent with a very strong password.

    When a user causes a website or service is shut down. Prevent with


    Denial of service attacks an Emergency Operating Procedures (EOP) and making sure
    administrators know configuration details.

    A method of taking advantage of poor security or poorly written


    SQL Injection
    code in websites. Prevent by having strongly coded websites.
    Poor management by the network admin. Prevent by encouraging
    Network Policy
    users change their passwords regularly.

    You might also like