1.3 Networks, Connections & Protocols - Identifying & preventing vulnerabilities, Slides of Computer science

GCSE Computer Science (9-1) - OCR J277

Typology: Slides

2021/2022

Available from 10/26/2022

UKComputerScienceGuides
UKComputerScienceGuides 🇬🇧

26 documents

1 / 32

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Network Security: Lesson 4
Identifying &
Preventing Vulnerabilities
Starter:
Are these statements True or False?
Due to a hack, 25 million user accounts were compromised on the Sony PlayStation Network.
It takes only up to 10 minutes to crack a lowercase password that is 6 characters long.
An 8 character password with a few uppercase letters takes 3 years to crack.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20

Partial preview of the text

Download 1.3 Networks, Connections & Protocols - Identifying & preventing vulnerabilities and more Slides Computer science in PDF only on Docsity!

Network Security: Lesson 4

Identifying & Preventing Vulnerabilities Starter: Are these statements True or False?

  • Due to a hack, 25 million user accounts were compromised on the Sony PlayStation Network.
  • It takes only up to 10 minutes to crack a lowercase password that is 6 characters long.
  • An 8 character password with a few uppercase letters takes 3 years to crack.

Network Security: Lesson 4 Identifying & Preventing Vulnerabilities Starter: Are these statements True or False?

  • Due to a hack, 25 million user accounts were compromised on the Sony PlayStation Network. (TRUE)
  • It takes only up to 10 minutes to crack a lowercase password that is 6 characters long. (TRUE)
  • An 8 character password with a few uppercase letters takes 3 years to crack. (FALSE)

Network Security: Lesson 4 & 5 Exam Question To be completed at the end of the lesson

Network Security: Lesson 4 & 5 Testing

  • Penetration testing is the practice of deliberately trying to find security holes in your own systems
  • The goal of testing is to:
    • identify the targets of potential attacks
    • identify possible entry points
    • attempt to break in
    • report back the findings

Network Security: Lesson 4 & 5 Black- and White-Box Testing

  • In black box testing, testers are given no more information than any potential hacker may have
  • In white box testing, testers are given as much information as an ‘insider’ may have, in order to determine how much damage a rogue employee could do to a system

Network Security: Lesson 4 & 5 Password Protection….?

  • How many different passwords do you have for different applications?
  • How secure are they?
  • What guidelines would you suggest for choosing a secure password that cannot easily be hacked?
  • The most commonly used password is “password1”

Network Security: Lesson 4 & 5 Setting Secure Passwords

  • Use a minimum of eight characters
  • Use a mixture of numbers, lowercase and uppercase characters
  • Include symbols such as &, !, #, %
  • Do not include your name, DOB or personal details
  • Create a password based on a memorable phrase and exchange letters for numbers or symbols e.g. Brdu8#Jw4g Modern automated hacking tool can quickly guess passwords of up to 10 characters!

Network Security: Lesson 4 & 5 Whilst you’re watching the following video Task 2: Video Questions

  1. A hacker tries to destroy a system through finding its flaws. TRUE or FALSE?
  2. What is Computer Hacking defined as in the video?
  3. Give 3 types of people that may want to hack, and explain their justification
  4. All hacking involves creative problem solving. TRUE or FALSE?
  5. Is hacking morally wrong? Explain your answer.

Network Security: Lesson 4 & 5 Task 2: Video Questions

  1. A hacker tries to destroy a system through finding its flaws. TRUE or FALSE?
  2. What is Computer Hacking defined as in the video?
  3. Give 3 types of people that may want to hack, and explain their justification
  4. All hacking involves creative problem solving. TRUE or FALSE?
  5. Is hacking morally wrong? Explain your answer.

Network Security: Lesson 4 & 5 Ethical Hacking

  • Hackers can be split into different camps based on their motives
  • Traditionally, the media focuses on black-hat hackers with criminal intent
  • ‘White-hats’ are ethical hackers , employed to put their expertise to good in finding system vulnerabilities before the ‘black-hats’ abuse them - They are usually employed by companies or security firms - In 2014, hundreds of ‘white-hats’ shared £840,000 in rewards for spotting and reporting Facebook security flaws

Network Security: Lesson 4 & 5 Grey-Hat Hackers

  • Grey-hats’ fall somewhere in between black and white hats
  • Grey hats will frequently seek out system vulnerabilities without authorisation from the system owners
  • Any flaws they find may either be reported for a ‘ransom’ fee or broadcast on the Internet without actually doing anything to take advantage of the flaws themselves - Is this legal? - Is this ethical?

Network Security: Lesson 4 & 5

Exam Question

Network Security: Lesson 4 & 5 Audit Trails

  • Audit trails are useful for maintaining security and for recovering lost data
  • Data that is commonly recorded can tell you:
    • Who attempted access? – Usernames and IP addresses
    • What did they do? - Download, view, delete or modify data
    • Where did they look? – Which computers were accessed?
    • When did they do it? – Creates a timeline of events
    • Why did they do it? – Motives may begin to emerge

Network Security: Lesson 4 & 5 Network Forensics

  • Similar to police forensics
  • Network administrators can use audit trail data to solve data mysteries
    • This can identify data leaks and prevent security attacks
    • An intrusion detection system can and alert administrators in real-time