Download 1.3 Networks, Connections & Protocols - Identifying & preventing vulnerabilities and more Slides Computer science in PDF only on Docsity!
Network Security: Lesson 4
Identifying & Preventing Vulnerabilities Starter: Are these statements True or False?
- Due to a hack, 25 million user accounts were compromised on the Sony PlayStation Network.
- It takes only up to 10 minutes to crack a lowercase password that is 6 characters long.
- An 8 character password with a few uppercase letters takes 3 years to crack.
Network Security: Lesson 4 Identifying & Preventing Vulnerabilities Starter: Are these statements True or False?
- Due to a hack, 25 million user accounts were compromised on the Sony PlayStation Network. (TRUE)
- It takes only up to 10 minutes to crack a lowercase password that is 6 characters long. (TRUE)
- An 8 character password with a few uppercase letters takes 3 years to crack. (FALSE)
Network Security: Lesson 4 & 5 Exam Question To be completed at the end of the lesson
Network Security: Lesson 4 & 5 Testing
- Penetration testing is the practice of deliberately trying to find security holes in your own systems
- The goal of testing is to:
- identify the targets of potential attacks
- identify possible entry points
- attempt to break in
- report back the findings
Network Security: Lesson 4 & 5 Black- and White-Box Testing
- In black box testing, testers are given no more information than any potential hacker may have
- In white box testing, testers are given as much information as an ‘insider’ may have, in order to determine how much damage a rogue employee could do to a system
Network Security: Lesson 4 & 5 Password Protection….?
- How many different passwords do you have for different applications?
- How secure are they?
- What guidelines would you suggest for choosing a secure password that cannot easily be hacked?
- The most commonly used password is “password1”
Network Security: Lesson 4 & 5 Setting Secure Passwords
- Use a minimum of eight characters
- Use a mixture of numbers, lowercase and uppercase characters
- Include symbols such as &, !, #, %
- Do not include your name, DOB or personal details
- Create a password based on a memorable phrase and exchange letters for numbers or symbols e.g. Brdu8#Jw4g Modern automated hacking tool can quickly guess passwords of up to 10 characters!
Network Security: Lesson 4 & 5 Whilst you’re watching the following video Task 2: Video Questions
- A hacker tries to destroy a system through finding its flaws. TRUE or FALSE?
- What is Computer Hacking defined as in the video?
- Give 3 types of people that may want to hack, and explain their justification
- All hacking involves creative problem solving. TRUE or FALSE?
- Is hacking morally wrong? Explain your answer.
Network Security: Lesson 4 & 5 Task 2: Video Questions
- A hacker tries to destroy a system through finding its flaws. TRUE or FALSE?
- What is Computer Hacking defined as in the video?
- Give 3 types of people that may want to hack, and explain their justification
- All hacking involves creative problem solving. TRUE or FALSE?
- Is hacking morally wrong? Explain your answer.
Network Security: Lesson 4 & 5 Ethical Hacking
- Hackers can be split into different camps based on their motives
- Traditionally, the media focuses on black-hat hackers with criminal intent
- ‘White-hats’ are ethical hackers , employed to put their expertise to good in finding system vulnerabilities before the ‘black-hats’ abuse them - They are usually employed by companies or security firms - In 2014, hundreds of ‘white-hats’ shared £840,000 in rewards for spotting and reporting Facebook security flaws
Network Security: Lesson 4 & 5 Grey-Hat Hackers
- Grey-hats’ fall somewhere in between black and white hats
- Grey hats will frequently seek out system vulnerabilities without authorisation from the system owners
- Any flaws they find may either be reported for a ‘ransom’ fee or broadcast on the Internet without actually doing anything to take advantage of the flaws themselves - Is this legal? - Is this ethical?
Network Security: Lesson 4 & 5
Exam Question
Network Security: Lesson 4 & 5 Audit Trails
- Audit trails are useful for maintaining security and for recovering lost data
- Data that is commonly recorded can tell you:
- Who attempted access? – Usernames and IP addresses
- What did they do? - Download, view, delete or modify data
- Where did they look? – Which computers were accessed?
- When did they do it? – Creates a timeline of events
- Why did they do it? – Motives may begin to emerge
Network Security: Lesson 4 & 5 Network Forensics
- Similar to police forensics
- Network administrators can use audit trail data to solve data mysteries
- This can identify data leaks and prevent security attacks
- An intrusion detection system can and alert administrators in real-time