Student Workbook

Your Name: Dimi Ogunleye Class: 10.25

© Nichola Wilkin Ltd 2020 Page 1

www.nicholawilkin.com
 Knowledge Checklist
Before you start, please tick the areas you are already confident in.
Once you have worked through ALL of this workbook (including
those areas you are already familiar with) go through the checklist
again and tick the areas you now feel confident in and which areas
you still need to work on.

I am confident
I am confident now I have I still need to
before I start completed work on this
this workbook this workbook area
Threats to computer systems and
networks:
✔

Malware
Social engineering (e.g. phishing,
people as the ‘weal point’)
Brute-force attacks

Denial of service attacks

Data interception and theft ✔

The concept of SQL injection

Common prevention methods: ✔

Penetration testing

Anti-malware software ✔

Firewalls

User access levels ✔

Passwords ✔

Encryption ✔

Physical security ✔

© Nichola Wilkin Ltd 2020 Page 2

www.nicholawilkin.com
 Table of Contents
Knowledge Checklist ............................................................................................... 2
What is network security? ........................................................................................ 4
Forms of attack ..................................................................................................... 4
Threats posed to networks ...................................................................................... 7
Hackers and crackers .......................................................................................... 8
Malware ................................................................................................................ 8
Social engineering ............................................................................................. 12
Brute Force Attacks ............................................................................................ 16
Denial of Service Attacks................................................................................... 17
Data Interception ............................................................................................... 18
Data theft ............................................................................................................ 19
SQL injection ....................................................................................................... 19
Poor network policy ........................................................................................... 20
Identifying and preventing vulnerabilities ........................................................... 25
Penetration testing ............................................................................................. 25
Network forensics ............................................................................................... 26
Network policies ................................................................................................. 26
Anti-malware software ...................................................................................... 28
Firewalls ............................................................................................................... 29
User access levels ............................................................................................... 30
Passwords ............................................................................................................ 31
Encryption ........................................................................................................... 32
Physical security .................................................................................................. 33

© Nichola Wilkin Ltd 2020 Page 3

www.nicholawilkin.com
 What is
network
security?
Network security refers to the
methods used to keep
information confidential and
available to its users. It also
refers to preventing unauthorised people from gaining access to a
computerised system or network.

Forms of attack
Attacks on networks come in different forms:

Task 1: Without reading ahead write a definition for each of the

following types of cyber attack
this is when someone tries to break into a system or interfere
with its operation by changing data or causing problems.
Active Attack

this is when someone secretly watches or listens to information

without changing anything.
Passive Attack

social engineering is when someone tricks people into giving

away confidential information,like passwords or personal
Social details.
Engineering

an insider attack is when someone who is trusted or has

access to a system, like an employee, misuses that access to
harm the system or steal information.
Insider Attack

© Nichola Wilkin Ltd 2020 Page 4

www.nicholawilkin.com
Active attack
This is when someone uses software such as a virus or other technical
methods to compromise a network's security and take control of its devices
and make changes to data either on the system or when it is travelling
through networks. These can include a Denial of Service (DoS) attack, brute
force attack or a malware attack which we will be learning about later in this
workbook.

Passive attack
This is when somebody spies on the system and scans for vulnerabilities. A
passive attack does not change any data and is only used to gather
information about a system, usually in preparation for an active attack.

Social engineering
This is when a person is tricked into giving away information that gives others
access to the network or accounts. This can be done by pretending to be
somebody else (such as a victim’s bank), watching over their shoulder as
they enter data (such as a PIN) or stealing access cards through pick-
pocketing.

Insider attack
An employee, former employee, contractor or business associate that has
access to the system may steal sensitive information or give away access
details to others.

© Nichola Wilkin Ltd 2020 Page 5

www.nicholawilkin.com
 Task 2: There are some very strange people walking their dogs in
the park today. Each of them has named their dog after their
favourite form of cyber-attack. Can you match the descriptions
to the correct owner by inserting the correct letter into the box
next to the dog owner.

Descriptions

A Manipulating people into giving authorised people access to a system

B Monitoring a system to find weaknesses

C A malicious attack on a computer system by a person from within an

organisation

D Altering data or taking over control of a computer system

c b

a
d

© Nichola Wilkin Ltd 2020 Page 6

www.nicholawilkin.com
 Threats posed to networks
Once a computer is connected to a network it is much more vulnerable to
cyber-attacks than a stand-alone computer.

Cyber security = protecting a computerised system and

the data within it from theft or damage

Task 3: Read the newspaper story above and explain in the

space below why you think “Fireball” was created
Fireball was created to hijack browsers, change default search engine,track their
web traffic and remotely run any code on the victim's machine including
downloading new malicious files.

© Nichola Wilkin Ltd 2020 Page 7

www.nicholawilkin.com
Hackers and crackers
Most people dread the word hacking and are of the opinion that hackers are
a threat to our cyber security. This is not the case and hackers get a bad
name because of their knowledge and the threat people feel. Hackers and
crackers are two different groups of people who both have extensive
knowledge about computer security and networks but their reasons for using
these skills and knowledge vary greatly:

Hackers: Internet security experts who are hired for locating and identifying
the loopholes in the internet security systems and fix these
loopholes and flaws. They are employed by the organisation who
gives them permission to look for gaps in their cyber-security.

Cracker: Someone who unethically exploits the highly sensitive information

and uses the flaws in the security systems to their own advantage.
The crackers usually breach the internet security to steal software
and data.

However, in popular media the word “hacker” is often misused to actually

mean cracker.

Malware
Malware is a term used to describe a variety of hostile or intrusive software.
Lets think for a moment about what we use our
computers, tablets and smart phones for:

• Browsing the internet

• Playing games
• Social interactions
• Buying and paying for goods
• Checking our bank accounts and transferring money
We rely heavily on this technology and by doing so we
often enter our personal data, access our money or chat
to others through social media. All of this data stored
about you can be valuable to criminals. They can use
this data to:

• Create fake identities

• Steal money
• Steal personal data and sell it to other criminals
Social media allows people to gather a huge amount of
data about our thoughts, likes, dislikes and viewpoints in
the world. Recently there have been reports that the
quizzes people play for fun in Facebook may have been
harvested and sold to people to help manipulate the
results of elections by heavily targeting individuals with
fake news to persuade them which way to vote.
© Nichola Wilkin Ltd 2020 Page 8
www.nicholawilkin.com
Criminal gangs are often behind these attacks but there are also individuals
who just want to cause damage. Maybe they are disappointed that they
didn’t get the job at the company they wanted so they launch a cyber-
attack on one company and it spreads to other networks. Some people just
want to cause trouble and get enjoyment destroying other people’s work.
Whatever the reason, malware is out there and if your computer is
connected to the internet you need to know how you can protect your
computer from these attacks.

The most common ways malware works is by:

• Creating a backdoor to the computer allowing the malware writer in to take

control of the system
• Downloading additional files without the computer owner knowing, allowing
more damage to be caused by more malware
• Stealing data from the victim’s computer and sending it back to the malware
writer
• Denial of Service (DoS) attacks which are designed to take down a network
by flooding it with traffic
• Spy programs spying on how you’re using your computer – for example by
tracking the data you enter via your keyboard, taking screen shots or getting
a list of running applications

Task 4: Write down a definition for each of the following

malware attacks
a computer virus is a harmful program that can copy itself and
spread to other computers, often causing damage by deleting
Computer virus files or messing up the system.

Trojan is a harmful program that tricks you by pretending to be

something useful or safe, but once you open it, it can cause
Trojan damage or steal your information.

spyware is malicious software that enters a user's

computer,gathers data from the device and user, and sends it
Spyware to third parties without their consent.

adware is a type of software that shows you unwanted ads,

usually while browsing the internet.
Adware

© Nichola Wilkin Ltd 2020 Page 9

www.nicholawilkin.com
Computer viruses

Computer virus = a type of

program that can
reproduce itself and
attempts to make data
unreadable or alter the
way a computer operates

It is designed to spread from one computer to another by inserting or

attaching itself to a legitimate program or file.

Viruses are spread through email and text message attachments, internet file
downloads, social media scam links and smart phones can get infected by
downloading infected apps. Viruses often hide in funny images, greeting
cards, or audio and video files that are likely to be shared with other users. A
computer virus can:

• Steal your passwords or data

• Log your keystrokes and send them back to the virus creator so they can
monitor what you are typing in and obtain your PIN number, passwords etc.
• Corrupt or delete your files
• Spam your email contacts
• Take over your machine
These are just some of the devastating and irritating things a virus can do.

Trojan
You may remember the story of “The Trojan Horse”.

For 10 years the Greeks and the city of Troy were at war. Their leader,
Odysseus, decided he wanted to end the war and came up with a sneaky
plan. He told his soldiers to retreat leaving behind a giant wooden object
made to look like a horse at the city gates. Inside the huge horse Greek
soldiers, including Odysseus, were secretly hiding and waiting for their plan to
work.

When the Trojans saw the giant wooden horse and the rest of the departing
Greek soldiers, they thought they had won the war and the wooden horse
was a parting gift from the Greeks. To celebrate their victory the Trojans
wheeled the huge wooden horse into the city.

© Nichola Wilkin Ltd 2020 Page 10

www.nicholawilkin.com
 That night the Greeks sneaked out of the wooden
horse, attacked the Trojans and conquered the
city of Troy.

Trojan malware
works in a similar
way as it hides Trojans = malware
inside what
appears to be a that pretends to be
normal file and users are typically tricked by something else so
some form of social engineering into loading the victim
Trojans onto their systems. This can be done
downloads it onto
by telling them they are the winner in a
competition and to download their prize, their computer
telling them they are already infected and system
to download the solution or offering them a
free game or app to download. The victims
infect their own computer using trickery much
like how the Greeks got into the city of Troy.

Trojan malware can cause severe damage to data such as deletion,

modification, copyingand stealing and they can even disrupt network
activity.

Spyware

Spyware = malware that hides on your computer and

monitors everything that you do on your computer

Spyware can track web activity, access emails and even steal username and
password information.

You may be infected with spyware if you notice any of

the following symptoms:

• Internet access has slowed down

• New programs on your computer that you didn’t
install or recognise
• Your home page looks different to what you were
expecting. Use another computer to see if this is a
general update from the manufacturer or something only on your computer
• New toolbars or icons in your Web browser or main applications that you
don't remember installing

© Nichola Wilkin Ltd 2020 Page 11

www.nicholawilkin.com
Adware

Adware = malware that

displays unwanted advertising
on your computer

Adware is software that displays lots of

unwanted nuisance advertising on your
computer. These adverts are usually in the
form of pop-up windows or directing the
victim to a specific website. While it won’t
cause any direct harm to the victim’s device, it can be very annoying and
often contains spyware or some other form of malware.

Social engineering
Social engineering is a non-technical
method used by crackers to find out
information from users to allow them to gain
access to a computer system.

Social engineering is
manipulating people into giving
out personal information

It can include:

• Phoning or sending an email pretending to be somebody else in the hope

that the user will disclose personal information to them
• Frightening or tricking people into loading malware onto their computers
giving the cybercriminals access to the system
• Listening to or watching users to find out the information they want (for
instance watching as they enter a pin number into their smart phone before
stealing their phone)
• Setting up a fake website to gather personal details from victims

© Nichola Wilkin Ltd 2020 Page 12

www.nicholawilkin.com
No matter how secure a network is, if one of the users on the system falls for
social engineering the network can still be breached and crackers can still
gain access.

Phishing

Phishing = sending an email or text

message to ask for personal
information

Phishing is when the user is encouraged to

disclose the confidential information which will
allow the cybercriminal to access accounts, steal
money, set up fake accounts, steal their identify
and many other illegal activities. Some are easy to spot because they are so
poorly written.

© Nichola Wilkin Ltd 2020 Page 13

www.nicholawilkin.com
Blagging

Blagging = creating a scenario to engage with a targeted

victim to get them to disclose personal information

This can be used for identity theft, to access their bank accounts and
withdraw money, or to gain access to a computer system.

Common examples include the “Nigerian Prince” scam (where the cracker
pretends to be a Nigerian prince who needs to move a large sum of money
into or out of the country and wants to do this through your bank account)
and more recently fake emails that look like they are coming from friends
who have been in an accident or mugged whilst on holiday and need you to
send money.

If you receive an email or phone

call claiming to be from the police,
a friend in need, your bank, a
businessman from another country
needing to offload diamonds, a
competition that you never
entered then take a moment to
think “Is this real?” Find an official
email address or phone number for
the organisation and ring them if
you are unsure. Ring on another
phone if possible as criminals will
often stay on the line and let you
think you are ringing somebody
else if you use the same phone. If
you get an email claiming to be from a friend, find out if it is really from them.
Ring them on their private number or use social media to contact them etc.
to see if they are really in need of your help.

© Nichola Wilkin Ltd 2020 Page 14

www.nicholawilkin.com
Pharming

Pharming = when website traffic is diverted to another

fake website which has been set up to look like the
official website
This can be done by cracking a website or redirecting a computer
electronically or by sending the user a link through a scam email to the fake
website.

Often they are very close to the original but there are usually tell tail signs, the
main one being the website address will not be correct. In the image above
“amazon” has an extra “n” in the address line, also the logo is the old logo
and not the latest logo.

Often victims are directed towards the fake website from a phishing email. If
you are inputting any personal details including payment details look for https
in the email address to make sure it is encoded but also look for other tell tail
signs that you may be a victim of pharming. If the website does not look right
then don’t use it.

© Nichola Wilkin Ltd 2020 Page 15

www.nicholawilkin.com
Shouldering
Shouldering (also known as shoulder surfing) is
when a cybercriminal observes a person’s private
information such as watching over their shoulder
when they enter their PIN number at a cashpoint.

It may be used to get a PIN to access a bank

account, a password to get into a computer
system or allow them to unlock a smart phone. To
avoid this type of social engineering it is important
to be aware of your surroundings when entering
personal information. Look over your shoulder to make sure nobody is
watching you.

Some scammers alter ATM machines to include pin-hole cameras to keep a

watch on the keys you type and have fake card readers attached to the
card slot to skim the details off your card.

If an ATM machine does not look normal

then do not use it. It is also good practice
to always make sure you cover your hand Shouldering = observing
when entering you PIN, whether this is at
an ATM or in a shop, so if anything is
the victim to try to see
recording or anybody is watching you them entering their
they will not see the numbers you enter. personal information

Brute Force Attacks

A brute force attack is a method used to obtain information such as a user
password or personal identification number (PIN) through trial-and-error. In
a brute force attack, software is used to generate a large number of slightly
varying guesses to try out different methods and can try millions of password
combinations in a second.

Task 5: Log onto https://howsecureismypassword.net/ and test

out a variety of passwords to see what makes a strong password
that can resist a brute force attack for the longest

© Nichola Wilkin Ltd 2020 Page 16

www.nicholawilkin.com
Denial of Service Attacks
A denial of service attack (DoS) is a type of cyber-attack where the
cybercriminals attempt to prevent users from accessing an organisation’s
service. In a DoS attack, the attacker sends loads of messages flooding the
targeted server with requests to overload systems and stop legitimate
customers and users from accessing the server. This may occur when a
competitor is launching a new product or promotion and can make the
website fail potentially costing them millions of pounds in lost sales.

Occasionally a network may be the victim of a Distributed Denial of Service

(DDoS) attack where lots of computers are infected with malware and used
(against the owner’s knowledge or permission) to attack a network.

Watch this video to find out more:

https://www.youtube.com/watch?v=OhA9PAfkJ10

© Nichola Wilkin Ltd 2020 Page 17

www.nicholawilkin.com
Data Interception
Data inception attacks (also known as “man in the middle attacks”) are
usually performed by people outside of an organisation. There are two types
of data inception:

• Collecting data
• Manipulating data

Collecting data
This is purely used to gather data. The cybercriminal spies on the network
traffic and gathers the information they need. This can then be used to
perform further crimes such as blackmail, corporate espionage or to allow
competitors to undercut a quote.

In this example computer A is communicating with computer B and the

cybercriminal is taking a copy of the data without either of the other two
computers being aware.

Manipulating data
Here the data is intercepted and altered before being passed onto the
destination computer. This can be used to alter monetary figures allowing
the cybercriminal to take a few pence off each transaction which can
quickly mount up, they can alter quotes from clients or give misinformation to
the destination computer to alter records etc.

© Nichola Wilkin Ltd 2020 Page 18

www.nicholawilkin.com
Data theft
In an organisation, employees have access to data such as customer
databases, copyrighted documents etc and may copy and/or delete part of
it when they leave the company or misuse it while they are still in
employment. They may sell the data to a competitor or set up their own
company using that data. A common example of this is where a sales person
makes a copy of the contact database for use in their next job; this is a clear
violation of their terms of employment.

Another example, which is a growing problem, is with

teachers who are unaware they may be breaking the
law or even that they are committing data theft.
Many teachers mistakenly believe that because they
have created the resources they use in their classroom
in their own time, at home, they own the copyright on
them and can distribute them to other teachers.
However, this is not true and by giving out these
resources to others, they are committing data theft.
Even if the resource was created at home, if they were
created for use in their lessons they are legally owned
by the school and cannot be given out to other
teachers unless the teacher in question gets specific
written permission from the school that they can do
this.

SQL injection
SQL injection is a trick that can be used to get around the need for a login ID
and password. The cybercriminal inputs SQL code into the username and
password boxes which forces the SQL database to side-step the need to
enter a valid user ID or password. In effect, the user types in a statement that
is true and the database reads this as valid data so allows access.

Watch this video to find out more:

https://www.youtube.com/watch?v=h-9rHTLHJTY

© Nichola Wilkin Ltd 2020 Page 19

www.nicholawilkin.com
Poor network policy
Often networks are vulnerable because the network manager has not made
adequate plans to protect them. These plans are set out in a “Network
Policy” which outlines the details about how their network is setup and
maintained.

Weak and default passwords

One of the most common ways that a cybercriminal can gain entry to a
computer system if the user does not have an adequate password. It may
be that they have never changed from the original password they were
allocated, it is a weak or a common password, or they use the same
password for everything so if the cybercriminal knows one password they can
also access to several accounts.

Ideally the network policy should force the user to change their password
when they first log in and regularly change it to something that is hard to
crack.

Sometime a user may need to write down their password as they cannot
remember it and keep it near their computer for convenience.

For instance, they may keep a note of their passwords in a laptop bag that
they use to carry their laptop. However, if the bag with your laptop is stolen
the criminal would also have access to all the passwords. Likewise,
passwords should not be kept in a wallet or on a mobile phone as they may
also get stolen.

© Nichola Wilkin Ltd 2020 Page 20

www.nicholawilkin.com
Removable media
There are two threats with removable media:

• The removable media getting into the hands of somebody who could use it
for their own means
• The removable media getting infected with malware and contaminating the
computer system it is plugged into

You may assume that this was a one-off incident but sadly it is a story that has
been in the news many times:

© Nichola Wilkin Ltd 2020 Page 21

www.nicholawilkin.com
 Task 6: Imagine you are the civil servant who posted the disks
and have just realised they never got to their destination. Write
an email to your boss to tell them what has happened and
outline the dangers of losing the data and explain what you
should have done differently. You may have to do a bit of
research to find alternative ways that the data could have been
sent securely
Dear Tom, I need to inform you that the disks I posted containing sensitive data
have not arrived at their destination. Im actively working with the postal service,
but the packages whereabouts are currently unknown. This poses a serious risk,
as the data was not encrypted and could be misused if accessed. I realize I should
have used a secure, trackable service and encrypted the contents. Going forward, I
propose using secure couriers, encrypting all data, and prioritizing digital transfers
for sensitive information. I sincerely apologize and will do everything possible to
resolve this issue. Best regards, Dimi Ogunleye

As well as losing data which is stored on removable media, the media may
be contaminated with malware which could infect and damage whichever
computer reads it. The contents do not need to be manually copied onto
the computer. Some malware will automatically save itself onto the host
computer as soon as it is plugged in, even if the user does not open the
infected file.

Even if a company has a network policy in place to stop people saving files
to removable media, it is still possible that somebody may use it without
thinking of the dangers to the company.

© Nichola Wilkin Ltd 2020 Page 22

www.nicholawilkin.com
 Many companies have now
removed the CD/DVD drives from
their computers and some have
resorted to gluing up the USB ports
so a USB memory device cannot be
physically plugged in. Although this
practice is not recommended as
glue can seep down into the other
parts of the computer and stop
them from working, many
companies are starting to do this as it is a fast, easy fix. A better way of
achieving the same result is to change the software of the computer so it
either forgets the USB drive is there and does not connect to it or it requires a
password for it to be used.

If a company still has to have access to removable storage they should

protect the data that is stored on it. They can use encryption that makes the
data unreadable unless they have the correct password to access it (see
page 32 for more information about encryption).

Unpatched or outdated software

Let us assume a cybercriminal finds a weakness on a computer system and
manages to figure out some code which allows them to gain access to the
data on a network. The network administrator that has been cracked realises
there has been a breach of their security and tells the software company
about the problem. It might be a weakness with the operating system or an
application. The software manufacturer looks at the problem and manages
to find a solution to stop this from happening again. This is known as a patch
as it is not a full upgrade of the software but a small section of coding that
stops that weak point from being vulnerable to cyber-attacks. They upload
the patch to their website so anybody with that software can install the
patch and stop the potential attack.
Great, you think, problem solved.

Well yes and no. Yes, for all those users

who install the patch, their system is now
safe from that particular attack. But no,
for all those users who haven’t installed
the patch.

Once a patch is uploaded on the

website to tell everybody it is there, it also
notifies other potential crackers where
the week spots are. It is like waving a flag
saying “Here is a way into the system”.
Other crackers can then use those weak
spots and any computer system that
does not have the latest patch installed is
vulnerable to the attack.

© Nichola Wilkin Ltd 2020 Page 23

www.nicholawilkin.com
The most serious and neglected vulnerability is lack of patching. Nine out of
ten successful cracks are waged against unpatched computers.

It is the same with using older versions of the

software. Software development companies
Software regularly update their software, not just to include
patches fix new features to make it competitive but also to fix
known security all the flaws in security they have been told about
previously. Companies need to have a network
problems in policy in place that includes regularly updating
software their software to make sure they keep their network
as secure as possible.

© Nichola Wilkin Ltd 2020 Page 24

www.nicholawilkin.com
 Identifying and preventing
vulnerabilities
There are several things that can be put in place to make it much harder for
the hackers to gain entry to a system.

Penetration testing
If a company wants to test their cyber security, they may employ somebody
with the relevant specialist technical knowledge to attempt to crack into
their system. This is done with the organisation’s knowledge and agreement
and is used solely to find the weak spots and fix them before a cybercriminal
with malicious intentions finds them.

Once a penetration test has been completed a report is given to the

company to tell them about weaknesses and help them make sure their
system is secure. There are two types of penetration attack:

White-box penetration Black-box penetration

This simulates a potential attack from This simulates an EXTERNAL attack
INSIDE the organisation and includes such as illegally gaining access to a
some basic knowledge of the target computer system or cyber warfare
system such as the software used. and is a more realistic test as most
This simulates a threat from an crackers will not have the inside
employee or somebody who was knowledge that a white-box
sacked by the company and holds penetration test assumes.
a grudge.

Who becomes a penetration hacker?

There is a myth that companies employ ex-
cybercriminals, after they have served their
prison sentences, to test their systems and they Penetration
pay them huge sums of money to do this. This is testing is
not true. Organisations do not want to employ
somebody with a criminal record for this type of
performed with
sensitive work so penetration hackers (also the company’s
known as Ethical hackers) tend to come from permission and
the following backgrounds and have a knowledge,
computer science degree:
otherwise it is
• Network Administrator classed as an
• System Administrator illegal act
• Network Engineer

© Nichola Wilkin Ltd 2020 Page 25

www.nicholawilkin.com
Network forensics
Network forensics is a specialist area that involves monitoring and examining
data to discover the source of security attacks and other illegal activities.
Software is used to monitor data as it travels around the system and anything
that is unusual is flagged up and investigated.

Not only can the potential source of an attack be identified but it can also
be used to analyse how the attack occurred so the organisation can make
changes to prevent it from happening again.

It is possible to install SQL Server Log Auditing tools software that continuously
monitors data that is being entered in a database to monitor for unusual
behaviour and flag up anything that is suspicious, for instance if key words or
symbols are entered into boxes that would not usually contain punctuation it
can help prevent attacks by SQL injection.

Network policies
A network policy should include:

• The format and complexity of user passwords, how regularly they must be
updated and if they must alter them when they first log into the system
• The user access levels required by different groups
• Who is responsible for user training about using removable media and to
prevent data theft
• The firewall that is used and which data is allowed from which sources into the
network
• Who is responsible for installing and updating anti-malware software
• Who is responsible for updating software and installing software patches
• Details of how regular penetration testing will be performed

© Nichola Wilkin Ltd 2020 Page 26

www.nicholawilkin.com
 Task 7: Describe how you can reduce the risks of the following
dangers
Danger How can you reduce the risk?
To reduce the risk of unauthorized data access by staff,
implement role-based access control to ensure employees only
Staff accessing data access whats necessary for their role. Regular audits and
they should have no monitoring should be conducted to track and flag suspicious
right to see access attempts. Additionally, encrypt sensitive data and provide
staff with training on data protection policies to minimize security
risks.

To reduce the risk of staff losing a USB with confidential data,

enforce the use of encrypted USB drives that protect the data
Staff losing a USB with even if lost. Implement strict policies requiring sensitive data to
confidential private be transferred through secure digital channels instead of
physical devices. Additionally, conduct regular training to raise
data awareness about the risks of using unprotected portable storage
and the importance of reporting lost devices immediately.

To reduce the risk of a virus that deletes files on your computer

system, install and regularly update reputable antivirus software
A virus that deletes files to detect and block malware. Ensure that your operating system
on your computer and software are kept up-to-date with security patches to close
vulnerabilities. Additionally, implement a robust backup system,
system storing copies of important files in a secure, offsite location to
recover data in case of a virus attack.

To reduce the risk of cybercriminals exploiting vulnerabilities in a

Cybercriminals finding a Windows 95 system, upgrade to a modern, supported operating system
way into your network as that receives regular security updates and patches. Implement strong
network security measures like firewalls, intrusion detection systems,
you are using the and VPNs to protect against unauthorized access. Additionally, isolate
Windows ’95 operating the outdated system from critical network infrastructure to limit its
system exposure and minimize the risk of a breach.

Cybercriminals gaining To reduce the risk of cybercriminals exploiting weak passwords,

enforce a strong password policy requiring complex, unique
entry to your computer passwords that include a mix of characters, numbers, and
network as some of your symbols. Implement multi-factor authentication (MFA) to add an
staff are using extra layer of security beyond just passwords. Regularly conduct
“password” as their security awareness training to educate staff on the importance of
password strong passwords and safe online practices.

Training employees about who owns the data and what they are and are
not allowed to do with that data can stop the unintentional data theft as in
the case of teachers creating and selling resources that are legally owned by
the school that employ them but it will not stop deliberate breaches.

If data has been deliberately stolen a company may have to track the
breach to find out what has happened and who is responsible and network
forensics will be employed to help them do this.

© Nichola Wilkin Ltd 2020 Page 27

www.nicholawilkin.com
Anti-malware software
There is a lot of specialist software available that helps with removing threats
and protecting against future threats. Many are bundled together and fight
more than one type of threat.

Task 8: Do some research and find a reputable antivirus

program from a well-known and respected manufacturer. Find
out if they cover the following types of attack.
Does it save from the following types of
Name Cost attack?
Virus Spyware Phishing Pop-ups
sentinelone $4 per
agent per ✔ ✔ ✔ ✔
month,

Antivirus software checks all the files, attachments and programs looking for
known viruses. However, it can only check for known viruses so it is important
to regularly update antivirus software so that it knows the latest viruses to look
out for.

A good antivirus program will be continuously working in the background of a

computer and it should be easy to see if it is up to date and when the last full
scan of the files took place.

Most genuine antivirus software also includes anti-malware software so it is

important that this is installed and up to date.

Training people to know what to look for can also help reduce the potential
for this type of cyber-attack on a network:

• Do not download anything that looks like it is too good to be true

• If a company is telling you that you won a completion you never entered,
delete it immediately
• If a pop-up on your computer tells you they have detected 4 viruses on your
computer and the only way to save your data is to download their special
antivirus software, close and run anti-malware software to look for a potential
cyber-threat
• Avoid downloading “free” software programs, screensavers and any program
that comes with strings attached. This also goes for smart phones

© Nichola Wilkin Ltd 2020 Page 28

www.nicholawilkin.com
 • Ask yourself why something of value is being offered for free. What do they
have to gain from giving it to you?
• If your computer is suddenly running slowly, run anti-malware software to see
if it has been infected and inform the network manager as it can infect the
rest of the system

Some operating systems have a pop-up blocker installed, it just needs to be

switched on.

A firewall should be installed which will filter out the dangerous files from the
internet before they get to the network.

Firewalls
Firewall = filtering out
A firewall is not really a physical wall; it is a
unwanted and
filter between a network and the internet.
It does not stop everything from entering potential harmful data
the network but allows a filtered amount from entering the
through. If a company wants to stop their network
employees accessing certain websites, IP
addresses, or services like Instant
Messenger, it can do so using a firewall.

On a home wireless LAN the firewall is usually built into a wireless router to
protect the users on that home network from possible online dangers. On a
larger network used by an organisation a more advanced firewall may need
to be installed separately to manage the large amount of data that is
passing through the system.

The firewall works by allowing the data to leave the network but stops
unauthorised data from coming back into the network. On a school network,
students and teachers may occasionally have a message saying that the
website they are trying to access is blocked. That is the firewall working to
stop possible threats from getting onto the school network. If a class wants to
see that website and is sure it is safe then they would have to ask the network
manager to allow it through the firewall.

© Nichola Wilkin Ltd 2020 Page 29

www.nicholawilkin.com
To get around DoS attacks, some organisers choose to store their systems on
the “cloud” which allows them to cope with large volumes of traffic.
However, this does mean that they are giving control of their system to
another organisation.

If using cloud services is not possible then a firewall can be used to inspect
incoming traffic and block any which are from the same source or have
identical contents.

User access levels

It is important that the network manager sets up the user access rights
correctly. If they don’t do this then it can cause all sorts of problems and may
breach the Data Protection Act.

Incorrect user access levels could include giving

everybody in a company rights to see confidential
information about other employees when only a Access rights
few select people should be able to view that define who has
data. It could include giving employees who are
permission to
not in a management position information that only
managers should see or allowing people from one access data on
department to access data that is nothing to do the computer
with their department. It could even be that system
customers using part of a company website can
see other customers’ personal details.

Part of the network manager’s role is to make sure that users only have
access to the data they require for their role in the organisation and do not
have access to data they should not be seeing.

Every network card or chip

has a MAC address
identifying it with a unique
MAC address
number. filtering = only
allowing
If you set up a wireless
network one of the things a
certain
network manager can do devices to
to improve security is to access the
only allow devices with network
certain MAC addresses to
connect to the network.
That way the network prevents data interception by
the man in the middle technique.

© Nichola Wilkin Ltd 2020 Page 30

www.nicholawilkin.com
Passwords
One of the most common methods for protecting data is by using a
password. It is possible to password protect:

• A user’s account (either for a computer network, an individual device or a

website)
• A folder containing several documents
• An individual file
Ideally a password should have a mixture of the following:

• Lower-case letters
• Upper-case letters
• Numbers
• Special symbols
It should also follow these rules:

• It should contain at least 8 characters, but preferably more

• It should be changed regularly and changed immediately if you think the
security has been breached
• It should not be able to be guessed easily by anyone that knows you (i.e. not
the name of your cat)
• It should not be a word in the dictionary
• It should not be something that you use on
other accounts
It is not recommended that a user has the
same password for all their online accounts
as a cracker will be able to access
everything if they manage to crack one
password.

There are password generating websites

available which create a random collection
of letters, numbers and symbols or users can
make up their own.

A company can protect itself against brute

force attacks by enforcing a policy of only
allowing strong passwords for their system
that are formatted to be difficult to crack.
After a certain number of failed attempts,
the user will be locked out until either a
network manager resets it or for a set period
of time which will stop the multiple attempts
used in brute force attacks.

© Nichola Wilkin Ltd 2020 Page 31

www.nicholawilkin.com
 Task 9: Log onto
http://www.pbs.org/wgbh/nova/labs/lab/cyber/ and play the
game.

Encryption
Sometimes hackers gain entry to a system not through brute force attacks
(i.e. trying passwords until they stumble across a correct one) but by
connecting to the network and “listening” to the messages that are being
sent using the man in the middle technique we looked at earlier. This is much
easier to do with a wireless network as the radio waves can be intercepted
from anywhere nearby. However, it is also possible with physical networks
where the hacker can connect a cable to the network to divert the
messages to their own computer before allowing the message to continue to
their journey without the recipient or the sender knowing they have been
diverted.

Encryption is a method of altering the original

Encryption = coding message using a secret code that only the
a message so it is authorised computers on the network know.
This way the message that is heard by any
unreadable until it “man in the middle” hackers will be
reaches its unreadable and useless.
destination
When a website has the address https rather
than http it shows that any data the user inputs
on that website (i.e. payment or personal
details) will be encrypted and unreadable for anyone listening in.
© Nichola Wilkin Ltd 2020 Page 32
www.nicholawilkin.com
The simplest encryption to crack is a Caesar cypher where character are
shifted through the alphabet a set number of letters.

In this example the top row is the original letters and the bottom row is where
the letters have been shifted 3 spaces.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
X Y Z A B C D E F G H I J K L M N O P Q R S T U V W

HELLO becomes EBIILT

This is quite easy to crack as the hackers can look for common three letter
words and test them to see if they can use a Caesar cypher to crack the
code. In this case QEB would spell THE and then they will know how to crack
the rest of the code.

A more common approach which is much harder to crack is the random

substitution cipher where the second row appears in a random order.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
K W D J Z X L Y O S F E P A M R N I V H B G U T Q C

Here, even if they crack HYZ as THE it would not help them crack the rest of
the code.

Physical security
It is important to also consider physical security
and this can be as low tech as having doors that
require people to enter a number on a keypad to
unlock or a pass card sensor to allow access. It
can also include alarm systems and security
guards patrolling the buildings to ensure that
unauthorised people can not gain access to the
computers. However there are other physical
ways of securing a computer system such as
biometric measures.

Biometric measures
Increasingly we are using our smart phones to act
as computers. We use them to access bank
accounts, make payments, update social media
posts and send emails. All of these things could
be used against us if the wrong person has access
to them, so it is important to make sure that we
have a secure method for ensuring we are
authorised to use these different systems.

© Nichola Wilkin Ltd 2020 Page 33

www.nicholawilkin.com
When using a smart phone, typing in a password using
letters, numbers and symbols is cumbersome leaving
many smart phone users to avoid entering them or
keeping them very simple which leaves them open to
potential cracking.

Biometric identification uses unique

identifiers such as fingerprints, voice
recognition, facial recognition, and
iris scanning to identify users, none of
which is easy to copy by cyber
attackers.

Task 10: Describe two advantages for using biometric

information to log into a mobile device such as a tablet or smart
phone.

Advantage 1 Advantage 2

Enhanced security: Biometric Convenience: Biometrics offer a quick

authentication, like fingerprints or facial and seamless way to log in, eliminating
recognition, is difficult to replicate, the need to remember complex
making it more secure than traditional passwords or enter them repeatedly.
passwords or PINs.

© Nichola Wilkin Ltd 2020 Page 34

www.nicholawilkin.com
 Task 11: Complete this crossword:

p v r

e n g i n e e r i n g

n r

e u

d a t a s y m b o l s

p a t c h

Across Down
4. Social _________ is when a 1. Hostile software including
cracker manipulates people to viruses, keyloggers, adware,
give them confidential information spyware, trojans and worms
they can use to gain access to a 2. This is a type of test that
computer system companies use to simulate a
5. Access rights ensure people only possible cyber attack
see ______ that is relevant to their 3. Removable media can be lost
job and position in the company or stolen and can infect a
6. A strong password should computer system with one of
include upper-case and lower- these.
case letters, numbers and
__________
7. A small program that
manufacturers create to fix a
specific problem with their
software, usually to increase cyber
security

© Nichola Wilkin Ltd 2020 Page 35

www.nicholawilkin.com