Cyber Security & Threats (AQA GCSE Computer Science)

Revision Note

Robert Hampton

Written by: Robert Hampton

Reviewed by: James Woodhouse

Cyber Security

What is cyber security?

  • Cyber security is the processes, practices and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access

  • The main cyber security threats are:

    • Social engineering techniques

    • Malicious code (malware)

    • Pharming

    • Weak and default passwords

    • Misconfigured access rights

    • Removable media

    • Unpatched and/or outdated software

Social Engineering

What is social engineering?

  • Social engineering is exploiting weaknesses in a computer system by targeting the people that use or have access to them

  • Social engineering is the art of manipulating people so they give up confidential information 

Blagging (pretexting)

  • The art of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances

  • E.g. a scammer will send a fake text message, pretending to be from the government or human resources of a company, this scam is used to trick an individual into giving out confidential data

Phishing

  • Sending fraudulent emails/SMS to a large number of people, claiming to be from a reputable company or trusted source to try and gain access to your details, often by coaxing the user to click on a login button/link

Shouldering

  • Observing a person's private information over their shoulder e.g. cashpoint machine PIN numbers

How can you protect against it?

  • The best way to protect an individual from the threat of social engineering is to ensure the proper training/education has taken place

    • What questions to ask to determine authenticity (blagging)

    • What to look for in an email/SMS (phishing)

    • Being aware of surroundings/location (shouldering)

Malware

Why is malware a threat?

  • Malware (malicious software) is the term used for any software that has been created with malicious intent to cause harm to a computer system

  • Examples of issues caused by malware include

    • Files being deleted, corrupted or encrypted

    • Internet connection becoming slow or unusable

    • Computer crashing or shutting down 

  • Malware can exist in many forms, each designed to perform its role in different ways

Malware

What it Does

 Computer virus

  • A program which can replicate itself on a user's computer. It contains code that will cause unwanted and unexpected events to occur

  • Examples of issues a user may experience are

    • Corrupt files

    • Delete data

    • Prevent applications from running correctly

Trojan

  • Sometimes also called a Trojan Horse

  • Trojans disguise themselves as legitimate software but contain malicious code in the background 

Spyware

  • Software which will allow a person to spy on the users' activities on their devices

  • This form of software will be embedded into other software such as games or programs that have been downloaded from illegitimate sources

  • Spyware can record your screen, log your keystrokes to gain access to passwords and more

How can you protect against it?

  • To protect against the threat of malware:

    • Ensure code is written correctly

    • Keep anti-malware software up to date

    • Install a firewall

    • Educate users

Pharming

Why is pharming a threat?

  • Pharming is typing a website address into a browser and it being redirected to a 'fake' website in order to trick a user into typing in sensitive information such as passwords

  • An attacker attempts to alter DNS settings, the directory of websites and their matching IP addresses that is used to access websites on the internet or change a users browser settings

How can you protect against it?

  • To protect against the threat of pharming:

    • Keep anti-malware software up to date

    • Check URLs regularly

    • Make sure the padlock icon is visible

Weak Passwords

Why are weak/default passwords a threat?

  • A week password is a password with less than 8-12 characters and does not contain a combination of:

    • Upper case characters

    • Lower case characters

    • Numbers

    • Special characters (*, #. ! etc.)

  • Predictable patterns make a weak password, for example, using birthdays, names and/or keyboard patterns (qwerty)

How you can protect against it?

  • To protect against the threat of week/default passwords:

    • Use a 'strong' password

    • Regularly change passwords

Access Rights

Why are access rights a threat?

  • Access rights are pre-determined levels of access for how a user can and cannot interact with resources on a computer system

  • Common examples of access rights are linked to basic file operations, such as:

    • Read only

    • Write

    • Modify

    • Delete

  • Access rights can control a users ability to launch/share programs

  • Incorrect/misuse of user access rights are a huge threat to network security

How can you protect against it?

  • To protect against the misuse of access rights:

    • Grant minimum access rights unless proven to need more

Removable Media

Why is removable media a threat?

  • Removable media is a secondary storage device that is designed to be portable and allow movement of data between computer systems

  • Examples of removable media are:

    • USB memory stick

    • External hard drive

    • Optical disks

    • Memory cards

  • Removable media poses a threat to networks in two main ways:

    • Data in - Malware infected removable media being used on a network can lead to

      • spread of infection across the network

      • data loss/corruption

      • network disruption

    • Data out - Sensitive data being intentionally/unintentionally leaked/lost

How do you protect against it?

  • To protect against the threat of removable media:

    • Restrict/block the use

    • Encryption

    • Training

Unpatched/Outdated Data

Why is unpatched/outdated data a threat?

  • Software is often released in a less than perfect state and flaws/vulnerabilities may exist which can provide an opportunity for hackers

  • Unpatched/outdated data can lead to:

    • Data breaches

    • Installation of malware

How can you protect against it?

  • To protect against the threat of unpatched/outdated data:

    • Ensure all software is kept up to date

Worked Example

A student asks if they can bring their homework in to school on a USB memory stick.

The teacher informs them that using them in school is now allowed.

Describe one danger that using a USB memory stick in school could cause [2]

Answer

  • The USB memory stick could contain malware/virus/trojan/spyware leading to...

  • ...spread of malware to other networked devices

  • ...files being deleted/corrupted/encrypted

  • ...internet connection becoming slow or unusable

  • ...computer crashing or shutting down

Guidance

  • 1 mark for the threat and 1 mark for the description

Last updated:

You've read 0 of your 5 free revision notes this week

Sign up now. It’s free!

Join the 100,000+ Students that ❤️ Save My Exams

the (exam) results speak for themselves:

Did this page help you?

Robert Hampton

Author: Robert Hampton

Expertise: Computer Science Content Creator

Rob has over 16 years' experience teaching Computer Science and ICT at KS3 & GCSE levels. Rob has demonstrated strong leadership as Head of Department since 2012 and previously supported teacher development as a Specialist Leader of Education, empowering departments to excel in Computer Science. Beyond his tech expertise, Robert embraces the virtual world as an avid gamer, conquering digital battlefields when he's not coding.

James Woodhouse

Author: James Woodhouse

Expertise: Computer Science

James graduated from the University of Sunderland with a degree in ICT and Computing education. He has over 14 years of experience both teaching and leading in Computer Science, specialising in teaching GCSE and A-level. James has held various leadership roles, including Head of Computer Science and coordinator positions for Key Stage 3 and Key Stage 4. James has a keen interest in networking security and technologies aimed at preventing security breaches.