Professional Documents
Culture Documents
1.4 Workbook Answers
1.4 Workbook Answers
Resources
We recommend the OCR-endorsed text book from PG Online for use during your GCSE studies.
Craig ‘n’ Dave videos for SLR 1.4
GCSE J277 Unit 1.4 | Network security Craig’n’Dave
Software written to infect computers, allowing you to conduct fraud and identity theft.
Malware is big business in our world. Fools engaging in web surfing, shopping,
banking, email, instant messaging and gaming without proper protection are the target.
Your best approach is ransomware. Send your victim an email with a trojan that encrypts their
files. Make sure the attachment is something they are likely to open such as invoice.vbs. Then
send them another email demanding payment to unlock the files and watch the cash roll in.
Whether you choose to unlock their files afterwards is up to you.
From: uec_100@hotmail.com
To: noreply@hotmail.com
Doing it right
Subject: Your account will be deactivated
• Use a company logo
Dear email user,
• Tell them their account is at risk.
• Tell them to act now.
This is to inform you that on 4 th March, Steam will discontinue
• Give them a URL to click –
your account, and your purchases will be lost unless you
everyone likes a quick link.
update your security settings. Click here to update now.
• Watch your spelling and grammar.
Your email has to look genuine.
Thank you.
Steam
Phishing is big money 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
GCSE J277 Unit 1.4 | Network security Craig’n’Dave
If a database has not been programmed using modern techniques, you may be able to output, modify or delete
records by entering SQL code into the text boxes intended for users to search the database.
' OR '1'=‘1
Outputs all the records in the table.
Hacking is a crime.
GCSE J277 Unit 1.4 | Network security Craig’n’Dave
Social engineering refers to the psychological manipulation of people into taking unusual actions or divulging confidential information. It is a type of confidence
trick for the purpose of information gathering, fraud or unauthorised system access. It is often one of many steps in a more complex fraud operation.
Mistakes people make with system security: • Not installing operating system updates.
• Not keeping anti-malware up-to-date.
• Not locking doors to server/computer rooms.
• Not logging off.
• Leaving printouts containing sensitive information lying around.
• Writing passwords down on sticky notes attached to computers.
• Sharing passwords.
• Using easy-to-guess passwords.
• Not encrypting data on portable media.
• Not applying security to networks – e.g., VPN, WPA2.
• Not understanding network policies or implementing them poorly.
• Not training staff to protect themselves against phishing attacks.
GCSE J277 Unit 1.4 | Network security Craig’n’Dave
TAKE CYBERSECURITY
SERIOUSLY!
’ T w rite
N wn
• DO words do ious
pass use obv
D ON’ T
•
s w o rds one
pa s l any
O N ’T tel ord
• D p assw
yo u r
GCSE J277 Unit 1.4 | Network security Craig’n’Dave
The network manager might insist on password There are many types of encryption algorithms out It can block certain ports and types of traffic and can
rules such as minimum length. On top of this, they there – a very simple, early example is the Caesar inspect the contents of data traveling across it to
can choose which areas of the system that users can shift cipher. Banks and online checkouts use far check if it looks suspicious. Operating systems and
access with their access level. For example, students more complex encryption algorithms. home routers come with built-in firewalls, but more
may only see certain files and folders while teachers sophisticated ones are available to purchase.
and finance staff can see others.
Anti-malware software protects This very common method of Any form of real-world physical Testing to check system security
against infections caused by the preventing unauthorised access security that helps protect data and identify vulnerabilities.
many types of malware requires users to enter a and systems – e.g., alarms, Black-box penetration testing
including viruses, worms, password to gain access. locks, keypad entry, cameras,
trojans, rootkits, spyware, key Passwords can be made more security patrols, etc. Attempting to gain access to
loggers, ransomware and secure by implementing rules resources without knowledge of
adware. such as minimum length. usernames, passwords and
other normal means of access.
Simulates an external attack.