Professional Documents
Culture Documents
Chapter 5
Chapter 5
WW
W
Internet
????
Server
Format of a URL
Format of a URL
• Data packets are sent around the internet using different protocols, or
rules.
• The protocol that web pages use for data transfer is called hypertext
transfer protocol (http). They are needed because data sent across the
web can contain private and sensitive information.
= HyperText Transfer Protocol SECUR
E
• Ensures that a secure connection is made between the two devices
engaging in the transfer of data.
• The data packets are encrypted before they are transmitted across the
network and are decrypted only when they reach their intended
destination.
• Uses SSL (Secure Socket Layer) /TLS (Transport Layer Security)
Web Browser
Web Browsers are software that allow a user to access and display web
pages on their device screens.
Retrieve
Display HTML
Features of a web browser
HINT:BAN CAR
Features of a web browser
DNS Server
https://drive.google.com/drive/u/2/my-drive 128.17.134.2
Flow to retrieve a web page Using the IP address, the
computer now sets up a
communication with the website
server and the
required pages are downloaded.
https://drive.google.com/
128.17.134.2
5
128.17.134.2
5
HTML
<h1> ....
</h1>
Cookies
Cookies
• They are temporary cookies that are deleted when you close your
web browser.
• They provide information on your browsing while you are on that
particular website.
• They stop to exist on a user's computer once the browser is closed
or the website session is terminated.
• Example: Shopee (we do not need to log in again even if we
switch page)
Persistent Cookies
• They have expiration dates and are stored in a folder on your computer (hard
drive) until they are expire or the user deletes them.
• They make websites appear to remember a user on the next visit.
• They remain even after the browser is closed or the web session is
terminated.
• Examples
• Login details
• Save users' items in a virtual shopping cart
• Online financial transactions (Do you want to remember this card)
Flow of how cookies are used
Person A Person B
Person A Person B
MINER
- Use the power of their personal computers to process transactions.
The reward for doing so is that miners receive some of the transaction
fees involved in the process of payment made.
Decentralisation - Cryptocurrency
• Traditional digital currencies are regulated by central banks and governments. This
means all transactions and exchange rates are determined by these two bodies.
• Cryptocurrency has no state control and all the rules are set by the cryptocurrency
community itself.
• The cryptocurrency system works by being within a blockchain network which
means it is much more secure.
Blockchain
A technology that sits behind all cryptocurrency
transactions. It makes all sorts of cryptocurrency safe to
use.
Blockchaining - How cryptocurrency work?
• Blockchain is a decentralised database.
• All the transactions of networked members are stored on this database.
• The blockchain consists of a number of interconnected computers but they are not
connected to a central server.
• All transaction data is stored on all computers in the blockchain network.
Blockchaining - A chain of blocks
Blockchaining - A chain of blocks
Hash: A4BF
Previous Hash: 0000
Blockchaining - A chain of blocks
Let's change the transaction in this block. Oops, what's the consequence of this?
Blockchaining - A chain of blocks
Hackers will find it hard to re-create block 3 and 4, due to proof-of-work, which makes sure it
takes 10 minutes to add a block to the chain.
THIRD REASON: The exact blockchain is stored in all the computers in the networks.
Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1
Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1
I Hack This!
All nodes within this network creates a consensus. Majority wins. This means that hacker will
have to tamper a block in more than half of the nodes, which is impossible.
Failed!
Cyber Security
Cyber Security
Threat
Cyber Security
Threats Solutions/Prevention
Cyber Security
Threats Solutions/Prevention
Cyber Brute-Force
B Attack D DDOS Attack
Security
Threat
Data Interception
D H Hacking
M Malware
P Phishing
Social
P Pharming
S Engineering
Cyber Brute-Force
B Attack D DDOS Attack
Security
Threat
Data Interception
D H Hacking
M Malware
P Phishing
Social
P Pharming
S Engineering
B Brute-Force Attack
Security
Threat
Data Interception
D H Hacking
M Malware
P Phishing
Social
P Pharming
S Engineering
DDistributed Denial of Service (DDOS)
Patient ..
DDistributed Denial of Service (DDOS)
How does it attack?
x100000
DDistributed Denial of Service
Distributed = Many computers
Denial of Service = Deny user from
(DDOS)
using a service
How does it attack?
A criminal can use a software that The server becomes overloaded and won't be able to
force thousands of innocent service a user's legitimate request. It will slow the
computers around the world to send a website down or cause it to go offline altogether.
viewing request to a web server.
Sorry can't
do it!
x100000
DDistributed Denial of Service (DDOS)
Signs to detect a DDOS attack
Security
Threat
Data Interception
D H Hacking
M Malware
P Phishing
Social
P Pharming
S Engineering
DData Interception
Encryption of data.
Eg. Wired Equivalency privacy (WEP)
Security
Threat
Data Interception
D H Hacking
M Malware
P Phishing
Social
P Pharming
S Engineering
HHacking
Security
Threat
Data Interception
D H Hacking
M Malware
P Phishing
Social
P Pharming
S Engineering
M Malware = Malicious Code Software
Malware are pieces of software that have been written and coded with the
intention of causing damage to or stealing data from a computer or system.
Trojan Ransomware
Virus Worm Spyware Adware
Horse
V Virus
• Viruses are programs or program codes that self-replicate with the intention
of deleting or corrupting files, or causing a computer to malfunction.
• Viruses need an active host program on the target computer or an operating
system that has already been infected, before they can actually run and
cause harm.
• Viruses are often sent as email attachments, reside on infected websites or
on infected software downloaded to the user’s computer.
Trojan Ransomware
Virus Worm Spyware Adware
Horse
T Trojan Horse
• A trojan horse is malware that is hidden away in the code of software that appears to
be harmless. A Trojan horse replaces all or part of the legitimate software with the
intent of carrying out some harm to the user’s computer system.
• They need to be executed by the end-user. They usually arrive as an email
attachment or are downloaded from an infected website
• Once installed on the user’s computer, the Trojan horse will give cyber criminals
access to personal information on your computers, such as IP addresses, passwords
and other personal data. Spyware and ransomware are often installed on a user’s
computer via Trojan horse malware.
Trojan Ransomware
Virus Worm Spyware Adware
Horse
W Worm
• A type of stand-alone malware that can self-replicate. Unlike viruses, they don't need
an active host program to be opened in order to do any damage.
• Worm replicates itself until the computer's resources are used to their maximum
capacity and no further processing can take place, leading to system failure and
crashing.
• Worms tend to be problematic because of their ability to spread throughout a
network without any action from an end-user; whereas viruses require each end-user
to somehow initiate the virus.
Trojan Ransomware
Virus Worm Spyware Adware
Horse
S Spyware
Trojan Ransomware
Virus Worm Spyware Adware
Horse
A Adware
Trojan Ransomware
Virus Worm Spyware Adware
Horse
R Ransomware
• Ransomware are programs that encrypt data on a user’s computer and ‘hold the
data hostage’.
• The cybercriminal waits until the ransom money is paid and, sometimes, the
decryption key is then sent to the user.
Trojan Ransomware
Virus Worm Spyware Adware
Horse
Flashcard
THE
DIFFERENCE
BETWEEN VIRUS
AND WORMS
VIRUS NEEDS
AND ACTIVE
HOST, WORMS
DO NOT.
Flashcard
HOW IS VIRUS
SENT TO A USER
VIA EMAIL
ATTACHMENTS,
INFECTED
SOFTWARE/
WEBSITE
Flashcard
Once installed on the user’s computer, I
will give cyber criminals access to
personal information on your computers,
such as IP addresses, passwords and other
personal data. Spyware and ransomware
are often installed on a user’s computer via
ME.
WHO AM I?
TROJAN HORSE
Flashcard
Security
Threat
Data Interception
D H Hacking
M Malware
P Phishing
Social
P Pharming
S Engineering
P Phishing
• Sending out legitimate-
looking emails designed to
trick the recipients into
giving their personal details
to the sender of the email.
• These emails may contain
links or attachments, when
initiated, take the user to a
fake website to enter personal
details.
P Phishing
• Sending out legitimate-
looking emails designed to
trick the recipients into
giving their personal details
to the sender of the email.
• These emails may contain
links or attachments, when
initiated, take the user to a
fake website to enter personal
details.
Clickbait
P Phishing
Can you find something that is
not so right?
P Phishing - Legit Emails
P Phishing
Ways to prevent phishing
Security
Threat
Data Interception
D H Hacking
M Malware
P Phishing
Social
P Pharming
S Engineering
P Pharming
• Redirect user from a genuine website to a fake one, with the hope that
this goes unnoticed. They manipulate the DNS server.
• A user may then be prompted to enter login details, and this can then
be collected by a criminal for use on the genuine site.
• Pharming attacks occur when web servers are attacked, and code is
inserted into a website that redirects visitors (changing the IP address).
Examples:
Cyber Brute-Force
B Attack D DDOS Attack
Security
Threat
Data Interception
D H Hacking
M Malware
P Phishing
Social
P Pharming
S Engineering
S Social Engineering
• This form of cyber-crime is where users are manipulated into behaving in a way
that they would not normally do.
• Five common types of threat:
• Instant messaging (malicious link embedded in message)
• Scareware (tell you that your computer is infected with virus)
• Email (genuine looking emails)
• Baiting (leave a pendrive where it can be found)
• Phone calls (asks you to download special software)
• All threats above are effective methods for introducing malware.
• The whole idea of social engineering is the exploitation of human emotion (fear,
curiosity, empathy and trust).
EXAM QUESTION(MARCH19)
EXAM QUESTION
EXAM QUESTION
EXAM QUESTION(MARCH19)
EXAM QUESTION
EXAM QUESTION
Cyber Security
Solutions
and
Prevention
Cyber Security
Threats Solutions/Prevention
Cyber A Access Level A Anti-Malware
S communications
F Firewalls
Privacy
P Setting P Proxy Server
Secure Socket
S Layer
Cyber A Access Level A Anti-Malware
S communications
F Firewalls
Privacy
P Setting P Proxy Server
Secure Socket
S Layer
A Access Level
• This method of protection is hugely important in organisations where
there are lots of users accessing a network (eg. Havil Computer Lab).
• User will be assigned different levels of access depending on the role
they have. It ensures that users' behaviour can be controlled while they
use a computer on a network.
• When using databases, levels of access are important to determine who
has the right to read, write and delete data.
Cyber A Access Level A Anti-Malware
S communications
F Firewalls
Privacy
P Setting P Proxy Server
Secure Socket
S Layer
A Anti-malware
• Danger of malicious software
• Theft of company data
• Corruption of data (data becomes unreadable)
• Hence, a network should have anti-malware and anti-virus applications
installed that protect all devices on the network (just like a vaccine to
covid).
Types of Anti-malware
S communications
F Firewalls
Privacy
P Setting P Proxy Server
Secure Socket
S Layer
A Authentication
Password
Biometrics Two-step Credit Card &
and user Authentication verification Hotel Card
names
P Password and user names
Password
and user
names
Let's try this out
Password
and user
names
T Tips for a stronger password
• Combine different types of character (lowercase, uppercase, special
character)
• Don't put in pattern in your passwords (eg. cabbag3), use random patterns
eg. Hp3oe7Ls*(!kajmc)
• Don't use the same passwords for all accounts
• Be aware of spyware that tries to steal your passwords (via keyboard stroke)
Password
and user
names
B Biometric Authentication
Biometric
Authentication
B Biometric Authentication
• Biometrics relies on certain unique characteristics of human beings:
• Fingerprint scans (compare image stored versus image scanned;
fingerprints are unique)
• Face recognition
• Voice recognition
Biometric
Authentication
T Two-step verification
Two-step
verification
C Credit Card & Hotel Card
• Hotel card has magnetic stripe on the back of the card. These stripe will
store personal information.
• Credit card (or any smart card) has a chip that is read when inserted into an
Electronic Funds Transfer Point of Sale. The chip can hold a lot of
information (eg. Pin).
S communications
F Firewalls
Privacy
P Setting P Proxy Server
Secure Socket
S Layer
A Automating Software Updates
• Why?
A Automating Software Updates
A Automating Software Updates
• This ensures that applications like
operating systems, anti-virus and other
commonly used pieces of software are
always operating with the latest
version installed.
• Greater threats are constantly evolving
and that anti-virus companies are
always attempting to stay up to date
with new attacks.
Cyber A Access Level A Anti-Malware
S communications
F Firewalls
Privacy
P Setting P Proxy Server
Secure Socket
S Layer
S Spelling and Tone in communications
www.gougle.com
www.amozon.com
Cyber A Access Level A Anti-Malware
S communications
F Firewalls
Privacy
P Setting P Proxy Server
Secure Socket
S Layer
F Firewall
• A firewall can be either software or hardware. It sits between the user’s computer and an
external network (for example, the internet) and filters information in and out of the
computer.
F Firewall
• A firewall can be either software or hardware. It sits between the user’s computer and an
external network (for example, the internet) and filters information in and out of the
computer.
• Firewalls are the primary defence to any computer system to help protect it from hacking,
malware (viruses and spyware), phishing and pharming.
• Main tasks
• Examine the ‘traffic’ between user’s computer (or internal network) and a public network
• checks whether incoming or outgoing data meets a given set of criteria.If the data fails
the criteria, the firewall will block the ‘traffic’
• criteria can be set so that the firewall prevents access to certain undesirable sites; the
firewall can keep a list of all undesirable IP addresses
• The firewall can be software installed on a computer; in some cases, it is part of the operating
system.
Cyber A Access Level A Anti-Malware
S communications
F Firewalls
Privacy
P Setting P Proxy Server
Secure Socket
S Layer
P Privacy Setting
• Privacy settings are the controls available on web browsers, social networks and other
websites that are designed to limit who can access and see a user’s personal profile.
• Examples:
• "Do not track" setting
• Allow payment method to be saved (avoid the need to key in information everytime,
which is dangerous)
• Safer browsing
• App (sharing of location)
P Privacy Setting - Phone and
Cyber A Access Level A Anti-Malware
S communications
F Firewalls
Privacy
P Setting P Proxy Server
Secure Socket
S Layer
P Proxy Server
S communications
F Firewalls
Privacy
P Setting P Proxy Server
Secure Socket
S Layer
S Secure socket layer
Certificate
An SSL certificate is a form of digital certificate which is used
to authenticate a website and enables an encrypted connection
S Secure Socket Layer Handshake
The user’s browser sends a The browser then requests The web server responds by
message so that it can connect that the web server identifies sending a copy of its SSL
with the required website itself certificate to the user’s
which is secured by SSL browser
A user will know if SSL is being applied when they see https or the small padlock in
the status bar at the top of the screen.
S How do we know if a website is using SSL?
Examples of where SSL will be used:
• Online banking and all online financial transactions
• Online shopping/commerce
• Sending and receiving emails
• Instant messaging
S communications
F Firewalls
Privacy
P Setting P Proxy Server
Secure Socket
S Layer
EXAM QUESTION(JUNE21)
EXAM QUESTION(MARCH19)
EXAM QUESTION(JUNE21)
EXAM QUESTION(MARCH19)
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)
EXAM QUESTION(MARCH21)
EXAM QUESTION(MARCH21)
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)