Please enable JavaScript.
Coggle requires JavaScript to display documents.
Unit 9 - Security and Data Management Part 2 - Coggle Diagram
Unit 9 - Security and Data Management Part 2
Cyber Security
Cybersecurity refers to the range of measures that can be taken to protect computer systems, networks and data from unauthorised access or cyberattack.
Malware - short for malicious software, malware is a broad-spectrum term used to describe software used to disrupt computer operation.
Worms can spread from device to device, but unlike a virus they don’t need to attach themselves to other programs (attack vectors). Worms can copy themselves hundreds of times, so they can very quickly harm your device and other devices. A worm might copy itself onto your email account and then send a copy to all of your email contacts, for example.
Viruses - a computer program that is able to copy itself onto other programs often with the intention of maliciously damaging data. A virus requires an attack vector - 'piggybacking' on another program or data file.
Key loggers - covert programs that capture keyboard (or other input device) input and transmit this data to a third party or hold the data for collection. Bluetooth keyboards are an addition method of securing against these
Spyware. Installed by opening attachments or downloading infected software. Spyware can be used to collect stored data without the user’s knowledge.
Trojans. A Trojan is a program that appears to perform a useful function, but also provides a ‘backdoor’ that enables data to be stolen/damaged.
Protection Against Malware
Virus protection (anti-virus ) software is loaded into memory when the computer is running and monitors activity on a computer system for the signs of virus infection.
Each virus has its own unique ‘signature’ that is known to virus protection software and stored in a database.
Data stored on a computer system is scanned to see if any of the virus signatures within the database exist on the system. There are many thousands of known viruses, and new viruses are created daily. Virus protection software therefore needs to be updated regularly to combat these.
Firewalls - software or hardware security system that controls incoming and outgoing network traffic. Data packets are analysed to determine whether they should be allowed through or not.
The firewall monitors where data has come from and where it is going and to determine if this communication is allowed. It does this by checking a list of pre-defined rules.
Keep your operating system up to date. New ways to bypass the operating system’s built-in security are often discovered and can be covered by installing the security patches issued by the operating system manufacturer.
Use the latest versions of web browsers. As for operating systems the manufacturers of web browsers seek to continually improve their products and remove possible security vulnerabilities.
Look out for phishing emails. Emails that ask you to confirm personal details are usually fakes. They should be caught by the spam filter, but be suspicious and do not provide any sensitive information.
If you suspect you have malware on your computer, you will need to download and run a malicious software removal tool that should detect and remove malware not blocked by the anti-virus software.
Forms of Cyberattack
Specific forms of attack include:
Shoulder surfing - using direct observation to get information, by standing next to someone and watch as they fill out a form, or enter a PIN number, but shoulder surfing can also be carried out long distance with the aid of binoculars or even CCTV.
SQL injection - SQL is a programming language for interrogating data. SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve.
DoS attack - Denial of service (DoS) attacks attempt to make your website and servers unavailable to legitimate users by swamping a system with fake requests—usually in an attempt to exhaust server resources. A DoS attack will involve a single Internet connection. Distributed denial of service (DDoS) attacks are launched from multiple connected devices that are distributed across the Internet.
IP address spoofing - involves an attacker changing the IP address of a legitimate host so that a visitor who types in the URL of a legitimate site is taken to a fraudulent or spoofed web page. The attacker can then use the hoax page to steal sensitive data, such as a credit card number, or install malware.
Social engineering - Social engineering involves tricking a user into giving out sensitive information such as a password, by posing as a legitimate system administrator.
Phishing - a phishing email asks a person to send personal details but pretends to be from a business. They can often look convincing but may contain spelling errors or URLs that do not match the business's website. When a person clicks on these links and logs in, it sends their username and password to someone who will use it to access their real accounts. This information might be used to steal a person’s money or identity, or may contain malware.
Pharming - redirects a user from a genuine website to a fake one. The fake website will look like the genuine one, but when a person logs in, it sends their username and password to someone who will use it to access their real accounts. One way that a pharming cyberattack can redirect traffic from a genuine website to a fake one is if the Domain Name Servers (DNS) of the website are hacked, and the IP address is changed to become the address of the pharming site.
Identifying vulnerabilities
Footprinting
Footprinting is the first and most convenient way that hackers use to gather information about computer systems and the companies they belong to. The purpose of footprinting is to learn as much as you can about a system, its remote access capabilities, its ports and services, and the aspects of its security
Ethical hacking
Ethical hacking is carried out with the permission of the system owner to cover all computer attack techniques.
An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers.
This information is then used by the system owner to improve system security.
Penetration testing is ethical hacking that tests a computer system or network to find vulnerabilities that an attacker could exploit.
The tests can be automated with software applications or they can be performed manually.
1 more item...
Protecting software systems
Secure by design seeks to make software systems as free of vulnerabilities as possible through such measures as continuous testing and adherence to best programming practices. At the design stage, it is assumed that the new system will be the subject of hacking attempts. Security measures are considered to ensure security is not an afterthought and so reduce the need for addressing vulnerabilities and patching security holes as they are discovered in use.
Some examples of attacks that should be prevented during design and testing include:
Buffer overflow attacks
buffer overflow occurs when a program tries to store more data in a buffer (temporary data storage area) than it was intended to hold and the overflow data may contain codes designed to change data, or disclose confidential information. Thorough testing, particularly of any library routines used, will help to prevent this type of attack.
Permissions
Every time you want to install an app you are asked to give permission for the software to access certain settings and features of your device e.g. Facebook's Messenger app requires permission to access a large amount of personal data and requires direct control over your mobile device.
It is unlikely that many of those who downloaded this app read the full ‘Terms of Service’ before accepting them. It is not always easy to understand what you are permitting an app to do. Should you uninstall an app because its permissions are suspicious?
Scripting restrictions
Same Origin Policy (SOP) is a security measure that prevents a web site's scripts (small programs to automate tasks on a website) from accessing and interacting with scripts used on other sites.
Running scripts from other sites would be dangerous because a malicious script from a compromised site could interact with a script from a legitimate site without restriction, potentially leading to malware infections or sensitive data being compromised.
A programmer can control the range and type of scripts allowed by setting the restrictions in, e.g. an HTML page header, or by using standard script execution settings such as unrestricted, trusted, restricted etc.
Accepting parameter without validation
Dynamically generated HTML pages (such as Amazon.co.uk) can introduce security risks if inputs are not validated. Malicious script can be embedded within input that is submitted to web pages and this could then appear to browsers as originating from a trusted source.
Approaches to prevent this type of cross-site scripting attack rely on the design of validation rules that will check and filter input parameters.
The role of cookies
Cookies are data stored on a computer system that allow websites to store a small amount of uniquely identifying data on your computer system while you are visiting.
They are useful as the website can then identify you in future without requesting that you identify yourself each time, i.e. by entering a username and password.
Another use of a cookie would be when adding items to a shopping basket over a period of time. The cookie allows you to store this information between separate browsing sessions. Some are concerned these pose a privacy threat