Unit 9 - Security and data management
Network Security
Risks to data become greater as it is shared across a network.
Unauthorised access to a network can allow the hacker to see all of the stored data.
To secure a network requires appropriate level of access (restricting people to the data/software they need to do their jobs), secure passwords and encryption (coding the contents of emails, etc.).
Network Security: User access levels
It is not sensible or safe for every network user to have access to all the data on a computer system
User access levels define which users can change and view, view but not change, or not view stored data
It will also specify what software they can or can’t access.
Network Security: Suitable passwords
Passwords add an additional layer of security when accessing a computer system.
Strong passwords may require the user to use a combination of upper and lower case letters, numbers and symbols such as @ ! ~ - / \ %.
Other users can guess short simple passwords, or a hacker may have access to programs that brute force attack - trying multiple guesses in quick succession until the correct password is found.
Strong passwords are much harder to guess and will take longer to brute force
Cybersecurity
Cybersecurity refers to the range of measures that can be taken to protect computer systems, networks and data from unauthorised access or cyberattack.
Types of Cybersecurity
Malware - short for malicious software, malware is a broad term used to describe software used to disrupt computer operation.
Viruses - a computer program that is able to copy itself onto other programs often with the intention of maliciously damaging data. A virus requires an attack vector - 'piggybacking' on another program or data file.
Worms spread from device to device, but unlike a virus they don’t need to attach themselves to other files (attack vectors) - worms can copy themselves hundreds of times, so they can very quickly harm your device and other devices. A worm might copy itself onto your email account and then send a copy to all of your email contacts, for example.
Key loggers - covert programs that capture keyboard (or other input device) input and transmit this data to a third party or hold the data for collection. Onscreen keyboards or Bluetooth keyboards are a method of protection against keyloggers
Spyware. Installed by opening attachments or downloading infected software. Spyware can be used to collect stored data without the user’s knowledge.
Trojans. A Trojan is a program that appears to perform a useful function, but also provides a ‘backdoor’ that enables data to be stolen/damaged.
Protection Against Malware
Virus protection (anti-virus ) software is loaded into memory when the computer is running and monitors activity on a computer system for the signs of virus infection.
Each virus has a unique ‘signature’ that is known to virus protection software and stored in a database.
Data stored on a computer system is scanned to see if any of the virus signatures within the database exist on the system. There are many thousands of known viruses, and new viruses are created daily. Virus protection software therefore needs to be updated regularly to combat these.
Firewalls - software or hardware security that controls incoming and outgoing network traffic by analysing data packets to decide whether they should be allowed through or not.
Firewalls monitor where data has come from and where it is going and to determine if it is allowed. It does this by checking a list of pre-defined rules.
Keep your operating system and application software up to date. New ways to bypass the operating system’s built-in security are often discovered and can be covered by installing the security patches issued by the operating system manufacturer.
Look out for phishing emails. Emails that ask you to confirm personal details are usually fakes. They should be caught by the spam filter, but be suspicious and do not provide any sensitive information.
Protecting software systems
Secure by design makes software systems as free of vulnerabilities as possible through continuous testing. When systems are designed, it is assumed that the new system will be attempted to be hacked, so proper security are built-in from the beginning, not as afterthought, and so reduce the need for addressing vulnerabilities and patching security holes as they are discovered in use.
Buffer overflows can occur when the system requires more memory than was originally allocated and uses other memory to overcome this. This can cause a system to crash or can create a potential entry point for a cyberattack.
Too many permissions - Different users of a system may have different permissions about how they can view and use data.