Cyber security
Cyber security
- Cyber security keeps computers, networks and data safe from attack.
- You must know the main threats, the types of malware, and how to protect data.
- Many attacks trick people, not just computers.
Threats
- Brute force — trying many passwords quickly until one works.
- Data interception — "listening in" to steal data as it travels.
- DDoS — flooding a server with requests so it can't respond (the site goes down).
- Hacking — gaining access without permission.
- Phishing — fake messages that trick you into giving details; pharming — secret code sends you to a fake site even when you type the right address.
- Social engineering — tricking a person (e.g. pretending to be the boss).
Practice
A brute force attack works by:
Brute force tries password after password until it gets in.
Practice
A DDoS attack:
A distributed denial-of-service overwhelms a server so genuine users can't reach the site.
Practice
How does pharming differ from phishing?
Phishing tricks you with fake messages; pharming silently redirects a correct address to a fake site.
Malware
- Virus — attaches to a file and copies itself when the file is opened.
- Worm — copies itself across a network on its own, with no file needed.
- Trojan horse — pretends to be useful, but harms once installed.
- Spyware — secretly records what you do (e.g. keystrokes); adware — floods you with adverts; ransomware — locks your files and demands payment.
Practice
How does a worm differ from a virus?
A worm self-spreads over networks; a virus needs an infected file to be opened.
Practice
Match each item to what it is.
Ransomware extorts; spyware spies; DDoS overwhelms a server.
Keeping data safe
- Access levels (each user sees only what they need), anti-malware, and a firewall (checks and blocks network traffic).
- Authentication — proving who you are: a password, biometrics, or two-step verification.
- Automatic software updates (fix weak points), checking a message's spelling/tone and a link's URL, privacy settings, and a proxy server (hides your IP, filters content).
Practice
Two-step verification improves security by:
Adding a second factor (a phone code or biometric) means a stolen password alone is not enough.
You've got it
Key idea
- threats: brute force, interception, DDoS, hacking, phishing/pharming, social engineering
- malware: virus (file), worm (network), Trojan, spyware, adware, ransomware
- protect with access levels, anti-malware, firewall, authentication/2FA, updates, proxy server
- many attacks target people — check spelling, tone and the URL