×
Security Exercises

Security

Standard and Higher Level

Security is the process of protecting hardware, software and data from unauthorised access, while at the same time allowing those authorised users to perform their work.

Security problems can have massive implications for individuals, organisations and even governments. Unauthorised users can access data, alter or destroy it.

Authentication

Authentication is all about users proving their identity so that a system knows that they are genuine, authorised users. Authentication can be divided into three main areas:

Something you know, something you have, something you are.

Something you know - examples include usernames and passwords and PINs. There are usually stipulations for what format these should be in. For example, passwords containing mixtures of letters and numbers as well as upper and lower case letters. The hardest passworda to guess are those that are a random combination of characters rather than an actual word.

Something you have - A physical object used to authenticate you. A simple example would be your house keys; you can't get in without them! Security tokens for online banking or One Time Passwords that are sent to mobile devices are also used to help authenticate a user. Apple and Google now have multi factor authentication that relies on a user checking their other devices to receive passwords pushed there in real-time.

Something you are (Biometrics) - The process of using a part of a person's body to identify them. Biometrics cannot be lost or stolen and they are unique for each separate user (fingerprints and retina are never the same). There are some issues with the accuracy of the scanning, and sometimes users may need to scan their fingerprint or retina more than once to make it work, but as technology develops, the accuracy as also improved. If a system fails to recognise a user, it is known as a false negative. If a system mistakenly recognises a user who isn't registered, then it is known as a false positive.

Before a user can have access to a system via biometrics they must enroll their data into the system. The system does not store an image of a fingerprint or retina but rather than pattern of various points between elements of the fingerprint or retina. Depending on who a biometric sample belongs to allows a system to determine the level of access they have to the system. For example, an administrator's fingerprint might give them access to all of a system.

Hacking

Hacking means to gain unauthorised access to a computer system.

Several methods have been developed by hackers to gain access to systems. They include social engineering, which is basically tricking someone into revealing their password. This could be by looking over their shoulder or via a technique known as phishing which sends an email posing as a legitimate service, for example the bank, requesting users to send their details to the bank for spoof security reasons.

Packet sniffers capture data as it travels across a network and looks for content that could be usernames and passwords by identifying patterns in the content.

Keyloggers are pieces of software designed to capture every key pressed by a user on a keyboard into a log. This log can then be studied to try and identify usernames and passwords later.

A password cracker is a piece of software that tries every single possible combination of characters until it reaches the correct one (this is called a brute force method), or a dictionary attack in which common words and phrases are used until the correct one is guessed.

Malicious Software

Viruses - Malicious programs designed to replicate themselves and cause damage to computer systems (for example, deleting important operating system files). They are usually spread via email as attachments that when the user opens, allows the virus to run and do the damage.

Worms - Very similar to virus but do not need user interaction to spread. They can identify devices on a network and copy themself to all machines that are connected. They might also find a user's contacts and copy itself to all of them automatically.

Trojan Horses - Does not spread on it's own, but tricks users into downloading and running them. Once run, the Trojan Horse usually installs some kind of spyware.

Spyware - A form of malware that monitors user's activities without their knowledge.

Impacts - Data destruction is a common result of malicious software. Some display messages on screen while others can erase entire directories of data. Some overload the computer with so many processes to slow the machine down, and some have been known to do that while disabling the computer fan in order to permanently physically damage the machine.

Drive-by downloads - Programs that are downloaded in the background when a user visits a website. Operating Systems have improved their security over time to help counteract this.

Denial of Service attacks - This involves bombarding a system with so many requests that it is unable to keep up and as a result, slows down the system considerably. Anybody else wanting to use the system would not have the chance. Sending a DDOS (Distributed Denial of Service) attack to a website from multiple locations around the world could potentially stop the website from functioning or even loading for anyone trying.

Spam

Spam is unwanted messages sent to many users at the same time.

Techniques include emails that have hook lines such as 'here is the important item you requested' or 'you are now a millionaire' to entice users to open the email. Sometimes in those emails there is a virus or worm.

Many popular email service providers such as Google with GMail have spam filters on the inbox to help identify these emails from unusual domains and seclude them in a separate folder.

Phishing

Phishing is a more advanced form of spam. They attempt to impersonate genuine organisations such as banks in order to acquire the users personal data. They are often very professional looking and to the untrained eye may appear completely genuine. The best way to tell is by checking the sender address. If it is not a domain owned by the details of who the email appears to be from then it is likely to be fake. Related scams include smishing and vishing using messages and telephone calls instead of email.

Pharming

Pharming, or DNS Poisoning, is another technique used to direct users to fake websites that appear to be genuine to have them enter their details in for collection. It involves changing a DNS server's settings to point users to the fake site even when they enter a genuine URL/address.

ID theft is a direct result of Phishing as acquiring a person's data will allow a criminal to set up accounts or credit cards in someone else's name. It is estimated that business lose over $220 billion per year from identity theft.

Encryption

Encryption is needed to protect data from unauthorised access while it is being sent from one place to another. Encryption used encryption keys to transform the message (plaintext) into something that is not understandable by anyone who reads it (ciphertext). Secret key encryption (as per the diagram) is when the same key is used to encrypt and decrypt the message. Public key encryption is when a different key is used to encrypt and decrypt the message. Digital Signing is the process of providing a certificate that can prove someone's identity online. Whena recipient receives a message, they can check the certificate to verify that the sender is genuine. A Certificate Authority works to verify the owner of that certificate.

Wireless Security

Wireless networks present a bigger risk than wired networks as anyone in the range of the network could potentially connect. To prevent unauthorised users joining a network, there can be a password that encrypts the connection. WEP (Wireless Encryption Protocol) and WPA2 (WiFi Protected Access II) are standards that stop users from connecting without the password. Another method of security on wireless networks is MAC (Media Access Controller) filtering, which only allows a pre-approved whitelist of network hardware (in devices) to connect. SSID (Service Set Identifier) can be used to distinguish a network from others in the same vicinity, and can also be hidden from public view so that only people who know the SSID and WPA2 can join it.

Physical Security

Physical security for computer systems can include things like locks on computer room doors, alarms to detect intruders and special security cables called Kensington Locks can be used to attach machines to anchored points so they cannot be opened or stolen. USB avoidance is the act of making a point not to use USB drives to stop the spread of viruses and other malware. Some businesses have even been known to fill the USB ports of the machines on their networks with glue to make them unusable!

Other Resources

Paper 1

Slightly different examinations for SL and HL, based on answering 20 mark questions on a selection of the course topics.

Paper 3

For HL students only, answering questions on the pre-seen case study. This year is 'A Doll Called Alicia'.

Extended Essay

Details and recommendations for students considering writing their Extended Essay in ITGS.

Command Terms

How to approach examination questions that use each of the prescribed command terms for ITGS.