Cyber Security

Cyber Security consists of the processes, practices and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access.

There is a growing number of threats to computer security, and with the increased reliance on technology for storing important and sensitive data, it is becoming more and more important to protect computers from attack.

Some of the threats include:

1. *Social engineering techniques (manipulating people into giving up sensitive information)
2. *Malicious code (software designed to do damage to or steal information from a computer system)
3. Weak and default passwords
4. Misconfigured access rights
5. Removable media
6. Unpatched and/or outdated software.

*You need to know about social engineering and malicious code in detail, so these are covered in a separate lesson.

Weak and Default Passwords

Passwords can be a fantastic way of protecting a computer from unauthorised access - if you don’t have the password, you can’t get in. However, a lock is only as strong as the key, and using easy to guess passwords means that a would-be cracker or hacker may be able to get into the system with a lucky guess.

According to SplashData, in 2017, the two most common passwords were ‘123456’ and ‘password’, and they have held the title for the past four years! So if someone were to try to get into one of the accounts with these passwords, it is pretty clear that it wouldn’t take them long to guess.

Passwords should contain a combination of lower and upper case characters, numbers and symbols so that it is hard to crack it using brute force:

1. numbers (10 different ones: 0-9)
2. letters (52 different ones: A-Z and a-z)
3. special characters (32 different ones).

Also, the longer the password is, the harder it is to guess. In fact, as the length increases, the number of possible passwords increases exponentially. For example, a password containing just 5 letters (selected from any of the 94 possible characters) would have 7,339,040,224 possible combinations, and take around 3.7 seconds to crack with a brute force attack. A password with 1 more character, would have 689,869,781,056 possible combinations, and take around 345 seconds to crack - nearly 100 times longer! Increasing the length of the password two 12 characters would take a whopping 7.5 million years to crack…

Another weakness of passwords is using the default password provided. For example, using the default settings for a home wifi means that people who are able to pick up the signal, may be able to gain access by recreating the original algorithm used to generate the default password. Once in, they have access to all the devices already connected to the home network.

Misconfigured Access Rights

These relate to users being given access to information they should not have access to. By using user accounts, network managers are able to restrict access to specific users on any network, and only allow them to have access to what they are expected to.

However, in some situations these may not be set up correctly, and users may end up having access to a part of the network that they should not be on. Opportunist would-be cyber criminals could make use of this to steal information they should not have access to, install malware on the system, or just cause damage.

Removable Media

USB sticks and other removable media are great tools to be able to transfer data between devices. However, they they can be used for nefarious purposes. In fact rarely a spy-movie goes by without one of the characters gaining access to the enemy’s computer and downloading secret files to their USB drive. Or perhaps a classic ‘malware’ put into the central server via a USB stick so they are able to take control of the whole system.

These threats may seem rather cliched now, but they are still real. Many businesses for example have strict rules in place about what removable media can be used.

In addition, in some companies, will only allow the use of encrypted USB sticks, which mean that if they were forgotten on a train somewhere, or someone was able to grab it out of a computer, they would be unable to access the content of the drive.

Unpatched and/or Outdated Software

No piece of software is without bugs, and the more complex the piece of software, the more likely there is to be a bug lurking. Some of these bugs are small, such as the occasional glitch, but some can be very serious, such as the recent Spectre and Meltdown bugs. These affected any device which used an Intel processor, and effectively gave hackers the opportunity to steal data by making use of how the processors went about processing the tasks.

Once a bug in a piece of software is discovered, the software engineers who created it will release a ‘patch’. This is a piece of code that will fix the hole in the original piece of software so that the weakness can’t be exploited. If software isn’t patched, then hackers can make use of the flaws in the system to gain unauthorised access to the information stored on it.

Software is only secure if the developers are actively creating patches when security flaws are discovered. Old software that is no longer supported by its developers will not receive patches, and so security flaws can go unfixed for long periods of time or even forever.

For example, the worldwide WannaCry attack that took down the NHS in 2017 was successful thanks to an error in old Windows XP code which Microsoft no longer supported. Due to the cost of upgrading, many computers in the NHS were still using this old software, which meant their computers were susceptible to the attack.

True or False?Biometric data uses measurements about you to confirm your identity.

True

True or False?Penetration testing is used to find flaws in a system.

False

True or False?White-box penetration testing means the tester has no information about the system.

False

Penetration Testing

Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access. It is a very useful way of testing systems to identify where weaknesses are in the system, such as any software bugs or default passwords.

There are two types of penetrating testing:

1. Internal
2. External

The aim of a Internal penetration test is to simulate a malicious insider who has knowledge of and possibly basic credentials for, the target system. In this situation, the hacker may have some of the information about how the system works already, so will be able to use this to identify possible holes prior to starting the testing.

The aim of a External penetration test is to simulate an external hacking or cyber warfare attack. In this situation, the hacker would have no understanding of how the system works, and would look for any possible weaknesses or flaws using a trial and error approach. One of the first things they may attempt is to access the wireless network, as this is one of the greatest weak points in any network.