Securing Computer Systems
Time 8.3 hrs

Difficulty Intermediate
Prerequisites Teardown & Rebuild (PC)
Departments Human Technologies
Authors Ross Parker
Groupings Individual
Minimum Year Group None

Blurb

Computers store all our personal, financial and critical information: shouldn't you know how to keep things safe and secure? In this unit, you will learn how.

License

This work is shared under the following license: Creative Commons BY-SA-NC

Outline

The Pitch
Why should I bother learning this?
  • Computers store all our personal, financial and critical information
  • Shouldn't you know how to keep things safe and secure?
Resources
What is needed to run this unit?
  • Laptop
  • Internet Access
  • Reading (these titles are all available in the ICHK Library):
Interdisciplinary Links
Do not try and force this. What areas of other subjects might this reflect and/discuss language. For IB, links with ToK.
Teacher Reflection
What was successful? What needs changing? Alternative Assessments and Lesson Ideas? What other Differentiation Ideas/Plans could be used?
Credits
Any CC attribution, thanks, credit, etc.
  • Password Security thumbnail by macrovector on freepik under Freepik License.

This page requires you to be logged in to access it. Please login and try again.
5 mins
Are You Safe?
The Pitch
  • Computers store all our personal, financial and critical information
  • Shouldn't you know how to keep things safe and secure?
20 mins
Who & Why?
Theory
  • Before continuing, the following terminological distinction is important:
    • A hacker is someone, often a programmer, who uses computer technology to find clever solutions to problems.
    • A cracker is someone who uses computer technology to break into and misuse systems belonging to others.
    • Often we say "hacker" when what we really mean is "cracker".
  • Crackers (and other similar, nefarious types) are often motivated by:
    • Money, which can be made by selling stolen information, blackmail, ransomware, spam and other means.
    • Fame, gained by being the first or best at something difficult.
    • Power, gained by putting others in a position of weakness.
    • Politics, making other people, groups or countries look bad through leaked information or system outage.
    • Curiosity, just to see if they can.
    • Boredom, nothing better to do.
    • Revenge/Justice, to avenge a perceived wrong, to punish someone bad (Anonymous do a lot of this).
120 mins
Security Threats
Theory
  • Use this time, the information below, and your own research to learn more about some common security threats.
  • Social Engineering
    • Kevin Mitnick was one of the world's most famous hackers: when he was arrested in 1995, he was top of the FBI's Most Wanted list. Whilst technically skilled, Mitnick is best known as a "social engineer": essentially, talking and tricking people into giving him confidential information. The following video tells some of his story:

  • Eavesdropping
    • Traditionally, eavesdropping means to listen in to a conversation. Some modern versions include:
      • Man-in-the-middle
      • Keystroke logging
      • Password watching
  • Phishing
    • Phishing is the art of tricking people into going to a fake, parallel system in order to give up some confidential information. The video explains more:

    • Phishing attacks often make use of something called subdomains:
      • The domain name of the bank HSBC is hsbc.com.
      • HSBC can put subdomains in front of their domain, such as www.hsbc.com, banking.hsbc.com.
      • Only HSBC has the right to do this, as they own the domain.
      • However, there is nothing to stop me from buying safebanking.com (or similar), and putting hsbc infront of it as a sub domain: hsbc.safebanking.com.
      • If I use hsbc.safebanking.com in a phishing attack, I may trick people who see hsbc, and feel safe. However, those who understand how sub domains work, understand that because it is on the left of the domain, it is not the real HSBC, and so cannot necessarily be trusted.
    • You might find the Anatomy of a Phishing Scam poster useful.
  • Identity Theft
    • Stealing and assuming someone's identity.
    • This is often done in order to commit a crime, whilst setting someone else up to take the blame.
  • Malware
    • Includes all kinds of malicious software, such as:
      • Viruses
        • A malicious program which can replicate itself.
        • E.g. Stuxnet
      • Rootkit
        • Software which gives a user unauthorised administrator access to another system
      • Keylogging
        • Software which records the keys pressed by a user
      • Spyware/Adware/Crapware
  • Spam
    • Unsolicited, bulk emails.
    • Often spam is a nuisance, but it is also often have malware is delivered and installed.
30 mins
Protect Yourself
Lessons To Learn
  • Now that you know some methods by which you can be threatened online, how can you stay safe?
  • Read through and think about these ideas, which can help keep you safe.
    • Be aware, vigilant, sensible
    • Install only safe, well known software
    • Keep all software up to date (when software wants to be updated, it is often to fix security holes which crackers might exploit).
    • Create offline backups (if your data is lost, an offline backup (e.g. one that is not attached to your computer), can help you to recover).
    • Learn to recognise spam, phishing and scams.
    • Use a strong password, pin or lock pattern to secure all devices and accounts.
      • A good password should be "easy to remember, and hard to guess".
      • Try to use at least 8 characters (10+ would be better), and combine uppercase, lowercase, numbers and punctuation.
      • XKCD provides us with a good model, which we can make more complex with some extra characters.
    • Use 2-factor authentication on your main email account(s) (if some gets into your email, they can reset all your other passwords, so email should be highly protected).
    • Always log out or lock screen before walking away from a device
    • Use anti-malware apps to scan and protect from viruses, Trojans, keyloggers, etc.
    • Be careful about what personal data you share, especially geolocation information.
      • For example, if you take a photo in your house, and your phone adds your location (aka geolocation), you should not share this photo online, as someone can use it to find where you live.
10 mins
Black, Grey & White Hats
Ethics
  • Not all crackers are bad. Consider the three types of crackers below:
    • Black Hat - crackers who break into the systems of others, without permission, for personal gain.
    • Grey Hat - crackers who break into the systems of others, without permission, in order to seek justice for others, or some other potentially positive goal (e.g. Anonymous, or these Russian crackers).
    • White Hat - someone who breaks into systems with the permission of the owner, in order to find our how to make them more secure.
  • At school we have zero tolerance for black and grey hat crackers.
  • White hat cracking is allowed, but we need to be careful that we are clearly doing it for the right reasons, in the right situation, and not using it to scare others. In order to become better at defending ourselves, we may need to practice cracking ourselves....BUT TAKE GREAT CARE.
240 mins
Further Reading
Keep On Learning
70 mins
Evidence
Finishing Up
  • As evidence, make a list of the Top 5 Security Tips You Can Give Your Parents. This should be easy to read, and explain threats and protection.
  • Submit it as evidence, and give it your parents to help keep them safe.
Records 1-1 of 1
Unit Students

Rusty Padlock image by Garretttaggs on Wikipedia share under CC BY-SA
Charlotte
Shared on 02/03/2015
Powered by Gibbon v27.0.00dev

Founded by Ross Parker at ICHK Secondary | Built by Ross Parker, Sandra Kuipers and the Gibbon community
Copyright © Gibbon Foundation 2010-2024 | Gibbon™ of Gibbon Education Ltd. (Hong Kong)
Created under the GNU GPL | Credits | Translators | Support