Securing Computer Systems
Time
8.3 hrs
Difficulty
Intermediate
Prerequisites
Teardown & Rebuild (PC)
Departments
Human Technologies
Authors
Ross Parker
Groupings
Individual
Minimum Year Group
None
Blurb
Computers store all our personal, financial and critical information: shouldn't you know how to keep things safe and secure? In this unit, you will learn how.
License
This work is shared under the following license: Creative Commons BY-SA-NC
Outline
The Pitch Why should I bother learning this?
|
|
Resources What is needed to run this unit?
|
Interdisciplinary Links Do not try and force this. What areas of other subjects might this reflect and/discuss language. For IB, links with ToK. |
Teacher Reflection What was successful? What needs changing? Alternative Assessments and Lesson Ideas? What other Differentiation Ideas/Plans could be used? |
|
Credits Any CC attribution, thanks, credit, etc.
|
This page requires you to be logged in to access it. Please login and try again.
5 mins
Are You Safe?
The Pitch
- Computers store all our personal, financial and critical information
- Shouldn't you know how to keep things safe and secure?
20 mins
Who & Why?
Theory
- Before continuing, the following terminological distinction is important:
- A hacker is someone, often a programmer, who uses computer technology to find clever solutions to problems.
- A cracker is someone who uses computer technology to break into and misuse systems belonging to others.
- Often we say "hacker" when what we really mean is "cracker".
- Crackers (and other similar, nefarious types) are often motivated by:
- Money, which can be made by selling stolen information, blackmail, ransomware, spam and other means.
- Fame, gained by being the first or best at something difficult.
- Power, gained by putting others in a position of weakness.
- Politics, making other people, groups or countries look bad through leaked information or system outage.
- Curiosity, just to see if they can.
- Boredom, nothing better to do.
- Revenge/Justice, to avenge a perceived wrong, to punish someone bad (Anonymous do a lot of this).
120 mins
Security Threats
Theory
- Use this time, the information below, and your own research to learn more about some common security threats.
- Social Engineering
- Kevin Mitnick was one of the world's most famous hackers: when he was arrested in 1995, he was top of the FBI's Most Wanted list. Whilst technically skilled, Mitnick is best known as a "social engineer": essentially, talking and tricking people into giving him confidential information. The following video tells some of his story:
- Eavesdropping
- Traditionally, eavesdropping means to listen in to a conversation. Some modern versions include:
- Man-in-the-middle
- Keystroke logging
- Password watching
- Traditionally, eavesdropping means to listen in to a conversation. Some modern versions include:
- Phishing
- Phishing is the art of tricking people into going to a fake, parallel system in order to give up some confidential information. The video explains more:
- Phishing attacks often make use of something called subdomains:
- The domain name of the bank HSBC is hsbc.com.
- HSBC can put subdomains in front of their domain, such as www.hsbc.com, banking.hsbc.com.
- Only HSBC has the right to do this, as they own the domain.
- However, there is nothing to stop me from buying safebanking.com (or similar), and putting hsbc infront of it as a sub domain: hsbc.safebanking.com.
- If I use hsbc.safebanking.com in a phishing attack, I may trick people who see hsbc, and feel safe. However, those who understand how sub domains work, understand that because it is on the left of the domain, it is not the real HSBC, and so cannot necessarily be trusted.
- You might find the Anatomy of a Phishing Scam poster useful.
- Identity Theft
- Stealing and assuming someone's identity.
- This is often done in order to commit a crime, whilst setting someone else up to take the blame.
- Malware
- Includes all kinds of malicious software, such as:
- Viruses
- A malicious program which can replicate itself.
- E.g. Stuxnet
- Rootkit
- Software which gives a user unauthorised administrator access to another system
- Keylogging
- Software which records the keys pressed by a user
- Spyware/Adware/Crapware
- Viruses
- Includes all kinds of malicious software, such as:
- Spam
- Unsolicited, bulk emails.
- Often spam is a nuisance, but it is also often have malware is delivered and installed.
30 mins
Protect Yourself
Lessons To Learn
- Now that you know some methods by which you can be threatened online, how can you stay safe?
- Read through and think about these ideas, which can help keep you safe.
- Be aware, vigilant, sensible
- Install only safe, well known software
- Keep all software up to date (when software wants to be updated, it is often to fix security holes which crackers might exploit).
- Create offline backups (if your data is lost, an offline backup (e.g. one that is not attached to your computer), can help you to recover).
- Learn to recognise spam, phishing and scams.
- Use a strong password, pin or lock pattern to secure all devices and accounts.
- A good password should be "easy to remember, and hard to guess".
- Try to use at least 8 characters (10+ would be better), and combine uppercase, lowercase, numbers and punctuation.
- XKCD provides us with a good model, which we can make more complex with some extra characters.
- Use 2-factor authentication on your main email account(s) (if some gets into your email, they can reset all your other passwords, so email should be highly protected).
- Always log out or lock screen before walking away from a device
- Use anti-malware apps to scan and protect from viruses, Trojans, keyloggers, etc.
- MalwareBytes for Mac is free, simple and effective.
- AVG for Mac is free and reliable.
- Be careful about what personal data you share, especially geolocation information.
- For example, if you take a photo in your house, and your phone adds your location (aka geolocation), you should not share this photo online, as someone can use it to find where you live.
10 mins
Black, Grey & White Hats
Ethics
- Not all crackers are bad. Consider the three types of crackers below:
- Black Hat - crackers who break into the systems of others, without permission, for personal gain.
- Grey Hat - crackers who break into the systems of others, without permission, in order to seek justice for others, or some other potentially positive goal (e.g. Anonymous, or these Russian crackers).
- White Hat - someone who breaks into systems with the permission of the owner, in order to find our how to make them more secure.
- At school we have zero tolerance for black and grey hat crackers.
- White hat cracking is allowed, but we need to be careful that we are clearly doing it for the right reasons, in the right situation, and not using it to scare others. In order to become better at defending ourselves, we may need to practice cracking ourselves....BUT TAKE GREAT CARE.
240 mins
Further Reading
Keep On Learning
- The following books are all available in the ICHK Library. Take some time to do some reading to expand your knowledge of computer security:
- Online Reading (a quick way to get started)
- Books!
- Little Brother - a light start, fiction, fun!
- Secrets & Lies - theoretical underpinnings to security.
- Beyond Fear - theoretical underpinnings to security.
- Web Security, Privacy and Commerce - hardcore technical stuff.
- Web Security Testing Cookbook - hardcore technical stuff.
- The Web Application Hacker's Handbook - hardcore technical stuff.
- Anti-Hacker Tool Kit - hardcore technical stuff.
- Hacker's Challenge 3 - hardcore technical stuff.
70 mins
Evidence
Finishing Up
- As evidence, make a list of the Top 5 Security Tips You Can Give Your Parents. This should be easy to read, and explain threats and protection.
- Submit it as evidence, and give it your parents to help keep them safe.
Links
- Anti-Hacker Tool Kit
- The RFID Hacking Underground
- How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
- Little Brother
- Russian crackers
- Anatomy of a Phishing Scam
- Web Security Testing Cookbook
- Hacker's Challenge 3
- The Web Application Hacker's Handbook
- Web Security, Privacy and Commerce
- AVG for Mac
- Bletchley Park: Home of the Codebreakers
- Danny Hillis – The Internet Could Crash, We Need A Plan B
- We Can Now Build Autonomous Killing Machines. And That’s a Very, Very Bad Idea
- How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History
- XKCD provides us with a good model
- Use 2-factor authentication on your main email account
- MalwareBytes
- Beyond Fear
- Secrets & Lies
Embeds
Records
1
to
1 of
1
Unit | Students |
---|---|
Rusty Padlock image by Garretttaggs on Wikipedia share under CC BY-SA |
Charlotte Shared on 02/03/2015 |