The Internet &

The World Wide

Web
Differences?

The Internet &

The World Wide
Web
Interne
t The World Wide
Web is part of the
Internet
WW
W
 Internet

• It is a worldwide collection of interconnected

networks.
• It is a concept, not something tangible.
• It relies on a physical infrastructure (computers,
devices, hardware, servers, service providers)
that allows networks and individual devices to
connect to other networks and devices.
WWW explanation

• It is a part of the internet that users can access

using web browser software.
• It consists of a massive collection of web pages,
all stored on web servers.
WWW explanation

• It is a part of the internet that users can access

using web browser software.
• It consists of a massive collection of web pages,
all stored on web servers.
• Uniform resource locators (URLs) are used to
specifiy the location of web pages.
What components can you
observe from the URL?
Why do you think they are
needed? (3 mins)
 • URL stands for Uniform resource locators.
• URLs are text addresses used to access
websites.
What
• URLs are basically just IP addresses.
is a
URL?
UR
L

????

Server
Format of a
URL
Format of a
URL

Protoco Domai Domai Domai File

l n n n nam
Path
Host Name Type e
Hypertext Transfer
Protocol
 = Hypertext Transfer Protocol

• Data packets are sent around the internet using different

protocols, or rules.
• The protocol that web pages use for data transfer is
called hypertext transfer protocol (http). They are
needed because data sent across the web can contain
private and sensitive information.
 = HyperText Transfer Protocol
SECUR
E
• Ensures that a secure connection is made between the
two devices engaging in the transfer of data.
• The data packets are encrypted before they are
transmitted across the network and are decrypted only
when they reach their intended destination.
• Uses SSL (Secure Socket Layer) /TLS (Transport Layer
Security)
 Web
Browser
Web Browsers are software that allow a user to access and
display web pages on their device screens.

Retriev
Displa e HTML
y
Features of a web browser

HINT:BAN CAR
 Features of a web browser

• Bookmarks and favourites

• Allow multiple browsing tabs
• Navigation tools (back button, forward button and
home button)
• Cookies (stores personal preferences or your
activity)
• Address bar (where users type in the URL)
• Record user history
Locating and Viewing
a Web Page
 HTML

• HTML (HyperText Markup Language) is a language used

to display content on browsers.
• All websites are written in HTML and hosted on a web
server that has its own IP address.
Domain Name Server

• A system for finding IP addresses for a domain name

given in a URL.
• DNS servers contain a database of URLs with the
matching IP addresses.
• URLs and DNS eliminate the need for a user to memorise
IP addresses.

DNS
[Link] Server 128.17.13
Flow to retrieve a web page Using the IP address, the
computer now sets up a
communication with the
website server and the
required pages are
downloaded.
User types in
The browser The IP address
the URL of a
asks the DNS is sent back to HTML files are sent from
site into the
server for the IP the user's the website server to the
address bar of
address of the computer computer.
the web
website
browser
The browser interprets the
HTML, which is used to
structure content, and
then displays the
information on the user’s
computer.
Flow to retrieve a web page

[Link]

128.17.13
4.25

128.17.13
4.25

HTML
<h1> ....
</h1>
Cookies
 Cookies

• Cookies are small files or code stored on a user’s

computer. They are sent by a web server to a
browser on a user’s computer.
• Some usages of cookies:
• Hold user's preference
• Customise the web page for each individual user
• Store login details
• Store items in online shopping cart
 Cookies

Session Cookies Persistent Cookies

Session Cookies

• They are temporary cookies that are deleted when

you close your web browser.
• They provide information on your browsing while you
are on that particular website.
• They stop to exist on a user's computer once the
browser is closed or the website session is
terminated.
• Example: Shopee (we do not need to log in again
even if we switch page)
Persistent Cookies
• They have expiration dates and are stored in a folder on your
computer (hard drive) until they are expire or the user
deletes them.
• They make websites appear to remember a user on the next
visit.
• They remain even after the browser is closed or the web
session is terminated.
• Examples
• Login details
• Save users' items in a virtual shopping cart
• Online financial transactions (Do you want to remember
 Flow of how cookies are
used

When user Browser sends

Web Server Encrypted revisits cookies file to
sends cookies Data are data is stored website, web Web Server to
file to user's encrypted on browser or server automatically
browser the user's requests enter details
HDD/SSD cookies file
EXAM QUESTION
EXAM QUESTION
EXAM QUESTION
EXAM QUESTION
 Digital
Currency
 Definition

Currency that exists in

electronic form only; it has no
physical form and is essentially
data on a database.
Examples of digital currency

It is a method of payment, but rather than

exchanging physical coins and bank notes, the
payment is made electronically.
Central Banking System

Person A Person B

Imagine Person A wants to

transfer money to Person B ...
Central Banking System

Person A Person B

A central bank is needed to act

as the "middleman"
 Problems with centralisation

- Confidentiality (Control of governments

and central authorities)
- Security
Decentralisation - Cryptocurrency

Ethereum Tether Litecoin Bitcoin

RMXXX RMXXX RMXXX RMXXX
CRYPTOCURRENCY MINING

MINER
- Use the power of their personal computers to process
transactions. The reward for doing so is that miners
receive some of the transaction fees involved in the
process of payment made.
Decentralisation - Cryptocurrency
• Traditional digital currencies are regulated by central banks and
governments. This means all transactions and exchange rates are
determined by these two bodies.
• Cryptocurrency has no state control and all the rules are set by the
cryptocurrency community itself.
• The cryptocurrency system works by being within a blockchain
network which means it is much more secure.
 Blockchain
A technology that sits behind all
cryptocurrency transactions. It makes all sorts
of cryptocurrency safe to use.
Blockchaining - How cryptocurrency work?
• Blockchain is a decentralised database.
• All the transactions of networked members are stored on this
database.
• The blockchain consists of a number of interconnected computers
but they are not connected to a central server.
• All transaction data is stored on all computers in the blockchain
network.
Blockchaining - A chain of blocks
Blockchaining - A chain of blocks

• When a new transaction takes place, a new block is

created
• Blockchains = A collections of all transactions
What's inside one block?

Data = Sender, Recipient,

Amount of Coins

Hash Value, generated by an

algorithm (acts as a unique
identifier). Includes a
timestamp.

Previous Hash Value - Points

back to a previous block in
the chain
 Blockchaining - A chain of blocks

Hash: A4BF
Previous Hash: 0000
 Blockchaining - A chain of blocks

Hash: A4BF Hash: 6AB1 Hash: 34EE

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
 Blockchaining - A chain of blocks

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: FF12

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 34EE

Let's say a new transaction is created!

 Blockchaining - A chain of blocks

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: FF12

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 34EE

THERE ARE 3 REASONS WHY TRANSACTIONS CANNOT BE

MODIFIED EASILY - MAKE THE SYSTEM SECURE
 FIRST REASON: THE PREVIOUS HASH ATTRIBUTE IN THE
BLOCK

Hash: A4BF Hash: 4ERD Hash: 34EE Hash: FF12

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 34EE

Let's change the transaction in this block. Oops, what's the

consequence of this?
 Blockchaining - A chain of blocks

Hash: A4BF Hash: 4ERD Hash: 34EE Hash: FF12

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 34EE

Lost connection. Block 3 and 4 will become invalid. Transaction

[Link] prevents tampering (by hackers).
 SECOND REASON: PROOF OF WORK MAKE THE CREATION
OF BLOCK SLOWER

Hash: A4BF Hash: 4ERD Hash: 34EE Hash: FF12

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 34EE

Hackers will find it hard to re-create block 3 and 4, due to proof-of-work, which
makes sure it takes 10 minutes to add a block to the chain.
THIRD REASON: The exact blockchain is stored in all the computers
in the networks.

Hash: A4BF Hash: 6AB1 Hash: 34EE

Hash: A4BF Hash: 6AB1 Hash: 34EE
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1

Hash: A4BF Hash: 6AB1 Hash: 34EE

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
Hash: A4BF Hash: 6AB1 Hash: 34EE
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
When a new transaction is added, a block will added to each node.

Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1
All nodes within this network creates a consensus. Majority wins. This
means that hacker will have to tamper a block in more than half of the
nodes, which is impossible.

Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1

I Hack This!
All nodes within this network creates a consensus. Majority wins. This
means that hacker will have to tamper a block in more than half of the
nodes, which is impossible.

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1

Failed!
Cyber Security
Cyber Security
Threa
t
 Cyber Security
Threats Solutions/Prevention
 Cyber Security
Threats Solutions/Prevention
Cyber Brute-Force
B Attack D DDOS Attack

Security
Threa
Data
D Interception H Hacking

t M Malware
P Phishing

Social
P Pharming
S Engineering
Cyber Brute-Force
B Attack D DDOS Attack

Security
Threa
Data
D Interception H Hacking

t M Malware
P Phishing

Social
P Pharming
S Engineering
B Brute-Force Attack

Activity: Can you guess my

number?
B Brute-Force Attack
• A ‘trial and error’ method used by cybercriminals to crack
passwords by finding all possible combinations of letters,
numbers and symbols until the password is found.
• One way to reduce the number of attempts needed to crack
a password is to try with the more commonly password first.
• The longer a password is and the greater the variation of
characters used, the harder it will be to crack.
Cyber Brute-Force
B Attack D DDOS Attack

Security
Threa
Data
D Interception H Hacking

t M Malware
P Phishing

Social
P Pharming
S Engineering
DDistributed Denial of Service (DDOS)

• A denial of service (DoS) attack is an attempt at preventing users

from accessing part of a network, notably an internet server.
• The attacker may be able to prevent a user from:
• accessing their emails
• accessing websites/web pages
• accessing online services (such as banking).
If too many people accessing a website at the
same time, the server will go down ...
DDistributed Denial of Service (DDOS)
How does it attack?

When a user enters a

website's URL in their
browser, a request is sent
to the web server that
contains the website
DDistributed Denial of Service (DDOS)
How does it attack?

When a user enters a

website's URL in their The server can only handle
browser, a request is sent a finite number of requests.
to the web server that (say: 1 million) at a time
contains the website

Patient ..
DDistributed Denial of Service (DDOS)
How does it attack?

A criminal can use a software

that force thousands of
innocent computers around
the world to send a viewing
request to a web server.

x100000
 DDistributed Denial of Service
Distributed = Many computers
Denial of Service = Deny user
(DDOS)
from using a service
How does it attack?

A criminal can use a software The server becomes overloaded and

that force thousands of won't be able to service a user's
innocent computers around legitimate request. It will slow the
the world to send a viewing website down or cause it to go offline
altogether.
request to a web server.

Sorry
can't do
x100000 it!
DDistributed Denial of Service (DDOS)
Signs to detect a DDOS attack

Slow network performance (opening

files or accessing certain websites)

Inability to access certain websites

Large amounts of spam email

reaching the user’s email account.
Cyber Brute-Force
B Attack D DDOS Attack

Security
Threa
Data
D Interception H Hacking

t M Malware
P Phishing

Social
P Pharming
S Engineering
DData Interception

• Data interception is a form of stealing data by tapping into a

wired or wireless communication link.
• The intent is to compromise privacy or to obtain confidential
information.
• Interception can be carried out using a packet sniffer, which
examines data packets being sent over a network. The
intercepted data is sent back to the hacker.
DData Interception
To tackle data interception

Encryption of data.
Eg. Wired Equivalency privacy (WEP)

It is important not to use Wi-Fi

(wireless) connectivity in public
places (such as an airport) since no
data encryption will exist and your
data is then open to interception by
anyone within the place.
Cyber Brute-Force
B Attack D DDOS Attack

Security
Threa
Data
D Interception H Hacking

t M Malware
P Phishing

Social
P Pharming
S Engineering
HHacking

• Hacking is the act of gaining illegal access to a computer

system without the user's permission.
• Data can be deleted, passed on, changed or corrupted.
• Can encryption stops hacking?
HHacking

• Hacking is the act of gaining illegal access to a computer

system without the user's permission.
• Data can be deleted, passed on, changed or corrupted.
• Encryption does not stop hacking, it just make the data
meaningless.
• Solution: Firewall, strong passwords.
HHacking

Black-hat White-hat
hacker hacker
Hacker that try to find security
Hacker who seeks to gain loopholes in a system and give
unauthorised access to a advice to the network owners
computer system. about how to close them.
Cyber Brute-Force
B Attack D DDOS Attack

Security
Threa
Data
D Interception H Hacking

t M Malware
P Phishing

Social
P Pharming
S Engineering
M Malware = Malicious Code Software

Malware are pieces of software that have been written and

coded with the intention of causing damage to or stealing
data from a computer or system.

There are several types of malware:

Trojan Ransomware
Virus Worm Spyware Adware
Horse
V Virus

• Viruses are programs or program codes that self-replicate

with the intention of deleting or corrupting files, or causing
a computer to malfunction.
• Viruses need an active host program on the target
computer or an operating system that has already been
infected, before they can actually run and cause harm.
• Viruses are often sent as email attachments, reside on
infected websites or on infected software downloaded to the
user’s computer.

Trojan Ransomware
Virus Worm Spyware Adware
Horse
T Trojan Horse

• A trojan horse is malware that is hidden away in the code of

software that appears to be harmless. A Trojan horse replaces all or
part of the legitimate software with the intent of carrying out some
harm to the user’s computer system.
• They need to be executed by the end-user. They usually arrive as
an email attachment or are downloaded from an infected website
• Once installed on the user’s computer, the Trojan horse will give
cyber criminals access to personal information on your computers,
such as IP addresses, passwords and other personal data. Spyware
and ransomware are often installed on a user’s computer via Trojan
horse malware.

Trojan Ransomware
Virus Worm Spyware Adware
Horse
W Worm

• A type of stand-alone malware that can self-replicate. Unlike

viruses, they don't need an active host program to be opened in
order to do any damage.
• Worm replicates itself until the computer's resources are used to
their maximum capacity and no further processing can take place,
leading to system failure and crashing.
• Worms tend to be problematic because of their ability to spread
throughout a network without any action from an end-user;
whereas viruses require each end-user to somehow initiate the
virus.

Trojan Ransomware
Virus Worm Spyware Adware
Horse
S Spyware

• Spyware is software that gathers information by monitoring a

user’s activities carried out on their computer.
• The gathered information (bank account numbers, passwords
and credit/debit card details) is sent back to the cybercriminal
who originally sent the spyware (just like cookies).
• Spyware can be detected and removed by anti-spyware software.

Trojan Ransomware
Virus Worm Spyware Adware
Horse
A Adware

• Adware is a software that will attempt to flood an end-user with

unwanted advertising.
• For example, it could
• redirect a user’s browser to a website that contains
promotional advertising
• appear in the form of pop-ups
• appear in the browser’s toolbar and redirect search requests

Trojan Ransomware
Virus Worm Spyware Adware
Horse
R Ransomware

• Ransomware are programs that encrypt data on a user’s

computer and ‘hold the data hostage’.
• The cybercriminal waits until the ransom money is paid and,
sometimes, the decryption key is then sent to the user.

Trojan Ransomware
Virus Worm Spyware Adware
Horse
Flashcard

THE
DIFFERENCE
BETWEEN
VIRUS
AND WORMS
VIRUS NEEDS
AND ACTIVE
HOST, WORMS
DO NOT.
Flashcard

HOW IS VIRUS
SENT TO A
USER
 VIA EMAIL
ATTACHMENTS,
INFECTED
SOFTWARE/
WEBSITE
Flashcard
Once installed on the user’s
computer, I will give cyber
criminals access to personal
information on your computers,
such as IP addresses, passwords
and other personal data. Spyware
and ransomware are often
installed on a user’s computer via
ME.
WHO AM I?
TROJAN
HORSE
Flashcard

Encryption can stop hacking.

What's your view on it?
 Encryption does
not stop hacking, it
just make the data
meaningless.
Cyber Brute-Force
B Attack D DDOS Attack

Security
Threa
Data
D Interception H Hacking

t M Malware
P Phishing

Social
P Pharming
S Engineering
P Phishing
• Sending out legitimate-
looking emails
designed to trick the
recipients into giving
their personal details to
the sender of the email.
• These emails may
contain links or
attachments, when
initiated, take the user
to a fake website to
enter personal details.
P Phishing
• Sending out legitimate-
looking emails
designed to trick the
recipients into giving
their personal details to
the sender of the email.
• These emails may
contain links or
attachments, when
initiated, take the user
to a fake website to
enter personal details. Clickbait
P Phishing
Can you find something
that is not so right?
P Phishing - Legit Emails
P Phishing
Ways to prevent phishing

Be aware of fake emails (eg. Dear (Your

name) and not Dear Customer)

Look out for http(s) in the address bar

Be very wary of pop-ups and use the

browser to block them
Cyber Brute-Force
B Attack D DDOS Attack

Security
Threa
Data
D Interception H Hacking

t M Malware
P Phishing

Social
P Pharming
S Engineering
P Pharming

• Redirect user from a genuine website to a fake one, with

the hope that this goes unnoticed. They manipulate the
DNS server.
• A user may then be prompted to enter login details, and
this can then be collected by a criminal for use on the
genuine site.
• Pharming attacks occur when web servers are attacked,
and code is inserted into a website that redirects
visitors (changing the IP address).
Examples:
Cyber Brute-Force
B Attack D DDOS Attack

Security
Threa
Data
D Interception H Hacking

t M Malware
P Phishing

Social
P Pharming
S Engineering
S Social Engineering

• This form of cyber-crime is where users are manipulated into

behaving in a way that they would not normally do.
• Five common types of threat:
• Instant messaging (malicious link embedded in message)
• Scareware (tell you that your computer is infected with virus)
• Email (genuine looking emails)
• Baiting (leave a pendrive where it can be found)
• Phone calls (asks you to download special software)
• All threats above are effective methods for introducing malware.
• The whole idea of social engineering is the exploitation of human
emotion (fear, curiosity, empathy and trust).
E X A M Q U E S T I O N ( M A RC H 1 9 )
EXAM QUESTION
EXAM QUESTION
E X A M Q U E S T I O N ( M A RC H 1 9 )
EXAM QUESTION
EXAM QUESTION
Cyber Security
Solutions
and
Preventio
n
 Cyber Security
Threats Solutions/Prevention
Cyber A Access Level A Anti-Malware

Security Automating
A Authentication
A
Solution and
Software Updates

Prevention Spelling and

S Tone in
communications F Firewalls

Privacy
P Setting P Proxy Server

Secure Socket
S Layer
Cyber A Access Level A Anti-Malware

Security Automating
A Authentication
A
Solution and
Software Updates

Prevention Spelling and

S Tone in
communications F Firewalls

Privacy
P Setting P Proxy Server

Secure Socket
S Layer
A Access Level
• This method of protection is hugely important in
organisations where there are lots of users accessing a
network (eg. Havil Computer Lab).
• User will be assigned different levels of access
depending on the role they have. It ensures that users'
behaviour can be controlled while they use a computer
on a network.
• When using databases, levels of access are important to
determine who has the right to read, write and delete
data.
Cyber A Access Level A Anti-Malware

Security Automating
A Authentication
A
Solution and
Software Updates

Prevention Spelling and

S Tone in
communications F Firewalls

Privacy
P Setting P Proxy Server

Secure Socket
S Layer
A Anti-malware
• Danger of malicious software
• Theft of company data
• Corruption of data (data becomes unreadable)
• Hence, a network should have anti-malware and anti-
virus applications installed that protect all devices on
the network (just like a vaccine to covid).

Types of Anti-malware

Anti Virus Anti Spyware

A Anti virus
• Anti-virus software are constantly scanning documents, files and
also incoming data from the internet.

Anti Virus Anti Spyware

A Anti virus
• Anti-virus software are constantly scanning documents, files and
also incoming data from the internet.
• They are designed to detect suspisious activity and files before
they are opened or stored / warn the user against opening the
files.
• If a file is detected as harmful, the anti-virus will quarantine the
file away from the network, preventing it from installing or
multiplying itself to other areas of the network or the hard disk
drive.
• Upon user instructions, the software will then remove and delete
the offending malware or virus.

Anti Virus Anti Spyware

A Anti spyware
• Spyware: Spyware is software that gathers information by
monitoring a user’s activities carried out on their computer.
• How they work?
• Looks for typical features which are usually associated with
spyware thus identifying any potential security issues
• File structures – in this case, there are certain file structures
associated with potential spyware which allows them to be
identified by the software.

Anti Virus Anti Spyware

A Anti spyware
• Spyware: Spyware is software that gathers information by
monitoring a user’s activities carried out on their computer.
• How they work?
• Looks for typical features which are usually associated with
spyware thus identifying any potential security issues
• File structures – in this case, there are certain file structures
associated with potential spyware which allows them to be
identified by the software.
• General features - block webcam, encryption of keyboard strokes,
detect spyware and remove if found, scans for signs

Anti Virus Anti Spyware

Cyber A Access Level A Anti-Malware

Security Automating
A Authentication
A
Solution and
Software Updates

Prevention Spelling and

S Tone in
communications F Firewalls

Privacy
P Setting P Proxy Server

Secure Socket
S Layer
A Authentication

• Authentication refers to the ability of a user to prove who

they are.

Password
Biometrics Two-step Credit Card &
and user Authentication verification Hotel Card
names
P Password and user names

• Examples of where password is used:

• websites
• mobile phones, etc
• Password should be strong enough to stop criminals from
guessing them.

Password
and user
names
Let's try this out

Password
and user
names
T Tips for a stronger password
• Combine different types of character (lowercase, uppercase,
special character)
• Don't put in pattern in your passwords (eg. cabbag3), use
random patterns eg. Hp3oe7Ls*(!kajmc)
• Don't use the same passwords for all accounts
• Be aware of spyware that tries to steal your passwords (via
keyboard stroke)

Password
and user
names
B Biometric Authentication

• Biometrics relies on certain unique characteristics of human

beings:

Biometric
Authentication
B Biometric Authentication
• Biometrics relies on certain unique characteristics of human
beings:
• Fingerprint scans (compare image stored versus image
scanned; fingerprints are unique)
• Face recognition
• Voice recognition

Biometric
Authentication
T Two-step verification

• Requires two methods of authentication to verify who a user

is.
• Example: Online shopping
• Step 1: Enter user name and password
• Step 2: Enter PIN that is sent back to her either in an
email or as a text message to her mobile phone

Two-step
verification
C Credit Card & Hotel Card

• Hotel card has magnetic stripe on the back of the card.

These stripe will store personal information.
• Credit card (or any smart card) has a chip that is read when
inserted into an Electronic Funds Transfer Point of Sale. The
chip can hold a lot of information (eg. Pin).

Credit Card &

Hotel Card
Cyber A Access Level A Anti-Malware

Security Automating
A Authentication
A
Solution and
Software Updates

Prevention Spelling and

S Tone in
communications F Firewalls

Privacy
P Setting P Proxy Server

Secure Socket
S Layer
A Automating Software Updates
• Why?
A Automating Software Updates
A Automating Software Updates
• This ensures that applications
like operating systems, anti-
virus and other commonly
used pieces of software are
always operating with the
latest version installed.
• Greater threats are constantly
evolving and that anti-virus
companies are always
attempting to stay up to date
with new attacks.
Cyber A Access Level A Anti-Malware

Security Automating
A Authentication
A
Solution and
Software Updates

Prevention Spelling and

S Tone in
communications F Firewalls

Privacy
P Setting P Proxy Server

Secure Socket
S Layer
S Spelling and Tone in communications

• Threat relating to emails?

S Spelling and Tone in communications

• Phishing emails are a threat to security. Sending out

legitimate-looking emails designed to trick the recipients
into giving their personal details to the sender of the email.
• What can we do?
S Spelling and Tone in communications
• Phishing emails are a threat to security. Sending out
legitimate-looking emails designed to trick the recipients
into giving their personal details to the sender of the email.
• Check
• If there is spellinnngngs errors in the email
• The tone used in the email message

[Link]
[Link]
Cyber A Access Level A Anti-Malware

Security Automating
A Authentication
A
Solution and
Software Updates

Prevention Spelling and

S Tone in
communications F Firewalls

Privacy
P Setting P Proxy Server

Secure Socket
S Layer
F Firewall

• A firewall can be either software or hardware. It sits between the user’s computer
and an external network (for example, the internet) and filters information in and out
of the computer.
F Firewall

• A firewall can be either software or hardware. It sits between the user’s computer
and an external network (for example, the internet) and filters information in and out
of the computer.
• Firewalls are the primary defence to any computer system to help protect
it from hacking, malware (viruses and spyware), phishing and pharming.
• Main tasks
• Examine the ‘traffic’ between user’s computer (or internal network)
and a public network
• checks whether incoming or outgoing data meets a given set of
[Link] the data fails the criteria, the firewall will block the ‘traffic’
• criteria can be set so that the firewall prevents access to certain
undesirable sites; the firewall can keep a list of all undesirable IP
addresses
• The firewall can be software installed on a computer; in some cases, it is
part of the operating system.
Cyber A Access Level A Anti-Malware

Security Automating
A Authentication
A
Solution and
Software Updates

Prevention Spelling and

S Tone in
communications F Firewalls

Privacy
P Setting P Proxy Server

Secure Socket
S Layer
P Privacy Setting

• Privacy settings are the controls available on web browsers, social

networks and other websites that are designed to limit who can access
and see a user’s personal profile.
• Examples:
• "Do not track" setting
• Allow payment method to be saved (avoid the need to key in
information everytime, which is dangerous)
• Safer browsing
• App (sharing of location)
P Privacy Setting - Phone and
Cyber A Access Level A Anti-Malware

Security Automating
A Authentication
A
Solution and
Software Updates

Prevention Spelling and

S Tone in
communications F Firewalls

Privacy
P Setting P Proxy Server

Secure Socket
S Layer
P Proxy Server

• Proxy servers act as an intermediate between a user and a web server.

• Benefits?
P Proxy Server

• Proxy servers act as an intermediate between a user and a web server.

• Benefits:
• Allows internet traffic to be filtered; it is possible to block access to a
website if necessary - Parental Control
P Proxy Server

• Proxy servers act as an intermediate between a user and a web server.

• Benefits:
• Allows internet traffic to be filtered; it is possible to block access to a
website if necessary - Parental Control
• Keeps users’ IP addresses secret which improves security (middleman
concept)
• Can you relate to one threat that we learn last week?
P Proxy Server

• Proxy servers act as an intermediate between a user and a web server.

• Benefits:
• Allows internet traffic to be filtered; it is possible to block access to a
website if necessary - Parental Control
• Keeps users’ IP addresses secret which improves security (middleman
concept)
• If an attack is launched, it hits the proxy server instead – this helps to
prevent hacking, DDoS, and so on.
P Proxy Server

• Proxy servers act as an intermediate between a user and a web server.

• Benefits:
• Allows internet traffic to be filtered; it is possible to block access to a
website if necessary - Parental Control
• Keeps users’ IP addresses secret which improves security (middleman
concept)
• If an attack is launched, it hits the proxy server instead – this helps to
prevent hacking, DoS, and so on
• Act as a firewall
Cyber A Access Level A Anti-Malware

Security Automating
A Authentication
A
Solution and
Software Updates

Prevention Spelling and

S Tone in
communications F Firewalls

Privacy
P Setting P Proxy Server

Secure Socket
S Layer
S Secure socket layer
• SSL is a protocol/rule that is commonly found on
websites where financial transactions take place.
• SSL encrypts the connection between the user's
computer and the website that is being used.
Sensitive data can be bank card numbers, login
details and passwords.
S Secure Socket Layer Handshake
A connection that is created between a web
browser and a web server
S Secure Socket Layer - flow
The user’s browser The browser then The web server
sends a message so requests that the web responds by sending a
that it can connect with server identifies itself copy of its SSL
the required website certificate to the
which is secured by SSL user’s browser

Certificate
An SSL certificate is a form of digital certificate
which is used to authenticate a website and
enables an encrypted connection
S Secure Socket Layer Handshake
The user’s browser The browser then The web server
sends a message so requests that the web responds by sending a
that it can connect with server identifies itself copy of its SSL
the required website certificate to the
which is secured by SSL user’s browser

If the browser can

authenticate this
certificate, it sends a
message back to the web
server to allow
communication to begin
S Secure Socket Layer Handshake
The user’s browser The browser then The web server
sends a message so requests that the web responds by sending a
that it can connect with server identifies itself copy of its SSL
the required website certificate to the
which is secured by SSL user’s browser

Once this message is If the browser can

received, the web server authenticate this
acknowledges the web certificate, it sends a
browser, and the SSL- message back to the web
encrypted two-way data server to allow
transfer begins communication to begin
S How do we know if a website is using SSL?

A user will know if SSL is being applied when they see https or the
small padlock in the status bar at the top of the screen.
S How do we know if a website is using SSL?
Examples of where SSL will be used:
• Online banking and all online financial transactions
• Online shopping/commerce
• Sending and receiving emails
• Instant messaging

Transport Layer Security (TLS)

- A more modern and more secure version of SSL. It is a form of
protocol that ensures the security and privacy of data between
devices and users when communicating over a network
T Transport Layer Security (TLS)
A more modern and more secure version of SSL. It is a form of
protocol that ensures the security and privacy of data between
devices and users when communicating over a network
Cyber A Access Level A Anti-Malware

Security Automating
A Authentication
A
Solution and
Software Updates

Prevention Spelling and

S Tone in
communications F Firewalls

Privacy
P Setting P Proxy Server

Secure Socket
S Layer
EXAM QUESTION(JUNE21)
E X A M Q U E S T I O N ( M A RC H 1 9 )
EXAM QUESTION(JUNE21)
E X A M Q U E S T I O N ( M A RC H 1 9 )
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)
E X A M Q U E S T I O N ( M A RC H 2 1 )
E X A M Q U E S T I O N ( M A RC H 2 1 )
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)