The Internet &

The World Wide Web

Differences?

The Internet &

The World Wide Web
Internet
The World Wide
Web is part of the
WW Internet

W
 Internet

• It is a worldwide collection of interconnected networks.

• It is a concept, not something tangible.
• It relies on a physical infrastructure (computers, devices,
hardware, servers, service providers) that allows
networks and individual devices to connect to other
networks and devices.
WWW explanation
• It is a part of the internet that users can access using
web browser software.
• It consists of a massive collection of web pages, all
stored on web servers.
WWW explanation

• It is a part of the internet that users can access using

web browser software.
• It consists of a massive collection of web pages, all
stored on web servers.
• Uniform resource locators (URLs) are used to specify the
location of web pages.
 What components can you
observe from the URL? Why
do you think they are needed?
 • URL stands for Uniform resource locators.
• URLs are text addresses used to access websites.
• URLs are basically just IP addresses.
What
is a
URL? URL

????

Server
Format of a URL
Format of a URL

Protocol Domain Domain Domain File

Host Name Type Path name
Hypertext Transfer Protocol
 = Hypertext Transfer Protocol

• Data packets are sent around the internet using different

protocols, or rules.
• The protocol that web pages use for data transfer is called
hypertext transfer protocol (http). They are needed because data
sent across the web can contain private and sensitive
information.
 = HyperText Transfer Protocol SECURE

• Ensures that a secure connection is made between the two

devices engaging in the transfer of data.
• The data packets are encrypted before they are transmitted
across the network and are decrypted only when they reach their
intended destination.
• Uses SSL (Secure Socket Layer) /TLS (Transport Layer
Security)
Web Browser
Web Browsers are software that allow a user to access and
display web pages on their device screens.

Retrieve
Display HTML
 Features of a web browser

• Bookmarks and favourites

• Allow multiple browsing tabs
• Navigation tools (back button, forward button and home
button)
• Cookies (stores personal preferences or your activity)
• Address bar (where users type in the URL)
• Record user history
Locating and Viewing a
Web Page
 HTML

• HTML (HyperText Markup Language) is a language used to

display content on browsers.
• All websites are written in HTML and hosted on a web server
that has its own IP address.
Domain Name Server

• A system for finding IP addresses for a domain name given in a

URL.
• DNS servers contain a database of URLs with the matching IP
addresses.
• URLs and DNS eliminate the need for a user to memorise IP
addresses.

DNS Server
https://drive.google.com/drive/u/2/my-drive 128.17.134.25
 Using the IP address, the
Flow to retrieve a web page computer now sets up a
communication with the website
server and the
required pages are

User types in the downloaded.

The browser asks The IP address is
URL of a site into
the DNS server sent back to the HTML files are sent from the
the address bar of
for the IP address user's computer website server to the
the web browser
of the website computer.

The browser interprets the

HTML, which is used to
structure content, and then
displays the information on
the user’s computer.
Flow to retrieve a web page

https://drive.google.com/

128.17.134.25

128.17.134.25

HTML
<h1> ....
</h1>
Cookies
 Cookies
• Cookies are small files or code stored on a user’s computer.
They are sent by a web server to a browser on a user’s
computer.
• Some usages of cookies:
• Hold user's preference
• Customise the web page for each individual user
• Store login details
• Store items in online shopping cart
 Cookies

Session Cookies Persistent Cookies

Session Cookies

• They are temporary cookies that are deleted when you close
your web browser.
• They provide information on your browsing while you are on
that particular website.
• They stop to exist on a user's computer once the browser is
closed or the website session is terminated.
• Example: Shopee (we do not need to log in again even if we
switch page)
Persistent Cookies
• They have expiration dates and are stored in a folder on your
computer (hard drive) until they are expire or the user deletes them.
• They make websites appear to remember a user on the next visit.
• They remain even after the browser is closed or the web session is
terminated.
• Examples
• Login details
• Save users' items in a virtual shopping cart
• Online financial transactions (Do you want to remember this card)
 Flow of how cookies are used

When user Browser sends

Web Server Encrypted data
Data are revisits website, cookies file to
sends cookies file is stored on
web server Web Server to
to user's browser encrypted browser or the
requests cookies automatically
user's HDD/SSD
file enter details
EXAM QUESTION
EXAM QUESTION
EXAM QUESTION
EXAM QUESTION
 Digital
Currency
 Definition
Currency that exists in electronic
form only; it has no physical form
and is essentially data on a
database.
Examples of digital currency

It is a method of payment, but rather than exchanging

physical coins and bank notes, the payment is made
electronically.
Central Banking System

Person A Person B

Imagine Person A wants to

transfer money to Person B ...
Central Banking System

Person A Person B

A central bank is needed to act

as the "middleman"
 Problems with centralisation

- Confidentiality (Control of governments

and central authorities)
- Security
Decentralisation - Cryptocurrency

Ethereum Tether Litecoin Bitcoin

RMXXX RMXXX RMXXX RMXXX
CRYPTOCURRENCY MINING

MINER
- Use the power of their personal computers to process
transactions. The reward for doing so is that miners
receive some of the transaction fees involved in the
process of payment made.
Decentralisation - Cryptocurrency
• Traditional digital currencies are regulated by central banks and
governments. This means all transactions and exchange rates are
determined by these two bodies.
• Cryptocurrency has no state control and all the rules are set by the
cryptocurrency community itself.
• The cryptocurrency system works by being within a blockchain
network which means it is much more secure.
 Blockchain
A technology that sits behind all cryptocurrency
transactions. It makes all sorts of cryptocurrency
safe to use.
Blockchaining - How cryptocurrency work?
• Blockchain is a decentralised database.
• All the transactions of networked members are stored on this
database.
• The blockchain consists of a number of interconnected computers
but they are not connected to a central server.
• All transaction data is stored on all computers in the blockchain
network.
Blockchaining - A chain of blocks
Blockchaining - A chain of blocks

• When a new transaction takes place, a new block is

created
• Blockchains = A collections of all transactions
What's inside one block?
Data = Sender, Recipient,
Amount of Coins

Hash Value, generated by an

algorithm (acts as a unique
identifier). Includes a
timestamp.

Previous Hash Value - Points

back to a previous block in
the chain
 Blockchaining - A chain of blocks

Hash: A4BF
Previous Hash: 0000
 Blockchaining - A chain of blocks

Hash: A4BF Hash: 6AB1 Hash: 34EE

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
 Blockchaining - A chain of blocks

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: FF12

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 34EE

Let's say a new transaction is created!

 Blockchaining - A chain of blocks

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: FF12

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 34EE

THERE ARE 3 REASONS WHY TRANSACTIONS CANNOT BE

MODIFIED EASILY - MAKE THE SYSTEM SECURE
 FIRST REASON: THE PREVIOUS HASH ATTRIBUTE IN THE
BLOCK

Hash: A4BF Hash: 4ERD Hash: 34EE Hash: FF12

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 34EE

Let's change the transaction in this block. Oops, what's the

 Blockchaining - A chain of blocks

Hash: A4BF Hash: 4ERD Hash: 34EE Hash: FF12

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 34EE

Lost connection. Block 3 and 4 will become invalid. Transaction

 SECOND REASON: PROOF OF WORK MAKE THE CREATION
OF BLOCK SLOWER

Hash: A4BF Hash: 4ERD Hash: 34EE Hash: FF12

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 34EE

Hackers will find it hard to re-create block 3 and 4, due to proof-of-work, which
makes sure it takes 10 minutes to add a block to the chain.
THIRD REASON: The exact blockchain is stored in all the computers
in the networks.

Hash: A4BF Hash: 6AB1 Hash: 34EE

Hash: A4BF Hash: 6AB1 Hash: 34EE
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1

Hash: A4BF Hash: 6AB1 Hash: 34EE

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
Hash: A4BF Hash: 6AB1 Hash: 34EE
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
When a new transaction is added, a block will added to each node.

Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE
Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1
All nodes within this network creates a consensus. Majority wins. This
means that hacker will have to tamper a block in more than half of the
nodes, which is impossible.

Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE
Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1

I Hack This!
All nodes within this network creates a consensus. Majority wins. This
means that hacker will have to tamper a block in more than half of the
nodes, which is impossible.

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1

Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE

Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1
Hash: A4BF Hash: 6AB1 Hash: 34EE Hash: 34EE
Previous Hash: 0000 Previous Hash: A4BF Previous Hash: 6AB1 Previous Hash: 6AB1

Failed!
Cyber Security
Cyber Security

Threat
 Cyber Security
Threats Solutions/Prevention
 Cyber Security
Threats Solutions/Prevention
Cyber B
Brute-Force
D DDOS Attack
Attack

Security
Data

Threat
Hacking
D Interception H

M Malware
P Phishing

Social
P Pharming
S Engineering
Cyber B
Brute-Force
D DDOS Attack
Attack

Security
Data

Threat
Hacking
D Interception H

M Malware
P Phishing

Social
P Pharming
S Engineering
 Brute-Force Attack
B

Activity: Can you guess my

number?
 Brute-Force Attack
B
• A ‘trial and error’ method used by cybercriminals to crack
passwords by finding all possible combinations of
letters, numbers and symbols until the password is found.
• One way to reduce the number of attempts needed to crack
a password is to try with the more commonly password first.
• The longer a password is and the greater the variation of
characters used, the harder it will be to crack.
Cyber B
Brute-Force
D DDOS Attack
Attack

Security
Data

Threat
Hacking
D Interception H

M Malware
P Phishing

Social
P Pharming
S Engineering
 Distributed Denial of Service (DDOS)
D
• A denial of service (DoS) attack is an attempt at preventing users
from accessing part of a network, notably an internet server.
• The attacker may be able to prevent a user from:
• accessing their emails
• accessing websites/web pages
• accessing online services (such as banking).
If too many people accessing a website at the
same time, the server will go down ...
 Distributed Denial of Service (DDOS)
D How does it attack?

When a user enters a

website's URL in their
browser, a request is sent
to the web server that
contains the website
 Distributed Denial of Service (DDOS)
D How does it attack?

When a user enters a

website's URL in their The server can only handle
browser, a request is sent a finite number of requests.
to the web server that (say: 1 million) at a time
contains the website

Patient ..
Distributed Denial of Service (DDOS)
D How does it attack?

A criminal can use a software

that force thousands of
innocent computers around
the world to send a viewing
request to a web server.

x100000
 Distributed Denial of Service (DDOS)
D
Distributed = Many
computers
How does it attack?
Denial of Service = Deny
user from using a service

A criminal can use a software The server becomes overloaded and

that force thousands of won't be able to service a user's
innocent computers around legitimate request. It will slow the
website down or cause it to go offline
the world to send a viewing
altogether.
request to a web server.

Sorry
can't do
x100000 it!
Distributed Denial of Service (DDOS)
D Signs to detect a DDOS attack

Slow network performance (opening

files or accessing certain websites)

Inability to access certain websites

Large amounts of spam email

reaching the user’s email account.
Cyber B
Brute-Force
D DDOS Attack
Attack

Security
Data

Threat
Hacking
D Interception H

M Malware
P Phishing

Social
P Pharming
S Engineering
 Data Interception
D
• Data interception is a form of stealing data by tapping
into a wired or wireless communication link.
• The intent is to compromise privacy or to obtain confidential
information.
• Interception can be carried out using a packet sniffer,
which examines data packets being sent over a network.
The intercepted data is sent back to the hacker.
Data Interception
D To tackle data interception

Encryption of data.
Eg. Wired Equivalency privacy (WEP)

It is important not to use Wi-Fi

(wireless) connectivity in public
places (such as an airport) since no
data encryption will exist and your
data is then open to interception by
anyone within the place.
Cyber B
Brute-Force
D DDOS Attack
Attack

Security
Data

Threat
Hacking
D Interception H

M Malware
P Phishing

Social
P Pharming
S Engineering
 Hacking
H
• Hacking is the act of gaining illegal access to a computer
system without the user's permission.
• Data can be deleted, passed on, changed or corrupted.
• Can encryption stops hacking?
 Hacking
H
• Hacking is the act of gaining illegal access to a computer
system without the user's permission.
• Data can be deleted, passed on, changed or corrupted.
• Encryption does not stop hacking, it just make the data
meaningless.
• Solution: Firewall, strong passwords.
Hacking
H
Black-hat White-hat
hacker hacker
Hacker that try to find security
Hacker who seeks to gain
loopholes in a system and give
unauthorised access to a
advice to the network owners
computer system.
about how to close them.
Cyber B
Brute-Force
D DDOS Attack
Attack

Security
Data

Threat
Hacking
D Interception H

M Malware
P Phishing

Social
P Pharming
S Engineering
 Malware = Malicious Code Software
M
Malware are pieces of software that have been written and
coded with the intention of causing damage to or stealing
data from a computer or system.

There are several types of malware:

Trojan Ransomware
Virus Worm Spyware Adware
Horse
 Virus
V
• Viruses are programs or program codes that self-replicate
with the intention of deleting or corrupting files, or causing
a computer to malfunction.
• Viruses need an active host program on the target
computer or an operating system that has already been
infected, before they can actually run and cause harm.
• Viruses are often sent as email attachments, reside on
infected websites or on infected software downloaded
to the user’s computer.

Trojan Ransomware
Virus Worm Spyware Adware
 Trojan Horse
T
• A trojan horse is malware that is hidden away in the code of
software that appears to be harmless. A Trojan horse replaces all
or part of the legitimate software with the intent of carrying out
some harm to the user’s computer system.
• They need to be executed by the end-user. They usually arrive
as an email attachment or are downloaded from an infected
website
• Once installed on the user’s computer, the Trojan horse will give
cyber criminals access to personal information on your
computers, such as IP addresses, passwords and other personal
data. Spyware and ransomware are often installed on a user’s
computerTrojan
via Trojan horse malware.
Ransomware
Virus Worm Spyware Adware
 Worm
W
• A type of stand-alone malware that can self-replicate. Unlike
viruses, they don't need an active host program to be opened in
order to do any damage.
• Worm replicates itself until the computer's resources are used to
their maximum capacity and no further processing can take place,
leading to system failure and crashing.
• Worms tend to be problematic because of their ability to spread
throughout a network without any action from an end-user;
whereas viruses require each end-user to somehow initiate the
virus.

Trojan Ransomware
Virus Worm Spyware Adware
 Spyware
S
• Spyware is software that gathers information by monitoring a
user’s activities carried out on their computer.
• The gathered information (bank account numbers, passwords
and credit/debit card details) is sent back to the cybercriminal
who originally sent the spyware (just like cookies).
• Spyware can be detected and removed by anti-spyware software.

Trojan Ransomware
Virus Worm Spyware Adware
 Adware
A
• Adware is a software that will attempt to flood an end-user with
unwanted advertising.
• For example, it could
• redirect a user’s browser to a website that contains
promotional advertising
• appear in the form of pop-ups
• appear in the browser’s toolbar and redirect search requests

Trojan Ransomware
Virus Worm Spyware Adware
 Ransomware
R
• Ransomware are programs that encrypt data on a user’s
computer and ‘hold the data hostage’.
• The cybercriminal waits until the ransom money is paid and,
sometimes, the decryption key is then sent to the user.

Trojan Ransomware
Virus Worm Spyware Adware
Flashcard

THE
DIFFERENCE
BETWEEN
VIRUS
VIRUS NEEDS
AND ACTIVE
HOST, WORMS
DO NOT.
Flashcard

HOW IS VIRUS
SENT TO A USER
 VIA EMAIL
ATTACHMENTS,
INFECTED
SOFTWARE/
WEBSITE
Flashcard
Once installed on the user’s computer,
I will give cyber criminals access to
personal information on your
computers, such as IP addresses,
passwords and other personal data.
Spyware and ransomware are often
installed on a user’s computer via ME.
WHO AM I?
TROJAN
HORSE
Flashcard

Encryption can stop hacking.

What's your view on it?
Encryption does not
stop hacking, it just
make the data
meaningless.
Cyber B
Brute-Force
D DDOS Attack
Attack

Security
Data

Threat
Hacking
D Interception H

M Malware
P Phishing

Social
P Pharming
S Engineering
 Phishing
P
• Sending out legitimate-
looking emails
designed to trick the
recipients into giving
their personal details to
the sender of the email.
• These emails may
contain links or
attachments, when
initiated, take the user
to a fake website to
enter personal details.
 Phishing
P
• Sending out legitimate-
looking emails
designed to trick the
recipients into giving
their personal details to
the sender of the email.
• These emails may
contain links or
attachments, when
initiated, take the user Clickbait
to a fake website to
enter personal details.
 Phishing
P
Can you find something
that is not so right?
 Phishing - Legit Emails
P
 Phishing
P Ways to prevent
phishing
Be aware of fake emails (eg. Dear (Your
name) and not Dear Customer)

Look out for http(s) in the address bar

Be very wary of pop-ups and use the

browser to block them
Cyber B
Brute-Force
D DDOS Attack
Attack

Security
Data

Threat
Hacking
D Interception H

M Malware
P Phishing

Social
P Pharming
S Engineering
 Pharming
P
• Redirect user from a genuine website to a fake one, with
the hope that this goes unnoticed. They manipulate the
DNS server.
• A user may then be prompted to enter login details, and
this can then be collected by a criminal for use on the
genuine site.
• Pharming attacks occur when web servers are attacked,
and code is inserted into a website that redirects
visitors (changing the IP address).
Cyber B
Brute-Force
D DDOS Attack
Attack

Security
Data

Threat
Hacking
D Interception H

M Malware
P Phishing

Social
P Pharming
S Engineering
 Social Engineering
S
• This form of cyber-crime is where users are manipulated into
behaving in a way that they would not normally do.
• Five common types of threat:
• Instant messaging (malicious link embedded in message)
• Scareware (tell you that your computer is infected with virus)
• Email (genuine looking emails)
• Baiting (leave a pendrive where it can be found)
• Phone calls (asks you to download special software)
• All threats above are effective methods for introducing malware.
• The whole idea of social engineering is the exploitation of human
emotion (fear, curiosity, empathy and trust).
EXAM QUESTION(MARCH19)
EXAM QUESTION
EXAM QUESTION
EXAM QUESTION(MARCH19)
EXAM QUESTION
EXAM QUESTION
Cyber Security
Solutions
and
Prevention
 Cyber Security
Threats Solutions/Prevention
Cyber A Access Level
A Anti-Malware

Security A Authentication
A
Automating

Solution and
Software Updates

Prevention Spelling and

Firewalls
S Tone in
communications F
Privacy
Proxy Server
P Setting P
Secure Socket
S Layer
Cyber A Access Level
A Anti-Malware

Security A Authentication
A
Automating

Solution and
Software Updates

Prevention Spelling and

Firewalls
S Tone in
communications F
Privacy
Proxy Server
P Setting P
Secure Socket
S Layer
A Access Level
• This method of protection is hugely important in
organisations where there are lots of users accessing a
network (eg. Havil Computer Lab).
• User will be assigned different levels of access
depending on the role they have. It ensures that users'
behaviour can be controlled while they use a computer
on a network.
• When using databases, levels of access are important to
determine who has the right to read, write and delete
data.
Cyber A Access Level
A Anti-Malware

Security A Authentication
A
Automating

Solution and
Software Updates

Prevention Spelling and

Firewalls
S Tone in
communications F
Privacy
Proxy Server
P Setting P
Secure Socket
S Layer
A Anti-malware
• Danger of malicious software
• Theft of company data
• Corruption of data (data becomes unreadable)
• Hence, a network should have anti-malware and anti-
virus applications installed that protect all devices on
the network (just like a vaccine to covid).
Types of Anti-malware

Anti Virus Anti Spyware

A Anti virus
• Anti-virus software are constantly scanning documents, files and
also incoming data from the internet.

Anti Virus Anti Spyware

A Anti virus
• Anti-virus software are constantly scanning documents, files and
also incoming data from the internet.
• They are designed to detect suspisious activity and files before
they are opened or stored / warn the user against opening the
files.
• If a file is detected as harmful, the anti-virus will quarantine the
file away from the network, preventing it from installing or
multiplying itself to other areas of the network or the hard disk
drive.
• Upon user instructions, the software will then remove and delete
the offending malware or virus.

Anti Virus Anti Spyware

A Anti spyware
• Spyware: Spyware is software that gathers information by
monitoring a user’s activities carried out on their computer.
• How they work?
• Looks for typical features which are usually associated with
spyware thus identifying any potential security issues
• File structures – in this case, there are certain file structures
associated with potential spyware which allows them to be
identified by the software.

Anti Virus Anti Spyware

A Anti spyware
• Spyware: Spyware is software that gathers information by
monitoring a user’s activities carried out on their computer.
• How they work?
• Looks for typical features which are usually associated with
spyware thus identifying any potential security issues
• File structures – in this case, there are certain file structures
associated with potential spyware which allows them to be
identified by the software.
• General features - block webcam, encryption of keyboard strokes,
detect spyware and remove if found, scans for signs

Anti Virus Anti Spyware

Cyber A Access Level
A Anti-Malware

Security A Authentication
A
Automating

Solution and
Software Updates

Prevention Spelling and

Firewalls
S Tone in
communications F
Privacy
Proxy Server
P Setting P
Secure Socket
S Layer
A Authentication
• Authentication refers to the ability of a user to prove who
they are.

Password
Biometrics Two-step Credit Card &
and user Authentication verification Hotel Card
names
P Password and user names

• Examples of where password is used:

• websites
• mobile phones, etc
• Password should be strong enough to stop criminals from
guessing them.

Password
and user
names
Let's try this out

Password
and user
names
T Tips for a stronger password
• Combine different types of character (lowercase, uppercase,
special character)
• Don't put in pattern in your passwords (eg. cabbag3), use
random patterns eg. Hp3oe7Ls*(!kajmc)
• Don't use the same passwords for all accounts
• Be aware of spyware that tries to steal your passwords (via
keyboard stroke)

Password
and user
names
B Biometric Authentication

• Biometrics relies on certain unique characteristics of human

beings:

Biometric
Authentication
B Biometric Authentication
• Biometrics relies on certain unique characteristics of human
beings:
• Fingerprint scans (compare image stored versus image
scanned; fingerprints are unique)
• Face recognition
• Voice recognition

Biometric
Authentication
T Two-step verification

• Requires two methods of authentication to verify who a user

is.
• Example: Online shopping
• Step 1: Enter user name and password
• Step 2: Enter PIN that is sent back to her either in an
email or as a text message to her mobile phone

Two-step
verification
C Credit Card & Hotel Card

• Hotel card has magnetic stripe on the back of the card.

These stripe will store personal information.
• Credit card (or any smart card) has a chip that is read when
inserted into an Electronic Funds Transfer Point of Sale. The
chip can hold a lot of information (eg. Pin).

Credit Card &

Hotel Card
Cyber A Access Level
A Anti-Malware

Security A Authentication
A
Automating

Solution and
Software Updates

Prevention Spelling and

Firewalls
S Tone in
communications F
Privacy
Proxy Server
P Setting P
Secure Socket
S Layer
A Automating Software Updates
• Why?
A Automating Software Updates
A Automating Software Updates
• This ensures that applications
like operating systems, anti-
virus and other commonly
used pieces of software are
always operating with the
latest version installed.
• Greater threats are constantly
evolving and that anti-virus
companies are always
attempting to stay up to date
with new attacks.
Cyber A Access Level
A Anti-Malware

Security A Authentication
A
Automating

Solution and
Software Updates

Prevention Spelling and

Firewalls
S Tone in
communications F
Privacy
Proxy Server
P Setting P
Secure Socket
S Layer
S Spelling and Tone in communications

• Threat relating to emails?

S Spelling and Tone in communications

• Phishing emails are a threat to security. Sending out

legitimate-looking emails designed to trick the recipients
into giving their personal details to the sender of the email.
• What can we do?
S Spelling and Tone in communications
• Phishing emails are a threat to security. Sending out
legitimate-looking emails designed to trick the recipients
into giving their personal details to the sender of the email.
• Check
• If there is spellinnngngs errors in the email
• The tone used in the email message

www.gougle.com
www.amozon.com
Cyber A Access Level
A Anti-Malware

Security A Authentication
A
Automating

Solution and
Software Updates

Prevention Spelling and

Firewalls
S Tone in
communications F
Privacy
Proxy Server
P Setting P
Secure Socket
S Layer
F Firewall

• A firewall can be either software or hardware. It sits between the user’s computer
and an external network (for example, the internet) and filters information in and out
of the computer.
F Firewall

• A firewall can be either software or hardware. It sits between the user’s computer
and an external network (for example, the internet) and filters information in and out
of the computer.
• Firewalls are the primary defence to any computer system to help protect
it from hacking, malware (viruses and spyware), phishing and pharming.
• Main tasks
• Examine the ‘traffic’ between user’s computer (or internal network)
and a public network
• checks whether incoming or outgoing data meets a given set of
criteria.If the data fails the criteria, the firewall will block the ‘traffic’
• criteria can be set so that the firewall prevents access to certain
undesirable sites; the firewall can keep a list of all undesirable IP
addresses
• The firewall can be software installed on a computer; in some cases, it is
Cyber A Access Level
A Anti-Malware

Security A Authentication
A
Automating

Solution and
Software Updates

Prevention Spelling and

Firewalls
S Tone in
communications F
Privacy
Proxy Server
P Setting P
Secure Socket
S Layer
P Privacy Setting

• Privacy settings are the controls available on web browsers, social

networks and other websites that are designed to limit who can access
and see a user’s personal profile.
• Examples:
• "Do not track" setting
• Allow payment method to be saved (avoid the need to key in
information everytime, which is dangerous)
• Safer browsing
• App (sharing of location)
P Privacy Setting - Phone and
Cyber A Access Level
A Anti-Malware

Security A Authentication
A
Automating

Solution and
Software Updates

Prevention Spelling and

Firewalls
S Tone in
communications F
Privacy
Proxy Server
P Setting P
Secure Socket
S Layer
P Proxy Server

• Proxy servers act as an intermediate between a user and a web server.

• Benefits?
P Proxy Server

• Proxy servers act as an intermediate between a user and a web server.

• Benefits:
• Allows internet traffic to be filtered; it is possible to block access to a
website if necessary - Parental Control
P Proxy Server

• Proxy servers act as an intermediate between a user and a web server.

• Benefits:
• Allows internet traffic to be filtered; it is possible to block access to a
website if necessary - Parental Control
• Keeps users’ IP addresses secret which improves security (middleman
concept)
• Can you relate to one threat that we learn last week?
P Proxy Server

• Proxy servers act as an intermediate between a user and a web server.

• Benefits:
• Allows internet traffic to be filtered; it is possible to block access to a
website if necessary - Parental Control
• Keeps users’ IP addresses secret which improves security (middleman
concept)
• If an attack is launched, it hits the proxy server instead – this helps to
prevent hacking, DDoS, and so on.
P Proxy Server

• Proxy servers act as an intermediate between a user and a web server.

• Benefits:
• Allows internet traffic to be filtered; it is possible to block access to a
website if necessary - Parental Control
• Keeps users’ IP addresses secret which improves security (middleman
concept)
• If an attack is launched, it hits the proxy server instead – this helps to
prevent hacking, DoS, and so on
• Act as a firewall
Cyber A Access Level
A Anti-Malware

Security A Authentication
A
Automating

Solution and
Software Updates

Prevention Spelling and

Firewalls
S Tone in
communications F
Privacy
Proxy Server
P Setting P
Secure Socket
S Layer
S Secure socket layer
• SSL is a protocol/rule that is commonly found on
websites where financial transactions take place.
• SSL encrypts the connection between the user's
computer and the website that is being used.
Sensitive data can be bank card numbers, login
details and passwords.
S Secure Socket Layer Handshake
A connection that is created between a web
browser and a web server
S Secure Socket Layer - flow
The user’s browser The browser then The web server
sends a message so requests that the web responds by sending a
that it can connect with server identifies itself copy of its SSL
the required website certificate to the
which is secured by SSL user’s browser

Certificate
An SSL certificate is a form of digital certificate
which is used to authenticate a website and
enables an encrypted connection
S Secure Socket Layer Handshake
The user’s browser The browser then The web server
sends a message so requests that the web responds by sending a
that it can connect with server identifies itself copy of its SSL
the required website certificate to the
which is secured by SSL user’s browser

If the browser can

authenticate this
certificate, it sends a
message back to the web
server to allow
communication to begin
S Secure Socket Layer Handshake
The user’s browser The browser then The web server
sends a message so requests that the web responds by sending a
that it can connect with server identifies itself copy of its SSL
the required website certificate to the
which is secured by SSL user’s browser

Once this message is If the browser can

received, the web server authenticate this
acknowledges the web certificate, it sends a
browser, and the SSL- message back to the web
encrypted two-way data server to allow
transfer begins communication to begin
S How do we know if a website is using SSL?

A user will know if SSL is being applied when they see https or the
small padlock in the status bar at the top of the screen.
S How do we know if a website is using SSL?
Examples of where SSL will be used:
• Online banking and all online financial transactions
• Online shopping/commerce
• Sending and receiving emails
• Instant messaging

Transport Layer Security (TLS)

- A more modern and more secure version of SSL. It is a form of
protocol that ensures the security and privacy of data between
devices and users when communicating over a network
T Transport Layer Security (TLS)
A more modern and more secure version of SSL. It is a form of
protocol that ensures the security and privacy of data between
devices and users when communicating over a network
Cyber A Access Level
A Anti-Malware

Security A Authentication
A
Automating

Solution and
Software Updates

Prevention Spelling and

Firewalls
S Tone in
communications F
Privacy
Proxy Server
P Setting P
Secure Socket
S Layer
EXAM QUESTION(JUNE21)
EXAM QUESTION(MARCH19)
EXAM QUESTION(JUNE21)
EXAM QUESTION(MARCH19)
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)
EXAM QUESTION(MARCH21)
EXAM QUESTION(MARCH21)
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)
EXAM QUESTION(JUNE20)