Security Issues (Grade 12 NSC Matric Computer Application Technology): Revision Notes

Security Issues

Understanding network security risks

One major disadvantage of computer networks is that unauthorised people can sometimes gain access to computers through the network connection. While security breaches can happen in local area networks (LANs), the risk becomes much greater in wide area networks (WANs), particularly when using the internet. Understanding these security threats helps you protect yourself and your data more effectively.

Internet attacks

Internet attacks, also known as cyber attacks, specifically target the infrastructure of the web itself. These attacks can disrupt services, steal information, or cause widespread damage to digital systems. Let's explore the main types you need to know about.

Denial-of-service attacks

A denial-of-service (DoS) attack works by overwhelming a server with so many requests for information that it cannot cope with normal user traffic. Attackers use compromised computers to flood the target server, making it impossible for legitimate users to connect to the system. When multiple computers are used together for this purpose, it becomes a distributed denial-of-service (DDoS) attack, which is even more powerful and harder to stop.

Cyberterrorism

Cyberterrorism refers to attacks that specifically target a country's critical IT infrastructure. These attacks can disrupt essential services like power grids, water systems, or financial networks, potentially causing serious harm to society and the economy.

Spoofing attacks

Spoofing attacks work by disguising the attacker's identity, making them appear to be a legitimate user or system. Attackers achieve this by using false data or fake credentials to connect to networks or services. This deception allows them to bypass security measures and gain unauthorised access.

Sniffer attacks

Sniffer attacks involve monitoring and intercepting data as it travels across a network. Hackers use special sniffer applications to analyse network traffic and capture any unencrypted data being transmitted. This means they can potentially access passwords, personal messages, and other sensitive information flowing through the network.

Common malware threats

Malware is software designed to cause harm to computers or networks without the user's knowledge. Modern computers and smartphones are used for everything from online banking to storing personal photos, making it essential to understand different types of malware and how to protect against them.

First Category Threats and Protections:

Threat Type	Description	Protection Methods
Pharming	Redirects users to fake websites	Use reputable antivirus software, verify website URLs
Click-jacking	Tricks users into clicking malicious links	Keep browsers updated, use click protection software
Spoofing	Impersonates legitimate sources	Verify sender identity, use email filtering
Spyware	Secretly monitors user activity	Install anti-spyware software, regular system scans

Second Category Threats and Protections:

Threat Type	Description	Protection Methods
Keyloggers	Records keystroke data	Use on-screen keyboards for sensitive data, antivirus protection
Viruses	Self-replicating malicious code	Regular antivirus updates, avoid suspicious attachments
Worms	Spreads across networks automatically	Network firewalls, keep systems patched
Trojans	Disguised as legitimate software	Download software from trusted sources only
Ransomware	Encrypts files for ransom	Regular backups, avoid suspicious email attachments
Adware	Displays unwanted advertisements	Use ad-blockers, avoid free software from untrusted sources
Scams	Fraudulent schemes for money/data	Education about common scam tactics, verify requests independently

Bots and zombies

Understanding bots

A bot (short for robot) is a software application that automatically performs tasks and actions. On the internet, legitimate bots are commonly used to analyse and gather information. For example, web crawlers are bots that search engines like Google use to gather, analyse, and index website data.

Malware bots and zombies

However, bots can also be used maliciously. Malware bots function by infecting users' computers and automatically performing harmful actions such as gathering keystrokes, obtaining financial information, collecting passwords, or creating backdoors for hackers to access the infected computer.

When malware bots completely take control of a user's computer, that computer becomes what's known as a zombie. Hackers can use these zombie computers for various malicious purposes, including launching denial-of-service attacks and sending spam emails to spread malware further. When hackers control multiple zombie computers together, this creates a powerful network called a botnet or zombie army.

Privacy and data access rights

Computer crimes often depend on unauthorised access to personal data. To prevent fraud and identity theft, it's crucial to understand who has legitimate access to your data and how to protect your privacy.

Right to access vs right to privacy

Understanding the difference between access rights and privacy rights is important for protecting yourself online. Consider these examples:

• If you use a computer owned by someone else (like at work or school), they may have the right to access your data files stored on their system
• When you use online services like Facebook, their End User Licence Agreement states that they own whatever content you post on their platform
• If your school has an Acceptable Use Policy (AUP) for computer labs that you've agreed to, you may have given others permission to monitor your activity and access your files

Being aware of these situations helps you make informed decisions about where and how you store sensitive information.