A-Warded LogoA-WardedSign Up Free

8. Topic 8(COLON) Cyber Security and the Software-Development Process

Lesson 8.1: Threats, Vulnerabilities And Attacks

#### Lesson focus #### Learning outcomes Students should be able to:.

Lesson 8.1: Threats, Vulnerabilities and Attacks

Introduction

Welcome to Lesson 8.1! In this lesson, we will explore the vital concepts surrounding cyber security, focusing on the threats and vulnerabilities that exist in our digital world. Protecting information is crucial, not just for businesses but also for individuals. By understanding these threats, you can better defend yourself against potential attacks!

Objectives

By the end of this lesson, students will be able to:

  • Describe the core goals of security: confidentiality, integrity, and availability (the CIA triad).
  • Identify common threats such as malware, phishing, and social engineering.
  • Conceptualize technical attacks including brute-force attacks, denial-of-service (DoS), and SQL injection.
  • Understand why human behavior can be the weakest link in security.
  • Provide examples of the three core goals of information security.

Goals of Security: The CIA Triad

The first step in understanding cyber security is recognizing the three core goals that make up the CIA triad:

1. Confidentiality

Confidentiality ensures that sensitive information is accessed only by authorized individuals. For example, think about your social media accounts. You wouldn’t want everyone to have access to your private messages. Therefore, platforms employ strong passwords, encryption, and user authentication to protect your data.

2. Integrity

Integrity means that the information is accurate and reliable. If someone alters your academic records, it compromises the integrity of those documents. To maintain integrity, many organizations use checksums or hashes. A simple example of this is when you upload files to the cloud; the service may verify if your file has been altered during upload using a hash function.

3. Availability

Availability ensures that data is accessible when needed. Imagine you couldn’t access your bank account due to server issues! This is where backups and redundant systems come into play, ensuring that if one system fails, others can provide the data you require.

Common Threats to Cyber Security

Understanding the threats that can compromise the CIA triad is key. Let's explore some common threats that students should be aware of.

1. Malware

Malware is a term that refers to malicious software designed to harm or exploit any programmable device or network. Here are some types of malware:

  • Viruses: Attach themselves to clean files and spread to other files and systems.
  • Worms: Travel through networks without any human action, replicating themselves.
  • Ransomware: Locks or encrypts files, demanding payment for access.
  • Trojans: Disguised as legitimate software but contain harmful code.

2. Phishing

Phishing is a technique used to trick individuals into providing personal information, such as passwords or credit card numbers, typically through deceptive emails or fake websites. For instance, you might receive an email appearing to be from your bank asking you to reset your password, leading you to a fraudulent site.

3. Social Engineering

Social engineering exploits human psychology to gain sensitive information. Imagine someone posing as a technician and calling you to ask for your passwords. Because of trust, people often unknowingly provide this information.

Technical Attacks

Now, let’s explore some technical attacks that can exploit system vulnerabilities.

1. Brute-Force Attacks

A brute-force attack is a method where an attacker tries numerous combinations of passwords until they find the right one. With powerful computers, attackers can guess passwords quickly. For example, if a password is 6 characters long, an attacker can try combinations of letters, numbers, and symbols to break in. The more complex and longer your password, the harder it is to crack!

2. Denial-of-Service (DoS) Attacks

In a DoS attack, an attacker floods a server with traffic, causing it to be unable to respond to legitimate users. Think of it like a group of people blocking access to a building; no one can get in. This can cripple services and cause significant damage to businesses.

3. SQL Injection

SQL injection involves inserting malicious SQL queries into input fields to manipulate databases. For example, if a login form does not properly validate user input, an attacker could gain access to sensitive data by injecting SQL code instead of a username or password. It highlights the importance of validating and sanitizing user inputs!

Why Human Behavior is the Weakest Link

Technology has advanced considerably in protecting systems, but human behavior often presents a vulnerability. For example, users may fall for phishing scams or use weak passwords, making it easier for attackers to breach security. Training and awareness are crucial components to strengthen this link!

Conclusion

Understanding threats and vulnerabilities is essential in the field of cyber security. students should now be familiar with the CIA triad and various common threats and attacks that can occur. Protecting information requires ongoing education and vigilance to combat ever-evolving techniques used by cybercriminals.

Study Notes

  • The CIA triad consists of Confidentiality, Integrity, and Availability.
  • Common threats include Malware (viruses, worms, ransomware, Trojans), Phishing, and Social Engineering.
  • Technical attacks include Brute-Force, Denial-of-Service, and SQL Injection.
  • Human behavior often weakens security—be aware of the potential risks!
  • Always validate and sanitize user inputs to prevent exploitation.

Practice Quiz

5 questions to test your understanding

Lesson 8.1: Threats, Vulnerabilities And Attacks — Computing | A-Warded