Computer Science (9210) | Methods to detect and prevent cyber security threats

Welcome to the Cybersecurity Toolkit!

Hello future digital defenders! In this chapter, we are learning some of the most essential skills in Computer Science: how to protect systems and data from cyber threats. We've talked about the scary threats (malware, phishing, etc.), and now we focus on the good news: we have powerful tools to stop them!

Think of this chapter as learning how to build a high-security vault for all your precious digital information. Ready to become an expert digital bodyguard? Let's dive in!

Key Learning Objectives

• Understand the role of firewalls and anti-malware software.
• Explain why strong authentication (like 2FA) is vital.
• Describe how encryption keeps data secret.
• Recognise the importance of software patches and backups.

Section 1: Preventing Access – The Front Door Security

The easiest way to stop a threat is to never let the attacker through the front door. This involves setting up strong rules about who can access the system and what they can do once inside.

1. Strong Authentication and Passwords

Authentication is the process of proving you are who you say you are. The most common form is the password, but a weak password is like having no lock at all!

How to Create Strong Passwords (Prevention Method)

• Length: Longer passwords (12+ characters) are much harder to crack.
• Complexity: Use a mix of uppercase letters, lowercase letters, numbers, and special characters (e.g., #, $, @).
• Uniqueness: Never reuse passwords across different accounts. If one account is breached, all your others are safe.

Analogy: A weak password ("12345") is like leaving your key under the doormat. A strong password ("P@ssw0rd*4TheWin!") is like a complex combination lock.

2. Two-Factor Authentication (2FA)

Even strong passwords can sometimes be guessed or stolen (e.g., through phishing). Two-Factor Authentication (2FA) adds a crucial second layer of security.

2FA requires the user to provide two different types of evidence before being granted access.

The three main 'factors' are:

1. Something you Know (e.g., a password or PIN)
2. Something you Have (e.g., a mobile phone to receive a code, or a physical security token)
3. Something you Are (e.g., a fingerprint or face scan – Biometrics)

Most commonly, 2FA uses factors 1 and 2 (Password + Code sent to phone). If a hacker steals your password, they still cannot log in without also having your physical phone!

3. Access Levels (User Permissions)

Once a user is logged in, their access level determines what actions they are allowed to perform. This is based on the principle of Least Privilege.

Only users who absolutely need Administrative (Admin) rights (the ability to install software, delete accounts, or change core settings) should have them. Most employees or students only need basic User rights.

Why this helps: If a hacker steals the login details of a low-level 'User', they can only damage the files belonging to that user. If they steal 'Admin' details, they could potentially wipe the entire network.

Section 2: Network Defences – The Digital Gatekeepers

Now we look at the tools that monitor all the data moving in and out of a network, constantly looking for trouble.

1. Firewalls (Detection and Prevention)

A Firewall is essential security software (or hardware) that acts as a barrier between your private network (like your home computer or a school system) and the outside internet.

Analogy: Think of a firewall as a strict security guard at the entrance to a building. Every person (data packet) coming in or going out must show their ID and state their purpose.

How Firewalls Work:

The firewall filters network traffic based on a set of pre-determined rules. It examines:

• Source Address: Where the data came from.
• Destination Address: Where the data is trying to go.
• Port Number: Which application (like a web browser or email client) the data is using.

If the data packet meets the rules (e.g., coming from a trusted site, going to a standard port like 80 for HTTP), the firewall allows it through. If it violates a rule (e.g., trying to access a blocked server or using an unusual port), the firewall blocks the connection.

Detection Role of a Firewall

While mainly preventive, firewalls detect and log suspicious connection attempts. These logs are vital for administrators to spot attempted attacks.

2. Anti-Malware Software (Detection and Prevention)

Anti-malware software (often called Anti-Virus) is designed to detect, quarantine, and eliminate malicious software like viruses, worms, and spyware.

How Anti-Malware Detects Threats:

Anti-malware uses two main methods to spot trouble:

1. Signature Matching (Detection): This is the most common method. The software maintains a huge database of known malware "signatures" (unique digital fingerprints). It scans files and compares them against this list. If there is a match, the file is identified as malware.
2. Heuristic Analysis (Detection): This is used to spot *new* or *unknown* malware. Instead of looking for a known signature, the software monitors files for suspicious behaviour (e.g., a program suddenly trying to modify core system files, encrypt data rapidly, or send hundreds of emails).

Remember: Anti-malware must be constantly updated to receive the latest signature database to protect against new threats!

Section 3: Protecting Data – Making Information Useless to Thieves

Sometimes, despite all our prevention methods, a hacker might still manage to steal a copy of a file. This is where Encryption becomes our superhero.

1. Encryption (Prevention)

Encryption is the process of scrambling data so that it becomes unreadable (useless) to anyone who doesn't have the secret key needed to unlock it.

The Process of Encryption

1. The original readable data is called Plain Text.
2. The Plain Text is passed through an Encryption Algorithm (a mathematical process).
3. An Encryption Key (a very long, secret sequence of characters) is applied during the process.
4. The result is the scrambled, unreadable data called Cipher Text.

To reverse the process (decryption), the recipient must use the corresponding decryption key.

Did you know? When you see "https://" in your browser address bar, the 's' stands for 'secure', meaning your communication with that website is protected by encryption.

Even if a cyber thief intercepts the Cipher Text (the scrambled message), without the unique key, the data looks like random gibberish and is completely useless to them.

Section 4: System Health and Recovery

Cybersecurity isn't just about setting up initial defences; it's also about ongoing maintenance and having a plan when things go wrong.

1. Software Updates and Patches (Prevention)

Often, software developers release new versions of their operating systems (OS) and applications. These updates are crucial for security.

A Vulnerability is a flaw or weakness in software that a hacker could exploit to gain access or cause damage.

A Patch is a small piece of code released by the developer specifically to fix a known vulnerability.

Common Mistake to Avoid: Many people delay updates because they are annoying or time-consuming. However, leaving software unpatched means leaving the digital doors wide open for hackers who know exactly which vulnerability to target!

Regularly applying updates and patches is one of the most effective ways to prevent attacks that rely on known security holes.

2. Data Backups (Recovery)

Even the strongest security systems can fail. Malware (especially ransomware) or a simple hardware failure could result in the total loss of important data.

A Data Backup is simply making copies of data so that the original information can be restored after a disaster.

Essential Backup Procedures:

• Regularity: Backups should be performed frequently (daily or weekly, depending on how often the data changes).
• Verification: You must test the backup to ensure the data can actually be restored correctly.
• Offsite/Offline Storage: The most critical step. If a ransomware attack encrypts your computer, and the backup drive is plugged in, the ransomware might encrypt the backup too! Backups should ideally be stored offline (disconnected from the network) or offsite (in a different physical location or a secure cloud service).

A solid backup plan is the ultimate insurance policy against data loss from hardware failure, human error, or a successful cyber attack.