Methods of Preventing Cyber Security Threats (AQA GCSE Computer Science): Revision Note

Penetration Testing

What is penetration testing?

• Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access

• A company will employ penetration testers to test a networks security and use any information gained to to fix any issues that are found

• There are two main types of penetration testing:

  • Malicious insider

  • External attack

Malicious insider (white-box)

• When the person or team testing the system has knowledge of and possibly basic credentials for the target system, simulating an attack from inside the system

External attack

• When the person or team testing the system has no knowledge of any credentials for the target system, simulating an attack from outside the system

Biometric Measures

What are biometric measures?

• Biometric measures are an individuals personal characteristics used to identify them, such as

  • Fingerprints

  • Iris/retina scans (eyes)

  • Voice recognition

• Biometrics provide a very secure method of confirming a users identity before allowing access/permission to a computer system

• Biometric measures are often used on mobile devices to provide secure access

CAPTCHA

What is a CAPTCHA?

• A CAPTCHA is a method of testing if a website request originates from a human or a machine (bot)

• Completely Automated Public Turing test to tell Computers & Humans Apart (CAPTCHA) examples include:

  • Text - Asking users to enter characters from a distorted text box, users would need to decipher the characters and enter them in a designated box

  • Image - A grid of images, a user would be asked to select all those that contain a specific object

  • Checkbox - A simple checkbox appears asking the user to confirm they are not a robot 

• A CAPTCHA can be used to prevent spam and protect logins

Confirming Identity

How can you confirm identity?

• One method of confirming the identity of a user is to email a link to check that they are using a valid and working email address

• A user does not get access to a service/website until the check is complete

• This type of check can be carried out using SMS in the same way

Automatic Software Updates

What are automatic software updates?

• Automatic software updates take away the need for a user to remember to keep software updated and reduce the risk of software flaws/vulnerabilities being targeted in out of date software

• Automatic updates ensure fast deployment of updates as they release