Threats to Computer Systems
In the digital world, data is one of the most valuable assets. Computer Security involves protecting this data, along with software and hardware, from various vulnerabilities. Threats to a computer can be either intentional (a deliberate act to destroy data) or unintentional (an accidental act that destroys data).
Learning Objectives
- 12.5.2.1 State what is meant by malware and describe different types of Malware
- 12.5.2.2 State what is social engineering (Phishing and Pharming)
- 12.5.2.3 Describe how online tracking is done and methods to prevent it
- 12.5.2.4 Explain secure data transmission protocols (SSL and TLS)
Conceptual Anchor
The Castle Defense Analogy
Securing a computer system is like defending a medieval castle. Malware represents enemies trying to breach the walls using brute force or disguised as a Trojan Horse. Social Engineering is when an enemy spy tricks your guards into willingly opening the gates. Finally, TLS/SSL protocols act as heavily armored, encrypted carriages transporting your valuable messages safely across hostile territory.
Rules & Theory
1. Malware (Malicious Software)
Definition: An abbreviated form of "malicious software." This is software specifically designed to gain access to or damage a computer, usually without the knowledge of the owner.
| Type | Description & Behavior |
|---|---|
| Virus | A program that attaches itself to a legitimate file or executable program and spreads when that infected file is opened or executed by the user. |
| Worm | A program that copies itself repeatedly in the memory or on a disk drive until there is no memory or disk space left. Crucially, it stays active in the computer's memory and replicates itself over a network to infect other machines without user interaction. |
| Trojan Horse | A malicious program that pretends to be a useful and safe application to trick the user into installing it. Once inside, it creates a "backdoor" for hackers to access the system. |
| Ransomware | Malware that encrypts the user's files or locks the entire system, demanding a financial payment (ransom) in exchange for the decryption key. |
| Spyware & Adware | Software that secretly monitors user activity (like keyloggers recording passwords) or bombards the user with unwanted advertising. |
Symptoms of a Malware Infection
How do you know your computer is infected? Look out for these indicators:
- Increased CPU usage and significantly slow computer or web browser speeds.
- Freezing, crashing, or unexplained problems connecting to networks.
- Modified, deleted, or renamed files without your knowledge.
- The appearance of strange files, programs, or desktop icons.
- Security programs (antivirus/firewalls) turning off or reconfiguring themselves.
- Emails or messages being sent automatically from your account without your knowledge.
- Unusually high network activity when you are not actively using the internet.
2. Social Engineering
Unlike malware that attacks the machine, social engineering attacks the human psychology. It is the art of manipulating people so they give up confidential information.
| Technique | Method of Attack |
|---|---|
| Phishing | Sending fraudulent emails that look like they are from a reputable company (e.g., your bank). The email contains a link to a fake website designed to trick you into entering your login credentials or credit card numbers. |
| Pharming | A more advanced attack where malicious code is installed on your computer or a server. Even if you type the correct URL into your browser, the code secretly redirects you to a fake, fraudulent website to steal your data. |
3. Online Tracking
Organizations and malicious actors track user activity across the internet to build profiles. This is done using:
- Cookies: Small text files saved in your browser that track website preferences, login status, and browsing history.
- Web Beacons (Pixel Tags): Tiny, invisible image pixels embedded in web pages or emails to track whether a user has viewed the content.
- Browser Fingerprinting: Collecting unique data about your device (screen resolution, OS, installed fonts, browser version) to identify you even if you delete cookies.
4. Secure Protocols: SSL and TLS
To protect data as it travels across the internet, secure transmission protocols are used to encrypt the communication.
- SSL (Secure Sockets Layer): The original security protocol used to establish encrypted links. It is now largely considered outdated and has been replaced by TLS.
- TLS (Transport Layer Security): Works the same way as SSL but is much more secure, designed to provide encryption, authentication, and data integrity effectively to prevent a third-party hacking into the communication.
The Two Layers of TLS
The TLS protocol forms two distinct layers during communication:
- Record Protocol: This part contains the actual data being transferred over the internet. It can be used with or without encryption.
- Handshake Protocol: This permits the website and the client (user) to authenticate each other and establish the encryption algorithms to be used. This ensures a secure session is fully established before data is transferred.
Common Pitfalls
Virus vs. Worm
Students frequently confuse these two. A Virus requires a host file and user action (like clicking an infected attachment) to spread. A Worm is a standalone program that replicates itself automatically across networks without needing a host or human interaction.
Phishing vs. Pharming
Phishing relies on a fake email tricking you into clicking a bad link. Pharming redirects you to a fake site even if you type the 100% correct address into your browser, because the underlying DNS or host file has been poisoned.
Exam Style Tasks
Match the following malware types to their specific behavior:
1. Trojan Horse
2. Worm
3. Ransomware
A. Encrypts files and demands payment.
B. Pretends to be safe software to trick the user into installing it.
C. Replicates repeatedly in memory until the disk is full.
Explain the difference between an Intentional threat and an Unintentional threat, providing one real-world example for each.
Describe the two layers of the Transport Layer Security (TLS) protocol. Explain the specific role of the Handshake Protocol versus the Record Protocol.
Self-Check Quiz
Q1: What is the main difference between Phishing and Pharming?
Q2: If your computer's firewall unexpectedly turns itself off and emails are sent to your contacts without your knowledge, what is the likely cause?
Q3: What happens during the TLS Handshake Protocol?