6.6 - Logical Protection
Exam Board:
OCR
Specification:
2016 - Unit 2
Logical protection refers to using digital methods of security to protect computer systems and data.
Usernames & Passwords
******
Anti-Malware
Usernames must be matched with a secure password to minimise the chances of unauthorised users accessing a system.
Passwords should contain a mix of uppercase and lowercase letters, punctuation and numbers. Passwords should be of a substantial length (at least 8 characters) and should be regularly changed.
Anti-virus software scans a system and removes viruses. If left to infect a system a virus could delete data or permit access to unauthorised users.
​
Anti-spyware software removes spyware on an infected system so hackers cannot view personal data or monitor users.
​
Organisations should install and regularly update anti-virus and anti-spyware programs.
Firewall
Encryption
Firewalls prevent unauthorised access to or from a network.
Firewalls filter data packets and block anything that is identified as harmful to the computer system or network.
Firewalls can also be used to block access to specific websites and programs.
​
A firewall can be in the form of a physical device which is connected to the network, or software installed on a computer system.
Encryption is the conversion of data (plaintext) into an unreadable format (ciphertext) so it cannot be understood if intercepted.
​
Encrypted data can only be understood by an authorised system with a decryption key.
​
There are two types of encryption.
​
-
Encryption at rest is when data is encrypted while it is being stored on a system or storage drive.
​
-
Encryption in transit is to secure the data as it being transferred between systems on a network.
Tiered Levels of Access
Obfuscation
??????
The purpose of tiered levels of access is to grant different types of permission to certain users.
Managing levels of file access ensures that only authorised people can access and change certain files.
There are different levels of file access:
-
No access
-
Read-only - Allows a user to view but not edit.
-
Read/write - Allows a user to view and edit.
Obfuscation is when data is deliberately changed to be unreadable to humans but still understandable by computers.
Program code might be obfuscated to stop rival programmers from viewing and stealing it if they were able to access it.
Specialist software can be used to obfuscate data and convert it back into a human-readable format.
Questo's Questions
6.6 - Logical Protection:
​
1a. Describe why usernames and strong passwords are necessary. [2]
1b. State 3 rules for choosing a strong password. [3]
​
2. Describe the purpose of anti-virus and anti-spyware software. [4]
​
3. Describe the roles of a firewall. [4]
​
4. Explain what encryption is. What are the two types? [4]
​
5. Why would an organisation use tiered levels of access? What are the 3 levels of file access? [5]
​
6. What is obfuscation? State a scenario in which it would be used. [3]