9.3: Protection Methods

Protection Against Malware

The following methods can be used to protect computer systems from malware.

Antivirus Software

Firewall

Updates & Patches

It is vital to keep applications and the operating system up to date as attackers are creating new malware daily and finding exploits in weak code

A patch is a software update with edited code to fix any bugs or security flaws. Patches may need to be installed when errors or weaknesses have been identified by the developers. Video game developers often release patches to fix errors.

Other Methods of Protection

Two Factor Authentication (2FA)

 

This is a method of confirming someone's identity by requiring two forms of authorisation, such as a password and a pin code sent to a mobile.

4392

Use Malware Removal Tools

Download and install anti-malware applications that will remove infected files for you. Be careful, some software that labels itself as malware removal is actually malware itself.

Security Staff

Staff may be hired to protect important data, for example by guarding server rooms or checking ID badges.

Protection Against Keyloggers 

One method is to prevent access to the keyboard port at the back of the computer (e.g. USB port) so others can't connect a physical keylogger to capture key strokes.

 

Also a firewall could be used to prevent a device driver being installed which would save key strokes into a file for malicious users to view.

Malware and Security Training

Companies should train staff to spot common phishing scams and to only use trusted websites and software manufacturers.

 

Many companies spend money on training days to teach employees about cyber security to minimise the chance of data loss and corruption.

Software Protection

The following methods of protection are considered in the design, testing and creation stages of developing software.

Secure by Design

This method puts security as the most important concept when creating and designing software.

By focusing on security when designing software there should be less need for later updates and patches and attacks are less likely to succeed.

Too Many Permissions

Apps require permission to use device features (such as the camera or microphone of a smartphone) when they are downloaded. Programmers should only request permission for features that the software requires.

Some malicious apps steal data or spy on users - and the worst part is that you've given permission for it to do itUsers can avoid suspicious apps by reading reviews, checking there are no unnecessary permission requests, only downloading the software you need / will use and uninstall apps if permissions change.

Scripting Restrictions

A script is a set of instructions executed on a website. For example, Facebook uses a JavaScript script to post a status and another to read your private messages.

The Same Origin Policy (SOP) is a security precaution that prevents websites from using scripts on other sites that you have open. For example, if you are using JavaScript to post a status on Facebook then visit an infected site, that site can't also use JavaScript to access your Facebook data, because even though they both use JavaScript, they are from a different origin.

 

Without SOP an infected website could access personal data or infect a computer with malware by maliciously using the same scripts as other websites you have used. Programmers should set scripting restrictions when creating websites.

Validation with Parameters

A parameter is a measure that is used when validating data, it is usually a range or limit.

 

For example, the parameters of a length check may be whether the data is between 1 and 10 characters.

Programmers must ensure validation is used on websites with suitable parameters to prevent attacks such as an SQL injection. 

9.3 - Protection Methods:

1. Describe the purpose of antivirus software and its different roles[4]

2. Describe the purpose of firewalls and its different roles[4]

3. What is a patch? Why are they important[4]

4. Describe four other methods of protection[8]

5a. What is meant by 'secure by design'?  [2]

5b. What are two intended consequences if software is secure by design? [2]

6. What is a permission? Why should permissions be managed? [4]

7. What is Same Origin Policy (SOP)? Why is it important? [3]

8. What is a parameter? Why is validation used when data is input online? [2]

Antivirus software is used to locate and delete viruses on a computer system. The software scans each file on the computer and compares it against a database of known viruses. Files with similar features to viruses in the database are identified and deleted.


There are thousands of known viruses, but new forms are created each day by attackers, so antivirus software must be regularly updated to keep systems secure.

Other roles of antivirus software:

  • Checking all incoming and outgoing emails and their attachments.

  • Checking files as they are downloaded.

  • Scanning the hard drive for viruses and deleting them.

A firewall manages incoming and outgoing network traffic.

 

Each data packet is processed to check whether it should be given access to the network by examining the source and destination address.

Unexpected data packets will be filtered out and not accepted to the network.

Other roles of a firewall include:

  • Blocking access to insecure / malicious web sites.

  • Blocking certain programs from accessing the internet.

  • Blocking unexpected / unauthorised downloads.

  • Preventing specific users on a network accessing certain files.

Exam Board:

Eduqas / WJEC

Specification:

2016 + 

Questo's Questions

© CSNewbs 2020