Fundamentals of cyber security - Computer Science 8525 (Current) - AQA GCSE

Welcome to the World of Cyber Security!

In this chapter, we are going to learn how to keep our digital lives safe. Think of cyber security as the "home security system" for the internet. Just like you lock your front door to keep burglars out, cyber security uses different tools and tricks to keep hackers away from our data.

Don't worry if some of the words sound like they belong in a spy movie—we’ll break them down step-by-step!

1. What is Cyber Security?

Cyber security consists of the processes, practices, and technologies designed to protect networks, computers, programs, and data from:
• Attack
• Damage
• Unauthorised access (people looking at things they shouldn't!)

Quick Review: The Purpose

The main goal is to keep information private, ensure it is accurate, and make sure it is available to the people who are actually allowed to use it.

2. Social Engineering: The "Human" Hack

Most people think hackers just type fast code to get into a system. But often, it's much easier to just trick a human! This is called social engineering—the art of manipulating people so they give up confidential information.

Here are the three types you need to know for your exam:

A. Blagging (Pretexting)

Blagging is when someone invents a fake story (a "pretext") to trick you into giving away info.
Example: Someone calls you pretending to be from your bank's security team, telling you there’s an emergency and they need your password to "fix" it.

B. Phishing

Phishing is a technique where criminals send emails or SMS messages that look like they are from a real company (like Amazon or PayPal) to steal your details.
Example: You get an email saying "Your account is locked! Click here to log in," but the link takes you to a fake website that steals your password.

C. Shouldering (Shoulder Surfing)

Shouldering is the simplest trick—it’s just looking over someone’s shoulder while they type!
Example: Watching someone enter their PIN at a cash machine or their password on a bus.

Memory Aid: The Three 'ings'

Blagging = Lying (fake story)
Phishing = Fishing (sending out a "hook" via email)
Shouldering = Peeking (looking over a shoulder)

3. Malicious Code (Malware)

Malware is an "umbrella term" (a big category) that refers to any hostile or intrusive software. Think of it like a digital flu for your computer.

• Computer Virus: Software that "infects" a computer and replicates itself to spread to other files or computers.
• Trojan: Software that pretends to be something useful (like a free game) but actually has a hidden malicious purpose. (Just like the wooden horse in the Greek legend!)
• Spyware: Software that secretly monitors what you do on your computer (like recording your keystrokes) and sends the info back to the hacker.

Quick Takeaway: Malware is any software designed to cause trouble or steal info without you knowing.

4. Other Cyber Security Threats

Hackers have many other ways to cause trouble. Here are the ones on your syllabus:

• Pharming: This is a clever attack that redirects you to a fake website even if you typed the correct address! It’s like a fake road sign that leads you to a fake bank.
• Weak and Default Passwords: If your password is "12345" or "password", it's easy to guess. Also, many devices come with a default password like "admin" that people forget to change.
• Misconfigured Access Rights: This happens when a user is accidentally given permission to see files they shouldn't be allowed to see.
• Removable Media: USB sticks can carry malware. If you find a random USB in a car park and plug it in, you might infect your whole network!
• Unpatched/Outdated Software: Software often has "holes" (bugs). Companies release "patches" (updates) to fix them. If you don't update, the holes stay open for hackers.

5. Penetration Testing (Ethical Hacking)

How do companies find their weaknesses before the bad guys do? They use Penetration Testing. This is the process of attempting to gain access to a system to find its flaws.

There are two types of tests you need to know:

1. Simulating an Insider Attack: The tester is given knowledge of the system and maybe even some basic login details. This simulates a "malicious insider" (like an employee gone rogue).
2. Simulating an External Attack: The tester has no knowledge of the system or credentials. They try to break in from the outside, just like a real hacker would.

6. Methods to Detect and Prevent Threats

Don't worry, we have plenty of ways to fight back! Here are the common security measures:

• Biometric Measures: Using your body to unlock things (like fingerprints or face recognition). These are hard to fake!
• Password Systems: Requiring strong passwords and changing them regularly.
• CAPTCHA: Those "I am not a robot" tests. They stop automated programs (bots) from creating thousands of fake accounts.
• Email Confirmations: When a site sends you a code to your email to prove you are who you say you are.
• Automatic Software Updates: Setting your computer to install "patches" automatically so those security "holes" get fixed as soon as possible.

Did you know? CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart." That's why it's such a mouthful!

Final Summary Check

What have we learned?
• Cyber security protects our digital stuff.
• Social engineering tricks people (Blagging, Phishing, Shouldering).
• Malware is bad software (Virus, Trojan, Spyware).
• Penetration testing finds holes by pretending to be a hacker.
• Prevention tools include biometrics, CAPTCHAs, and updates.

Common Mistake to Avoid: Don't confuse Phishing with Pharming. Phishing is the message (email/text) sent to you. Pharming is the redirecting of your web traffic to a fake site.

* The content provided by thinka is generated by AI and may not always be accurate or up-to-date. Please use it as a supplementary resource and verify with official materials.