Fundamentals of cyber security - Computer Science 8525 (Updated) - AQA GCSE

Welcome to the World of Cyber Security!

Hi there! In this chapter, we are going to explore Cyber Security. Think of yourself as a digital security guard. Your job is to understand how people try to break into computer systems and, more importantly, how we can stop them. Don’t worry if some of the terms sound a bit "techy" at first—we will break everything down using simple examples and analogies you see every day.

By the end of these notes, you’ll know exactly what threats are out there and how to build a digital "fortress" to protect data.

1. What is Cyber Security?

According to the AQA syllabus, Cyber Security consists of the processes, practices, and technologies designed to protect networks, computers, programs, and data from attack, damage, or unauthorised access.

In simple terms: It is everything we do to keep our digital stuff safe from people who shouldn't have it.

Why do we need it?
- To keep our personal data (like bank details or private messages) private.
- To stop unauthorised access (hackers getting in).
- To prevent damage to computer systems.

Quick Review: Cyber security isn't just one thing; it's a mix of technology (like firewalls) and human habits (like picking strong passwords).

2. Cyber Security Threats

To defend a system, you first need to know how it can be attacked. Here are the main threats you need to know for your exam:

Social Engineering

This is the "art" of manipulating people rather than hacking the computer itself. It’s much easier to trick a person into giving away a password than it is to break a complex encryption code!
Analogy: Instead of picking a lock, you just trick the homeowner into handing you the key.

Malicious Code (Malware)

Malware is an "umbrella term" (a big category) for any hostile or intrusive software. It is code written specifically to cause trouble.

Pharming

This is a clever attack where a user is redirected to a fake website, even if they typed the correct address! The fake site looks exactly like the real one (like your bank) to trick you into entering your login details.

Weak and Default Passwords

Many people use "123456" or leave the password as "password" (the default). This makes it incredibly easy for hackers to guess their way in.

Misconfigured Access Rights

This happens when a user is given more access to a system than they actually need. If a student is accidentally given "Teacher" permissions on a school network, they could see everyone's grades! This is a security risk.

Removable Media

Things like USB sticks can carry malware. If you find a random USB in the park and plug it into your computer, it could automatically install a virus. This is a common way for networks to get "infected."

Unpatched and Outdated Software

Software companies often find "holes" (vulnerabilities) in their programs and release "patches" (updates) to fix them. If you don't update your software, those holes stay open for hackers to walk through.

Key Takeaway: Most threats happen because of human error (using weak passwords, clicking bad links, or not updating software).

3. Penetration Testing

How do big companies know if their security is actually good? They hire "ethical hackers" to try and break in! This is called Penetration Testing.

Definition: The process of attempting to gain access to resources without knowledge of usernames, passwords, and other normal means of access.

There are two types you need to know:

1. Simulating a Malicious Insider: The tester is given some knowledge of the system and maybe even basic login details. This tests what an unhappy employee could do from the inside.

2. Simulating an External Attack: The tester has no knowledge of the system at all. They start from the outside and try to find a way in, just like a real hacker would.

Don't get confused! One simulates a threat from someone already in the building, and the other simulates a threat from a complete stranger.

4. Deep Dive: Social Engineering

The exam wants you to know these three specific forms of social engineering. Think of them as the "Three Pillars of Trickery":

A. Blagging (Pretexting)

This is when someone creates an invented scenario (a "blag") to trick you. They might phone you up pretending to be from your bank’s security team, saying your account is under attack, to get you to give them your PIN.

B. Phishing

A technique used to get private information by sending emails or SMS (texts) that look like they are from a trusted company. They usually contain a link to a fake website.
Memory Tip: Phishing is like "fishing" for your data with "bait" (the fake email).

C. Shouldering (Shoulder Surfing)

This is the simplest one! It's just looking over someone's shoulder while they type in a password or a PIN at a cash machine.

How to protect against these: Be suspicious! Never give out passwords over the phone, check email addresses carefully, and always cover your hand when typing a PIN.

5. Deep Dive: Malware

Remember, Malware is the general name. Here are the three specific types you need to know:

Computer Virus

A piece of code that replicates (copies itself) and spreads from computer to computer. It usually attaches itself to a file. Just like a real flu virus, it needs to "infect" something to spread.

Trojan

Named after the famous wooden horse from history! This is malware that disguises itself as something useful or fun (like a free game or a cool screensaver). Once you install it, the "soldiers" come out and attack your system from the inside.

Spyware

This software secretly records what you are doing. It might track the websites you visit or use a "keylogger" to record every single key you press—including your passwords!

Quick Review Box:
- Virus: Spreads and copies.
- Trojan: Tricky disguise.
- Spyware: Watches you secretly.

6. Methods to Detect and Prevent Threats

Now that we know the "bad guys," how do we stop them? Here are the security measures from the AQA syllabus:

Biometric Measures

Using physical characteristics to identify a person. This is very common on mobile devices. Examples include:
- Fingerprint scanners.
- Facial recognition (FaceID).
- Iris (eye) scanners.

Password Systems

The most common form of security. A good system requires strong passwords (a mix of letters, numbers, and symbols) and forces users to change them regularly.

CAPTCHA

You know those boxes that ask you to "Click all the images with traffic lights"? That's a CAPTCHA. It stands for "Completely Automated Public Turing test to tell Computers and Humans Apart." Its job is to stop automated bots from creating fake accounts or spamming websites.

Email Confirmations

When you sign up for a website, they often send an email with a link you must click. This confirms your identity and makes sure you are a real person with a real email address.

Automatic Software Updates

The easiest way to stay safe! By letting your computer update itself automatically, you ensure that any security "holes" (patches) are fixed as soon as the manufacturer finds them.

Common Mistake to Avoid: Don't confuse Phishing with Pharming!
- Phishing uses an email to trick you.
- Pharming uses malicious code to redirect your web browser to a fake site.

Final Summary Takeaway

Cyber security is about protecting our digital lives. We face social engineering (tricking people) and malware (bad software). To stay safe, we use biometrics, strong passwords, CAPTCHAs, and always keep our software updated. Companies use penetration testing to find their own weaknesses before the bad guys do!

You've got this! Cyber security is all about being a little bit careful and using the right tools to stay one step ahead.

* The content provided by thinka is generated by AI and may not always be accurate or up-to-date. Please use it as a supplementary resource and verify with official materials.