Cybersecurity - Computing (9569) - GCE A-Level - Higher 2 (H2)

Welcome to the World of Cybersecurity!

Hello there! Today, we are diving into one of the most exciting and relevant chapters in your H2 Computing journey: Cybersecurity. In an era where almost everything we do is online, learning how to protect data and systems isn't just for "hackers" in movies—it's a vital skill for every computing professional.

Don't worry if some of these terms seem intimidating at first. We will break them down into bite-sized pieces with plenty of stories and analogies to help you along the way. Let's get started!

1. Protecting Data in Singapore: The PDPA

Before we talk about tech, we need to talk about the law. In Singapore, the Personal Data Protection Act (PDPA) is the "rulebook" that organizations must follow when handling your personal information.

What does the PDPA cover?

The PDPA governs three main activities regarding personal data (data that can identify you, like your NRIC, phone number, or even your face):

1. Collection: Organizations must have a valid reason to ask for your data and usually need your consent.
2. Use: They can only use your data for the purposes they told you about.
3. Disclosure: They cannot give your data to someone else without your permission.

Analogy: Imagine you give your phone number to a bubble tea shop for a loyalty program. Under the PDPA, they can't start using that number to try and sell you insurance (wrong Use) or sell your number to another company (wrong Disclosure).

Quick Review: The 3 Pillars of PDPA

• Collection: Asking for data.
• Use: Doing things with the data.
• Disclosure: Sharing the data.

2. Social Engineering: Hacking the Human

Sometimes, the easiest way to "break into" a computer isn't through code, but by tricking the person using it. This is called Social Engineering.

Common Social Engineering Attacks

• Phishing: Sending fake emails or messages that look like they are from a trusted source (like your bank) to trick you into clicking a link or giving up your password.
• Pretexting: Creating a fake scenario (a "pretext") to steal information. Example: Someone calls you pretending to be "IT Support" and says they need your password to fix a "critical error" on your account.
• Shoulder Surfing: Simply looking over someone's shoulder while they type their PIN or password in public.

Mnemonic to remember these: People Play Secretly (Phishing, Pretexting, Shoulder Surfing).

Takeaway: Always verify the identity of the person or website asking for your information!

3. Malware: The "Digital Flu"

Malware is short for "Malicious Software." It is any program designed to damage or gain unauthorized access to a computer system.

Meet the Malware Family

• Viruses: Programs that attach themselves to a legitimate file and spread when that file is opened. They need a "human host" to take action.
• Worms: These are "independent" and "smarter" than viruses. They can self-replicate and spread across networks automatically without any human help.
• Trojans: Named after the wooden horse from Greek history. These look like useful or fun programs (like a free game) but hide a malicious payload inside.
• Ransomware: This locks or encrypts your files and demands a "ransom" (payment) to give them back.

Common Mistake to Avoid: Don't confuse a Virus with a Worm! A Virus needs you to do something (like open an attachment), while a Worm travels through the network on its own.

4. Denial-of-Service (DoS) Attacks

A Denial-of-Service (DoS) attack is like a digital protest that blocks the entrance to a shop. The goal is not to steal data, but to make a service unavailable to legitimate users.

How it works:

The attacker floods a server with so many requests that the server gets overwhelmed and crashes or slows down to a crawl. This directly attacks the Availability of the system.

Analogy: Imagine 500 people who have no intention of buying anything suddenly crowding into a tiny cafe at once. The real customers who actually want coffee can't even get through the door.

5. Web Application Vulnerabilities

Websites are often built using code that interacts with databases. If this code isn't written carefully, hackers can exploit "holes" or vulnerabilities.

The "Big Three" Vulnerabilities

1. SQL Injection (SQLi): An attacker inserts malicious SQL code into an input field (like a login box) to trick the database into revealing secret data.
2. Cross-Site Request Forgery (CSRF): This tricks a logged-in user into clicking a link that performs an action they didn't intend to do (like changing their password or transferring money).
3. File Inclusion: This happens when a web app allows a user to submit a file path as input, which might let the attacker access sensitive files on the server that they shouldn't see.

How to Defend the Fort (Solutions)

• Input Validation: Check all data entered by users. If you expect a phone number, don't accept letters or symbols like \( ' \) or \( ; \).
• Prepared SQL Statements: Instead of building a query string manually, use placeholders. This treats user input as "just data" and not "executable code."
• CSRF Tokens: Use unique, secret "stamps" for every request so the server can verify the request actually came from the real user.
• File Permissions: Set strict rules on the server so that web applications can only access specific folders and nothing else.

Quick Review: SQLi Defense

Bad: Building a query like "SELECT * FROM users WHERE name = " + userInput.
Good: Using Prepared Statements and Input Validation to keep the "bad code" out!

6. Enhancing Network Security

When we send data across the internet, we need tools to keep it safe. We do this through three main methods:

1. Encryption: Scrambling data so only someone with the "key" can read it. This ensures Confidentiality.
2. Digital Signatures: A way to prove that a message hasn't been tampered with (Integrity) and to prove who sent it (Non-repudiation).
3. Authentication: The process of proving you are who you say you are (e.g., using passwords, fingerprints, or SMS codes).

Did you know? When you see the padlock icon in your browser address bar, it means the website is using Encryption to protect the data traveling between your computer and their server!

Final Summary Checklist

Before you move on, make sure you can:
• Explain the PDPA (Collection, Use, Disclosure).
• Describe Social Engineering (Phishing, Pretexting, Shoulder Surfing).
• Differentiate between Malware types (Virus, Worm, Trojan, Ransomware).
• Explain how a DoS attack affects availability.
• Identify SQLi and CSRF and know how to fix them (Input Validation, Prepared Statements, Tokens).
• Understand how Encryption and Authentication keep networks safe.

You've got this! Cybersecurity is a broad field, but by mastering these fundamentals, you are well on your way to being a savvy computing student. Keep practicing those SQL injection defenses!

* The content provided by thinka is generated by AI and may not always be accurate or up-to-date. Please use it as a supplementary resource and verify with official materials.