Cambridge IGCSE and O Level Computer Science Second Edition_removed.pdf

Full Transcript

5 The internet and its uses

Data interception
Data interception is a form of stealing data by tapping into a wired or
Link wireless communication link. The intent is to compromise privacy or to obtain
confidential information.
For more on data
packets refer to Interception can be carried out using a packet sniffer, which examines data
Chapter 2. packets being sent over a network. The intercepted data is sent back to the
hacker. This is a common method when wired networks are used.
Wi-Fi (wireless) data interception can be carried out using wardriving (or
sometimes called Access Point Mapping). Using this method, data can be
intercepted using a laptop or smartphone, antenna and a GPS device (together
with some software) outside a building or somebody’s house. The intercepted
Wi-Fi signal can then reveal personal data to the hacker, often without the user
being aware this is happening.
Obviously, encryption of data makes life more difficult for the hacker. While it
doesn’t stop the data being intercepted or altered in some way, encryption will
make the data incomprehensible to the hacker if they don’t have access to a
decryption key. Therefore, to safeguard against wardriving, the use of a wired
equivalency privacy (WEP) encryption protocol, together with a firewall, is
recommended. It is also a good idea to protect the use of the wireless router
by having complex passwords. It is important not to use Wi-Fi (wireless)
connectivity in public places (such as an airport) since no data encryption will
exist and your data is then open to interception by anyone within the airport.
Distributed Denial of Service (DDoS) attacks
A denial of service (DoS) attack is an attempt at preventing users from
accessing part of a network, notably an internet server. This is usually temporary
but may be a very damaging act or a large breach of security. It doesn’t just
affect networks; an individual can also be a target for such an attack. The
attacker may be able to prevent a user from:
» accessing their emails
» accessing websites/web pages
» accessing online services (such as banking).

One method of attack is to flood the network with useless spam traffic. How
does this cause a problem?
When a user enters a website’s URL in their browser, a request is sent to the web
server that contains the website or web page. Obviously, the server can only
handle a finite number of requests. So if it becomes overloaded by an attacker
sending out thousands of requests, it won’t be able to service a user’s legitimate
request. This is effectively a denial of service. In a distributed denial of service
(DDoS) the spam traffic originates from many different computers, which makes
it hard to block the attack.
This can happen to a user’s email account, for example, by an attacker sending
out many spam messages to their email account. Internet service providers (ISPs)
only allow a specific data quota for each user. Consequently, if the attacker sends
out thousands of emails to the user’s account, it will quickly become clogged up

190

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 190 2/18/21 2:14 PM
 5.3 Cyber security

and the user won’t be able to receive legitimate emails. An individual user or a
website can guard against these attacks to some degree by:
» using an up-to-date malware checker
» setting up a firewall to restrict traffic to and from the web server or user’s
computer
» applying email filters to filter out unwanted traffic (for example, spam).
There are certain signs a user can look out for to see if they have become a
victim of a DDoS attack:
» slow network performance (opening files or accessing certain websites)
» inability to access certain websites
» large amounts of spam email reaching the user’s email account.

Hacking
Hacking is generally the act of gaining illegal access to a computer system
without the user’s permission. This can lead to identity theft or the gaining of
personal information; data can be deleted, passed on, changed or corrupted.
As mentioned earlier, encryption does not stop hacking; it makes the data
meaningless to the hacker but it doesn’t stop them from deleting, corrupting
or passing on the data. Hacking can be prevented through the use of firewalls,
user names and frequently changed strong passwords. Anti-hacking software and
intrusion-detection software also exists in the fight against hacking.
Malicious hacking, as described above, takes place without the user’s permission,
and is always an illegal act. However, universities and companies now run courses
in ethical hacking. This occurs when companies authorise paid hackers to check
out their security measures and test how robust their computer systems are to
hacking attacks.
Malware
Malware is one of the biggest risks to the integrity and security of data on
a computer system. There are many forms of malware; this chapter will only
consider the following in any detail:
Viruses

Worms Ransomware

Malware

Trojan horse Adware

Spyware

▲ Figure 5.10 Malware types

Viruses
Viruses are programs or program code that replicate (copies themselves) with the
intention of deleting or corrupting files, or causing a computer to malfunction
(for example, by deleting.exe files, filling up the hard drive with ‘useless’ data,
and so on).
191

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 191 2/18/21 2:14 PM
 5 The internet and its uses

Viruses need an active host program on the target computer or an operating system
that has already been infected, before they can actually run and cause harm (that is,
they need to be executed by some trigger before starting to cause any damage).
Viruses are often sent as email attachments, reside on infected websites or on
infected software downloaded to the user’s computer. Apart from all the usual
safety actions (for example, don’t open emails from unknown sources, don’t
install non-original software), always run an up-to-date virus scanner (refer to
Chapter 4 for more details).

Find out more

Reading this chapter and other chapters throughout this book, find out the various
ways viruses can be sent. Produce a wall chart showing all of these ways and the
various ways to avoid receiving viruses.

Worms
Worms are a type of stand-alone malware that can self-replicate. Their intention
is to spread to other computers and corrupt whole networks; unlike viruses, they
don’t need an active host program to be opened in order to do any damage. They
remain inside applications which allows them to move throughout networks.
In fact, worms replicate without targeting and infecting specific files on a
computer; they rely on security failures within networks to permit them to spread
unhindered.
Worms frequently arrive as message attachments and only one user opening a
worm-infested email could end up infecting the whole network. As with viruses,
the same safeguards should be employed, together with the running of an up-to-
date anti-virus program. Worms tend to be problematic because of their ability
to spread throughout a network without any action from an end-user; whereas
viruses require each end-user to somehow initiate the virus.
Examples include the ‘I love you’ worm, which attacked nearly every email user
in the world, overloaded phone systems and even brought down television
networks. All of this makes them more dangerous than viruses.
Trojan horse
A Trojan horse is a program which is often disguised as legitimate software but
with malicious instructions embedded within it. A Trojan horse replaces all or
part of the legitimate software with the intent of carrying out some harm to the
user’s computer system.
They need to be executed by the end-user and therefore usually arrive as an
email attachment or are downloaded from an infected website. For example, they
could be transmitted via a fake anti-virus program that pops up on the user’s
screen claiming their computer is infected and action needs to be taken. The user
will be invited to run fake anti-virus as part of a free trial. Once the user does
this, the damage is done.
Once installed on the user’s computer, the Trojan horse will give cyber criminals
access to personal information on your computers, such as IP addresses,
passwords and other personal data. Spyware (including key logging software) and
ransomware are often installed on a user’s computer via Trojan horse malware.

192

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 192 2/18/21 2:14 PM
 5.3 Cyber security

Because they rely on tricking end-users, firewalls and other security systems are
often useless since the user can overrule them and initiate the running of the
malware.
Spyware
Spyware is software that gathers information by monitoring a user’s activities
carried out on their computer. The gathered information is sent back to the
cybercriminal who originally sent the spyware. They are primarily designed to
monitor and capture web browsing and other activities and capture personal data
(for example, bank account numbers, passwords and credit/debit card details).
Spyware can be detected and removed by anti-spyware software. The big danger
of spyware is the method it used to enter a user’s system and exploit it; for
example, did it come from social engineering? If spyware is found on a computer,
it should set off alarm bells since a weakness in the security has been found
which could be exploited by other, often more dangerous, malware.

Find out more

Key logging software is often part of spyware.
1 How does this type of malware gather data from the user’s computer?
2 Some banks use drop-down menus to overcome key logging software. Explain how
using drop-down boxes to enter characters from, for example, a password can
help in security.

Adware
Adware is a type of malware. At its least dangerous it will attempt to flood
an end-user with unwanted advertising. For example, it could redirect a user’s
browser to a website that contains promotional advertising, it could appear in
the form of pop-ups, or it could appear in the browser’s toolbar and redirect
search requests.
Although not necessarily harmful, adware can:
» highlight weaknesses in a user’s security defences
» be hard to remove – it defeats most anti-malware software since it can be
difficult to determine whether or not it is harmful
» hijack a browser and create its own default search requests.

Ransomware
Essentially, ransomware are programs that encrypt data on a user’s computer
and ‘hold the data hostage’. The cybercriminal waits until the ransom money is
paid and, sometimes, the decryption key is then sent to the user. It has caused
considerable damage to some companies and individuals.
Imagine a situation where you log on to your computer, only to find the screen is
locked and you can’t unlock it until the demands of the cybercriminal have been
met. This malware restricts access to the computer and encrypts all the data
until a ransom is paid. It can be installed on a user’s computer by way of a Trojan
horse or through social engineering.
When ransomware is executed, it either encrypts files straightaway or it waits for
a while to determine how much of a ransom the victim can afford. The malware
can be prevented by the usual methods (for example, by avoiding phishing

193

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 193 2/18/21 2:14 PM
 5 The internet and its uses

emails) but once it is executed, it is almost impossible to reverse the damage
caused. The best way to avoid a catastrophe is to ensure regular back-ups of key
files are kept and thus avoid having to pay a ransom.
Summary of malware
Table 5.2 summarises the six types of malware described in Section 5.3.1.
▼ Table 5.2 Summary of types of malware

Viruses – programs (or program code) that can replicate/copy themselves with the intention
of deleting or corrupting files, or causing the computer to malfunction. They need an active
host program on the target computer or an operating system that has already been infected
before they can run
Worms – these are types of standalone viruses that can replicate themselves with the
intention of spreading to other computers; they often networks to search out computers with
weak security that are prone to such attacks
Trojan horses – these are malicious programs often disguised as legitimate software; they
replace all or part of the legitimate software with the intent of carrying out some harm to the
user’s computer system
Spyware – software that gathers information by monitoring, for example, all the activity on
a user’s computer; the gathered information is then sent back to the person who sent the
software (sometimes spyware monitors key presses and is then referred to as key logging
software)
Adware – software that floods a user’s computer with unwanted advertising; usually in the
form of pop-ups but can frequently appear in the browser address window redirecting the
browser to a fake website which contains the promotional adverts
Ransomware – programs that encrypt the data on a user’s computer; a decryption key is
sent back to the user once they pay a sum of money (a ransom); they are often sent via a
Trojan horse or by social engineering

Phishing
Phishing occurs when a cybercriminal sends out legitimate-looking emails to
users. The emails may contain links or attachments that, when initiated, take the
user to a fake website; or they may trick the user into responding with personal
data (for example, bank account details or credit/debit card details).
The email usually appears to be genuine coming from a known bank or service
provider (also refer to Section 5.3.2). The key point is that the recipient has to
initiate some act before the phishing scam can cause any harm. If suspicious
emails are deleted or not opened, then phishing attacks won’t cause any
problems.
There are numerous ways to help prevent phishing attacks:
» users need to be aware of new phishing scams; those people in industry or
commerce should undergo frequent security awareness training to become
aware of how to identify phishing (and pharming) scams
» it is important not to click on any emails links unless totally certain that it is
safe to do so; fake emails can often be identified by ‘Dear Customer ……’ or
‘Dear email [email protected] ………’ and so on
» it is important to run anti-phishing toolbars on browsers (this includes tablets
and mobile phones) since these will alert the user to malicious websites
contained in an email
» always look out for https or the green padlock symbol in the address bar

194

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 194 2/18/21 2:14 PM
 5.3 Cyber security

» regular checks of online accounts are also advisable as well as maintaining
passwords on a regular basis
» ensure an up-to-date browser is running on the computer device (which
contains all of the latest security upgrades) and run a good firewall in the
background at all times; a combination of a desktop firewall (usually software)
and a network firewall (usually hardware) considerably reduces the risk of
hacking, pharming and phishing on network computers
» be very wary of pop-ups and use the browser to block them; if pop-ups get
through your defences, don’t click on ‘cancel’ since this can ultimately lead to
phishing or pharming sites – the best option is to select the small in the top
right-hand corner of the pop-up window which closes it down.

Note: another term connected to phishing is spear phishing; this is where
the cybercriminal targets specific individuals or companies to gain access to
sensitive financial information or industrial espionage – regular phishing is not
specific regarding who the victims are.
Pharming
Pharming is malicious code installed on a user’s computer or on an infected
Link website. The code redirects the user’s browser to a fake website without the
user’s knowledge. Unlike phishing, the user doesn’t actually need to take any
See Section 5.1 action for it to be initiated. The creator of the malicious code can gain personal
for more on URLs,
data, such as bank details, from the user. Often the website appears to come
IP addresses and
DNS (Domain Name
from a trusted source and can lead to fraud and identity theft.
Server). Why does pharming pose a threat to data security?
As mentioned above, pharming redirects internet users to a fake or malicious
website set up by, for example, a hacker; redirection from a legitimate website to
the fake website can be done using DNS cache poisoning.

Every time a user types in a URL, their browser contacts the DNS server; the IP
address of the website will then be sent back to their browser. However, DNS
cache poisoning changes the real IP address values to those of the fake website;
consequently, the user’s computer will connect to the fake website.

When a user enters a web address (URL) into a browser, the computer is sent
the IP address of the website; if the IP address has been modified somehow the
user’s computer will be redirected to the fake website.
It is possible to mitigate against the risk of pharming:
» Use of anti-virus software can detect unauthorised alterations to a website
address and warn the user of the potential risks.
» However, if the DNS server itself has been infected (rather than the user’s
computer) it is much more difficult to mitigate the risk.
» Many modern browsers can alert users to pharming and phishing attacks.
» It is very important to check the spelling of websites to ensure the web
address used is correct.
» As with phishing, use of https or the green padlock symbol in the address
bar is an additional form of defence.

195

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 195 2/18/21 2:14 PM
 5 The internet and its uses

Activity 5.3
1 A company has offices in four different countries. Communication and data
sharing between the offices is done via computers connecting over the internet.
a Describe three data security issues the company might encounter during
their day-to-day communications and data sharing.
b For each issue described, explain why it could be a threat to the security of
the company.
c For each issue described, describe a way to mitigate the threat that has
been posed.
2 Explain the following three terms:
– worm
– ransomware
– Trojan horse.
3 John works for a car company. He maintains the database that contains all the
personal data of the people working for the car company. John was born on
28th February 1990 and has two pet cats called Felix and Max.
a John needs to use a password and a user name to log onto the database.
Why would the following passwords not be a very good choice:
i 280290
ii FiLix1234
iii John04
b Describe how John could improve his passwords and also how he should
maintain his passwords to maximise database security.
c When John enters a password on his computer he is presented with the
following question on his screen:

Would you like to save the password on this device?

Why is it important that John always says No to this question?

Find out more

Apart from malware, data can be accidentally lost. Find out ways that data could be
recovered and ways to minimise the risk for each of the following situations:
1 Accidental data loss, such as accidental deletion of a file
2 Hardware fault, such as a head crash on a hard disk drive
3 Software fault, due to installation of software incompatible with existing software
4 Incorrect operation of the computer, such as using incorrect procedure for the
removal of a memory stick from a computer.

Social engineering
Social engineering occurs when a cybercriminal creates a social situation that
can lead to a potential victim dropping their guard. It involves the manipulation
of people into breaking their normal security procedures and not following best
practice. There are five types of threat that commonly exist:

196

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 196 2/18/21 2:14 PM
 5.3 Cyber security

Instant Malicious links are embedded into instant messages; for example, an
messaging important software upgrade (relies on user’s curiosity)

Scareware (for
This is often done using a pop-up message that claims that the user’s
example, fake
computer is infected with a virus; the user is told they need to
anti-virus that
download the fake anti-virus immediately (relies on user’s fear)
looks real)

The user is tricked by the apparent genuineness of an email and opens
Emails/phishing
a link in the email; this redirects their browser to a fake website
scams
(relies on user’s trust of well-known companies)

The cybercriminal leaves a malware-infected memory stick somewhere
where it can be found; the finder picks up the memory stick and plugs
Baiting
it into their computer (just to see who it belongs to) and unwittingly
downloads malicious malware (relies on user curiosity)

For example, a so-called IT professional calls the user on their mobile
claiming their device has been compromised in some way; the user is
Phone calls advised to download some special software that allows the
cybercriminal to take over the user’s device giving them access to
personal information (relies on fear)

▲ Figure 5.11 Social engineering

It is clear from the five examples that social engineering links into many other
types of malware, and is an effective method of introducing malware. The whole
idea is based on the exploitation of certain human emotions; the three most
common ones to exploit are:
» fear – the user is panicked into believing their computer is in immediate
danger and isn’t given time to logically decide if the danger is genuine or not;
fear is a very powerful emotion that can easily be exploited by a cybercriminal
» curiosity – the user can be tricked into believing they have won a car or they
find an infected memory stick lying around; their curiosity gets the better
of them and they give their details willingly to win the car (for example,
credit card details to pay for delivery or road tax) or they are curious who the
memory stick belongs to; without thinking clearly, their curiosity gets the
better of them and the damage is done
» empathy and trust – a real belief that all genuine-sounding companies can be
trusted, therefore emails or phone calls coming from such companies must be
safe; a dangerous assumption that the cybercriminal can exploit fully.

There is no hacking involved, since the user is willingly allowing the
cybercriminal to have access to their computer, to download malicious software
or visit fake websites; the user is rushed into making rash decisions.

197

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 197 2/18/21 2:14 PM
 5 The internet and its uses

Figure 5.12 shows the course of action taken by a cybercriminal in targeting their
victim:
Stage 1 – The victims are identified; information about victim gathered
Stage 1 and method of attack decided

Stage 2 – At this stage the victim is being targeted (either through email,
phone call, Trojan horse and so on; it all depends on who the victim is)

Stage 2
Stage 3 – The attack on the victim is now executed allowing the
Stage 4
cybercriminal to obtain the information or to cause the
disruption decided on at Stage 1

Stage 4 – When the cybercriminal has decided they have what they
Stage 3 wanted they try to remove all traces of the malware to cover
their tracks

▲ Figure 5.12 Stages in a typical social engineering scam

5.3.2 Keeping data safe from security threats
Access levels
In many computer systems, user accounts control a user’s rights. This often
involves having different levels of access for different people. For example, in
a hospital it would not be appropriate for a cleaner to have access to medical
data about a patient. However, a consultant would need access to this vital data.
Therefore, most systems have a hierarchy of access levels depending on a person’s
level of security; this is usually achieved using a user name and password as
shown in Figure 5.13.

▲ Figure 5.13 Access level log in screen
Link
When using databases, levels of access are particularly important; it is essential
See Chapter 9 for to determine who has the right to read, write and delete data, for example. By
more details about having different views of data tables, it is possible for different users to only
databases.
have access to certain data.

198

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 198 2/18/21 2:14 PM
 5.3 Cyber security

Another area where access levels are very important is in social networks (such as
Facebook); with this type of application, there are usually four access levels:
1 public access (this refers to the data anyone from the general public can
access)
2 friends (only people identified as ‘friends’ by the owner of the data can see
certain data)
3 custom (this allows the user to further refine what data can be seen by
‘friends’ allowing them to exclude certain content from selected people)
4 data owner (this is data only the owner of the data can see).
In this type of application, users are allowed to use privacy settings rather
than passwords to decide the level of access (for more on this see later in this
section).
Anti-malware
The two most common types of anti-malware are anti-virus and anti-spyware.
Link
Anti-virus
For more on anti-virus
Anti-virus has already been described in great detail in Chapter 4.
software see
Section 4.1. Anti-spyware
Anti-spyware software detects and removes spyware programs installed illegally
on a user’s computer system. The software is based on one of the following
methods:
» rules – in this case, the software looks for typical features which are usually
associated with spyware thus identifying any potential security issues
» file structures – in this case, there are certain file structures associated with
potential spyware which allows them to be identified by the software.

Anti-spyware is now often part of a generic malware bundle that contains an
anti-virus, anti-spyware and a personal firewall.
The general features of anti-spyware are:
» detect and remove spyware already installed on a device
» prevent a user from downloading spyware
» encrypt files to make the data more secure in case it is ‘spied’ on
» encryption of keyboard strokes to help remove the risk posed by the
keylogging aspects of some spyware
» blocks access to a user’s webcam and microphone (the software stops the
spyware taking over the control of a user’s webcam and microphone which can
be used to collect information without the user’s knowledge)
» scans for signs that the user’s personal information has been stolen and warns
the user if this has happened.

Authentication
Authentication refers to the ability of a user to prove who they are. There are
three common factors used in authentication:
» something you know (for example, a password or PIN code)
» something you have (for example, a mobile phone or tablet)
» something which is unique to you (for example, biometrics).

199

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 199 2/18/21 2:14 PM
 5 The internet and its uses

There are a number of ways authentication can be done.
Passwords and user names
Passwords are used to restrict access to data or systems. They should be hard to
crack and changed frequently to retain any real level of security. Passwords can
also take the form of biometrics (for example, on a mobile phone – see later).
In addition to protecting access levels to computer systems, passwords are
frequently used when accessing the internet. For example:
» when accessing email accounts
» when carrying out online banking or shopping
» accessing social networking sites.

It is important that passwords are protected; some ways of doing this are
described below:
» run anti-spyware software to make sure that your passwords aren’t being
relayed back to whoever put the spyware on your computer
» change passwords on a regular basis in case they have come into the
possession of another user, illegally or accidentally
» passwords should not be easy to crack (for example, your favourite
colour, name of a pet or favourite music artist); passwords are grouped as
either strong (hard to crack or guess) or weak (relatively easy to crack or
guess)
» strong passwords should contain:
– at least one capital letter
– at least one numerical value
– at least one other keyboard character (such as @, *, &, etc.)
– an example of a strong password would be: Sy12@#TT90kj=0
– an example of a weak password would be: GREEN
When the password is typed in, it often shows on the screen as ******** so
nobody else can see what the user has typed in. If the user’s password doesn’t
match up with the user name then access will be denied. Many systems ask
for a new password to be typed in twice as a verification check (to check for
input errors). To help protect the system, users are only allowed to type in their
password a finite number of times – usually three times is the maximum number
of tries allowed before the system locks the user out. After that, the user will be
unable to log on until they have reset their password.
When using an online company, if a user forgets their password or they need to
reset it, they will be sent an email which contains a link to a web page where
they can reset their password. This is done as an added precaution in case an
unauthorised person has tried to change the user’s password.
As mentioned above, it is usually necessary to use a user name as well as
a password. This gives an additional security level since the user name and
password must match up to allow a user to gain access to, for example, a bank
website.

200

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 200 2/18/21 2:14 PM
 5.3 Cyber security

Activity 5.4
1 Which of the following are weak passwords and which are strong passwords?
Explain your decision in each case.
a 25-May-2000
b Pas5word
c ChapTer@06
d AbC*N55!
e 12345X
2 An airport uses a computer system to control security, flight bookings,
passenger lists, administration and customer services.
a Describe how it is possible to ensure the safety of the data on the system so
that senior staff can see all the data, while customers can only access flight
times (arrivals and departures) and duty-free offers.
b Describe how the airport can guard against malware attacks from outside
and also from customers using the airport services.

Biometrics
Biometrics can be used in much the same way as passwords as a way of
identifying a user. Biometrics relies on certain unique characteristics of human
beings; examples include:
» fingerprint scans
» retina scans
» face recognition
» voice recognition.
Link
For more on face
Biometrics is used in a number of applications as a security device. For example,
recognition scans see some of the latest mobile phones use fingerprint matching before they can be
Section 3.2.1. operated; some pharmaceutical companies use face recognition or retina scans to
allow entry to secure areas.
We will now consider fingerprint scanning and retina scans in a little more detail.
Fingerprint scans
Images of fingerprints are compared against previously scanned fingerprint
images stored in a database; if they match, then a user has been correctly
recognised. The system compares patterns of ‘ridges’ and ‘valleys’ that are
unique. The accuracy of the scan is about around 1 in 5000. Fingerprint scanning
techniques have the following benefits as a form of security:
» fingerprints are unique, therefore this technique can improve security since it
would be difficult to replicate a person’s fingerprints
» other security devices (such as magnetic cards to gain entry to a building) can
▲ Figure 5.14 Fingerprint be lost or even stolen which makes them less effective
scan » it would be impossible to ‘sign in’ for somebody else since the fingerprints
would match with only one person on the database
» fingerprints can’t be misplaced; a person always has them!

201

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 201 2/18/21 2:17 PM
 5 The internet and its uses

What are the drawbacks of fingerprint scanning?
» it is relatively expensive to install and set up
» if a person’s fingers are damaged through an injury, this can have an effect on
the scanning accuracy
» some people may regard any biometric device as an infringement of civil
liberties.

Retina scans
Retina scans use infrared light to scan the unique pattern of blood vessels in
the retina (at the back of the eye); it is a rather unpleasant technique requiring
a person to sit totally still for 10 to 15 seconds while the scan takes place; it
is very secure since nobody has yet found a way to duplicate the blood vessels
patterns. The accuracy is about 1 in 10 million.
Table 5.3 shows a comparison of the benefits and drawbacks of the four common
▲ Figure 5.15 Retina scan biometric techniques:
▼ Table 5.3 Comparison of biometric devices

Biometric technique Benefits Drawbacks
it is one of the most developed biometric
techniques for some people it is very intrusive, since it is still
related to criminal identification
fingerprint scans very easy to use
it can make mistakes if the skin is dirty or damaged
relatively small storage requirements for (e.g. cuts)
the biometric data created
it is very intrusive
very high accuracy
it can be relatively slow to verify retina scan with
retina scans there is no known way to replicate a stored scans
person’s retina
very expensive to install and set up

non-intrusive method it can be affected by changes in lighting, the person’s
face recognition hair, change in age, and if the person is wearing
relatively inexpensive technology glasses
a person’s voice can be easily recorded and used for
non-intrusive method unauthorised access
voice recognition verification takes less than 5 seconds low accuracy
relatively inexpensive technology an illness such as a cold can change a person’s voice,
making absolute identification difficult or impossible

202

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 202 2/18/21 2:28 PM
 5.3 Cyber security

Biometric applications

A door security system protected by retina scanner
In this example, a company uses retina scans to permit entry to their secure
research laboratories.

Microprocessor Data
base

Retina scanner ADC

Red and green
light used to
indicate whether
door locked
or open Security door DAC

▲ Figure 5.16 Security system controlled by retina scanners
A person stands facing the retina scanner. The scanned data is sent via an ADC
(analogue-digital converter) to a microprocessor. The microprocessor compares the
data received with retina scan data already stored in a database. If the two sets of
Link data match, a signal is sent to turn a light from red to green and also unlock the
For more on security door. The door is controlled by a DAC (digital-analogue converter) and an
actuators see actuator. If the retina scan data and database data don’t match, then entry is denied
Chapter 3. and the light remains red.

Find out more

One of the most common security systems used on mobile phones is the capacitance
fingerprint reader. Describe how this system works.

Activity 5.5
1 In the biometric application example, retina scans were used to control entry to
a secure research building.
a Describe how the system might change if face recognition was used instead
of retina scanners. The system is triggered automatically if a motion sensor
detects the presence of a person.
b Name other biometric devices which could be used to control entry to this
building.
2 Many cars now use voice control as a form of security before a car can
be started and it is also used to give some key commands, such as start
navigation system. Describe the benefits and drawbacks of such systems in
cars.

203

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 203 2/18/21 2:28 PM
 5 The internet and its uses

Two-step verification
Two-step verification requires two methods of authentication to verify who a
user is. It is used predominantly when a user makes an online purchase using a
credit/debit card as payment method.
For example, suppose Kate wishes to buy a new camera from a website. She logs
into the website using her computer. This requires her to enter a user name and a
password, which is step 1 of the authentication process.
To improve security, an eight-digit PIN (called a one-time pass code) is sent back
to her either in an email or as a text message to her mobile phone (the mobile
phone has already been registered by Kate on the website as the second stage
of the authentication process). Kate now enters this eight-digit PIN into her
computer and she is now authorised to buy the camera. In summary:......................................... KAMEREZZ.........................................
Enter user name
Here is your Please enter one-time
Smith1234 8-digit one-time pass code
pass code
Enter your password

************
**** ****
5123 4400

▲ Figure 5.17 Two-step verification using a mobile phone

Using the definitions of authentication at the start of this section, the mobile
phone is something she has and the password/PIN code is something she knows.
Automatic software updates
Automatic software updates mean software on computers and mobile phones/
tablets is kept up-to-date. Sometimes this is done overnight or when you log off
the device.
These updates are vital since they may contain patches that update the software
security (to protect against malware) or improve the software performance (for
example, removal of bugs and addition of new features). The only downside to
this is the potential for updates to disrupt your device following installation.
If this happens, the user either has to wait for another patch to put this right,
or use the techniques described in Chapter 4 that reverse the clock time to an
earlier date before the updates were made.

204

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 204 25/02/21 11:55 AM
 5.3 Cyber security

User ensures
device is charged

Software update
Installation
scheduled for
takes place
auto update at 3 am

Need to
re-boot
No device?

Yes

Message:
“WARNING!! re-boot
will occur in 10 mins”

Is a manual
No System waits
re-boot
10 minutes
needed?

Yes

User re-boots Automatic re-boot
device takes place

Update is completed

▲ Figure 5.18 Automatic software update flow chart

Checking the spelling and tone of communication and URL links
When emails are sent to you, there are three actions you always need to take
before opening them or activating any links in them.
» Check out the spellings in the email and in the links; professional, genuine
organisations will not send out emails which contain spelling or major
grammatical errors (for example, Amazzon.com)
» Carefully check the tone used in the email message; if it is rushing you into
doing something or if the language used seems inappropriate or incorrect,
then it could be a phishing email or worse.

205

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 205 2/18/21 2:28 PM
 5 The internet and its uses

There are five things to look out for:
1 The email address itself; no legitimate company will use an email address such
as: @gmail.com
Carefully check the part of the address after the ‘@’ symbol which should
match the company’s name; for example:
[email protected]
2 The tone of the email and bad spelling of words is a clear indication of a
potential scam. Look at this message that claimed it came from PayPal. See if
you can find the ten errors in the email that should set off alarm bells.

From: PayPal
To: PayPal user 551-121-998
Sent: Feb 1st 2021 @ 10:55
Subject: Compremised Account [CaseID Nr: KX-003-551-121-998]

Dear Customer
We need you help to resolve issue with account. We have temporarily
stop account due to problem’s.
Unusual account activity on PayPal account means action need be
taken immediately. If your not sure this was you, an unauthorized user
might be trying to access your accounts. Please to log in here to
change your password:

LOG IN HERE

▲ Figure 5.19 Sample scam email

Did you find all the errors? An email like this looks official but there are many
clues that it didn’t come from a legitimate company; such as, many spelling
mistakes, grammatical errors and the domain name in the email address. An
email like this should be regarded as phishing; by clicking on the ‘LOG IN
HERE’ box, you will divulge passwords and other key information since you will
be sent to a fake ‘PayPal’ website.
3 Misspelling of domain names in a link are very common errors found in emails
sent by scammers and fraudsters. The authors of this book have seen these
incorrect spellings:
www.gougle.com
www.amozon.com
This is known as typo squatting where names close to the genuine names are
used to fool you.

206

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 206 2/18/21 2:28 PM
 5.3 Cyber security

4 Suspicious links; destination addresses should match the rest of the email.
Look at this message that claims to be from Netflix:

NETFLIX When you hover over this link
you can see that the destination
Failed subscription renewal notice. is a website with the address:
Your bank has rejected our last http://billing.com/id1234121XA3
attempt to collect your monthly
subscription. Please click on the there is no mention anywhere of
link below to review your billing the company in this URL– very
details.Thank you. high chance it is a scam to try
and collect your personal details
CONTINUE>>

▲ Figure 5.20 Second example of probable scam

5 Other errors to look out for are just plain spelling mistakes. Look at this
address from TKMaxx; find the three errors:
http://www.tkmax.co.ie
» since the company involve online payments, it’s very likely to use secure
links therefore you would expect to see https
» the spelling of the company is incorrect
» it is more likely to see.com since they are a large company.
Firewalls
A firewall can be either software or hardware. It sits between the user’s
computer and an external network (for example, the internet) and filters
information in and out of the computer. This allows the user to decide whether or
not to allow communication with an external source and it also warns a user that
an external source is trying to access their computer. Firewalls are the primary
defence to any computer system to help protect it from hacking, malware (viruses
and spyware), phishing and pharming.
Firewall
User’s
(software or Internet
computer
hardware)

▲ Figure 5.21 Typical firewall set up

The main tasks carried out by a firewall include:
» to examine the ‘traffic’ between user’s computer (or internal network) and a
public network (for example, the internet)
» checks whether incoming or outgoing data meets a given set of criteria
» if the data fails the criteria, the firewall will block the ‘traffic’ and give the
user (or network manager) a warning that there may be a security issue
» the firewall can be used to log all incoming and outgoing ‘traffic’ to allow
later interrogation by the user (or network manager)
» criteria can be set so that the firewall prevents access to certain undesirable
sites; the firewall can keep a list of all undesirable IP addresses
» it is possible for firewalls to help prevent viruses or hackers entering the
user’s computer (or internal network)
207

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 207 25/02/21 11:59 AM
 5 The internet and its uses

» the user is warned if some software on their system is trying to access an
external data source (for example, automatic software upgrade); the user is
given the option of allowing it to go ahead or request that such access is
denied.

The firewall can be a hardware interface which is located somewhere between the
computer and the internet connection. Alternatively, the firewall can be software
installed on a computer; in some cases, it is part of the operating system.
However, there are certain circumstances where the firewall can’t prevent
potential harmful ‘traffic’:
» it cannot prevent individuals, on internal networks, using their own hardware
devices (e.g. modems, smartphones) to bypass the firewall
» employee misconduct or carelessness cannot be controlled by firewalls (for
example, control of passwords or user accounts)
» users on stand-alone computers can choose to disable the firewall, leaving
their computer open to harmful ‘traffic’ from the internet.

All of these issues require management control or personal control (on a single
computer) to ensure that the firewall is allowed to do its job effectively.
Proxy servers
Proxy servers act as an intermediate between the user and a web server:
Web browser Web browser
sends request request forwarded
User’s
Proxy server Web server
computer
Web server Web server sends
response is filtered back response to
proxy server

▲ Figure 5.22 Proxy server

Features of proxy servers:
» allows internet traffic to be filtered; it is possible to block access to a website
if necessary
» keeps users’ IP addresses secret which improves security
» if the internet traffic is valid, access to the web server is allowed
» if the internet traffic is invalid, access to the web server is denied
» it is possible to block requests from certain IP addresses
» prevents direct access to a web server by sitting between the user and the
web server
» if an attack is launched, it hits the proxy server instead – this helps to
prevent hacking, DoS, and so on
» used to direct invalid traffic away from web servers which gives additional
protection
» by using the feature known as a cache, it is possible to speed up access to
information/data from a website; when the website is first visited, the home
page is stored on the proxy server; when the user next visits the website, it
now comes from the proxy server cache instead, giving much faster access
» proxy servers can also act as firewalls.

208

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 208 25/02/21 12:06 PM
 5.3 Cyber security

Privacy settings
Privacy settings are the controls available on web browsers, social networks
and other websites that are designed to limit who can access and see a user’s
personal profile. They were discussed earlier in the section on access rights.
Privacy settings can refer to:
» a ‘do not track’ setting; the intention here is to stop websites collecting and
using browsing data which leads to improved security
» a check to see if payment methods have been saved on websites; this is a
useful safety feature which prevents the need to type in payment details
again (every time you have type in financial details, there will be a risk of
data interception)
» safer browsing; an alert is given when the browser encounters a potentially
dangerous website (the undesirable website will be in a ‘blacklist’ stored on
the user’s computer)
» web browser privacy options (e.g. storing browsing history, storing cookies)
» website advertising opt-outs; a website may be tracked by any number of third
parties who gather information about your browsing behaviour for advertising
purposes
» apps; for instance, the sharing of location data in map apps can be switched off.

Secure sockets layer (SSL)
Secure Sockets Layer (SSL) is a type of protocol – a set of rules used by
computers to communicate with each other across a network. This allows data to
be sent and received securely over the internet.
When a user logs onto a website, SSL encrypts the data – only the user’s
computer and the web server are able to make sense of what is being
transmitted. A user will know if SSL is being applied when they see https or the
small padlock in the status bar at the top of the screen.
The address window in the browser when https protocol is being applied, rather
than just http protocol, is quite different:
using https: secure https://www.xxxx.org/documents
using http: http://www.yyyy.co.uk/documents

Figure 5.23 shows what happens when a user wants to access a secure website
and receive and send data to it:
The user’s browser sends The browser then The web server responds
a message so that it can requests that the web by sending a copy of its
connect with the required server identifies itself SSL certificate to the
website which is secured user’s browser
by SSL

Once this message is If the browser can
received, the web server authenticate this
acknowledges the web certificate, it sends a
browser, and the message back to the web
SSL-encrypted two-way server to allow
data transfer begins communication to begin

▲ Figure 5.23 Secure sockets layer (SSL)

209

318281_C05_CAM_IGCSE CO_SCI_180_216.indd 209 2/18/21 2:29 PM
 5 The internet and its uses

The term SSL certificate was mentioned in Figure 5.23. An SSL certificate is a
form of digital certificate which is used to authenticate a website. This means
any communication or data exchange between browser and website is secure
provided this certificate can be authenticated.
Examples of where SSL would be used:
» online banking and all online financial transactions
» online shopping/commerce
» when sending software out to a restricted list of users
» sending and receiving emails
» using cloud storage facilities
» intranets and extranets (as well as the internet)
» Voice over Internet Protocols (VoIP) when carrying out video chatting and/or
audio chatting over the internet
» used in instant messaging
» when making use of a social networking site.

Activity 5.6
1 Which computer terms (used in this chapter) are h made up of three types of identification:
being described below? – something you know
a a user is granted access only after successfully – something you have
presenting two pieces of evidence to verify or – something you are
identify who they are i manipulation of people into breaking normal
b uses a cache to speed up access to web pages security procedures and best practices to gain
from a website illegal access to a user’s computer system
c controls that are used on social networks and j malicious code stored on a user’s hard drive or
other websites to allow users to limit who can web server used to redirect a browser to a fake
access data from their stored profile website without their knowledge
d protocol that is used to allow data to be sent 2 Describe how SSL and TLS certificates are used
securely over a network, such as the internet to ensure that secure sharing of data between a
browser and website takes place.
e software or hardware that sits between a
computer and an external network which 3 a Describe three things you should look out for
monitors and filters out all incoming and when deciding whether or not an email is a
outgoing traffic potential phishing scam.
f supplies domain names for internet hosts and b Identify at least three potentials problems
is used to find IP addresses of domain names with this email from a company called Watson,
Williams and Co:
g use of unique human characteristics to identify
a user as a form of authentication

From: WW and Co
To: customer 012305555
Sent: February 15th 2021 @ 13:45
Subject: Payment of January 2021 account
Dear WW & Co customer
We not able to take payments for account 012305555 on Janua