Lesson video
In progress...Loading...
Hello, and welcome to lesson five of security.
I'm Ben, your computing teacher for this lesson and this lesson, we're going to continue looking at defence mechanisms against cyber attacks, but this lesson is really going to focus on network defence.
So, all you'll need for this lesson is a computer and a web browser, and it includes any distractions that you might have such as turn off your mobile phone.
And if you've got a nice quiet place to work, that would be brilliant.
Okay? So, once you're ready, let's get started.
Okay.
So, in this lesson, we're going to look at the importance and the need for network security.
And then we're going to look at how we can achieve network security.
So, let's start off straight away by doing that, by looking and focusing on firewalls.
Okay.
So, what exactly is a firewall? Well, a firewall sits between a local network or computer and another network.
So, for example, between your network or your home computer, and maybe the internet, and controlling the incoming and outgoing network traffic.
Now, firewall rules determines which traffic is allowed through and which isn't.
So, basically, a firewall blocks unexpected connections coming into the network.
Now luckily, most operating systems include a firewall.
Okay? So, I mentioned the fact that it blocks things coming into the network and going out to the network, but let's think about internet traffic.
Okay? So, I'd like to pause the video for a moment and just think what type of internet traffic do you think would be blocked by a firewall? Okay? So, pause the video, see if you can come up with a list of as many things as you can and then unpause once you've got that list.
Okay.
So, what list did you come up with? So, you can see on the screen here, I've put a list of things that I've come up with.
So, I came up with violent content, distracting content, such as video streaming games and music streaming.
Now, instantly that might've triggered a thought process in your head and thinking, "Well, those kinds of things aren't blocked "on my personal devices." But where might they be blocked? They might be blocked in the workplace or maybe even your school.
So, why do you think they're block there? Because obviously, we think distracting content such as video streaming or games because the workplaces for work or schools to do schoolwork.
So, they might block you to that content from stopping you from being able to do that whilst you're meant to be doing your schoolwork.
But it shows us that we can customise these things, we can tell the firewall exactly what kind of traffic we should be blocking or allowing.
Okay? Obviously, there's content that might be inappropriate for different age levels of children.
And also unknown companies might be prevented from accessing internal databases.
But trusted servers from outside and internal network might be on some allowed lists.
So, it's a firewall hardware or software.
Well, the answer here is firewall can be either software or hardware.
It can be both.
Okay? Some companies use physical hardware firewalls that can analyse incoming traffic and you can see an image there of a physical firewall box because it's a box with a processor and ports that allow network connections.
So, this specifically is looking at incoming traffic.
So, software firewall.
So, companies can use both hardware and software firewalls.
Okay? Now, we talked about the fact your operating system normally comes with a firewall.
So, what's that? Is that hardware or software? Well, hopefully you're shouting at the screen.
It is software because your operating system is software and that be built in as part of a functionality inside the operating system.
So, that's the type of file is software.
Now, software firewalls give an extra layer of security because they can also monitor outgoing traffic as well as the incoming traffic.
So, not only does this prevent a computer from becoming a bot or a zombie as we spoke about in a previous lesson, but it can also prevent computers from broadcasting, any other malware within the organisation such as worms or viruses.
Okay.
So, another service offered by a firewall is packet filtering.
Now, packets are small chunks of data that are sent across the network.
So, if you don't know about packets and you want to learn more about them, we have a network unit that you can study using Oak Academy, for the time being, all you need to know is the fact that this is.
When data is transferred across the network, it's broken up into small packets of data, which are then send to it's destination.
Okay? I want to say the network, it can be an internal network, but it can also be, this is the way the internet works as well.
So, when the packets arrive at a network, then what the firewall can do is analyse each one of these packets.
So, you can see on the diagram there, the packet will arrive at the firewall.
The firewall will then check the packets to see whether or not they're safe.
And if they are safe, then they'll pass them on to its destination.
But if they feel that there's something malicious about them, then it will block them from arriving into the network.
Okay.
So, I've got a question for you.
So, bearing in mind what we know already and what we just learned about firewalls.
Do firewall stop viruses? Okay.
So, you've got 50/50 chunks, but don't make a guesswork, try and think about it a little bit more deeply than just randomly picking one.
So, what do you think is that yes or no? So see, if you can give an answer in three seconds.
So, three, two, one, it is.
Okay, the answer is no, they do not stop viruses.
Because we think about how viruses work and what we've learned about so far, they need to be initiated by the user.
So, what's a common way in which viruses can enter into a system? Well, there might be a USB memory stick, for example, it might be an email attachment on an email from, for example, the email doesn't even need to be an internal email system.
It might be something that's hosted by Gmail, for example.
So, once that attachment has been activated or the memory of the infected memory stick, for example, the code on that is ruined.
Then all of a sudden we have this infection.
So, the firewalls aren't able to stop that because they're not able to look at those packets of data coming into the network, okay? So, that brings us nicely onto the next section, which is looking at anti-malware.
Now, anti-malware is software that scans any file that is able to execute code.
Now, I'm not sure whether or not you've heard of the term anti-malware before, but you might've heard of the term antivirus.
Now, are they different? Is anti-malware different to antivirus? Well, the answer is, yes it is in theory, because antivirus will search for any malicious content that they know is a virus.
Whereas anti-malware is looking for other types of malware of which virus is a type of malware, but there are other types of malware, as we know other than viruses.
So, anti-malware will set for more things than antivirus basically.
Now, the chances are, if you were to search on the internet for some antivirus software, the chances are it's also, anti-malware, it's just a companies have kept the name antivirus because that's a commonly used term, whereas they will also search more likely than not also search for other types of malware other than viruses.
Okay.
So, anti-malware, I'll have a list of definitions of sequences of code that they are aware are malicious.
So, the code in your files matches those definitions.
The files are quarantined.
So, basically, once you've run a scan on your system, then it will search for things that are known by that software, the anti-malware software.
So, they will keep up to date with the latest known types of malware out there, and it will search your computer for those types of malware.
And when it finds those, it stops them and quarantines them.
So, we've got a key word there, which is quarantined.
So, what is meant by quarantine? Quarantined, sorry, and why is it important that this happens? Okay? So, see if you can pause the video just for a moment and see if you can think about what that means.
Okay.
So, you may have heard the term quarantined before in a non-computing kind of context.
So, quarantine means keeping separate for a certain amount of time.
So, often we might quarantine.
Some people can be quarantined if they think they might have a virus or something, like a real life human virus.
And then there's kept there until they know that they haven't got that their symptoms anymore.
So, that's kind of what happens here.
When a virus is found, it's quarantined, and that's to stop it from doing damage to the rest of the system.
To stop that virus from spreading even further.
So, any file that's known to have that virus will be kept separate from the rest of the system.
So, then it allows the user to decide what they're going to do with it.
Now, there might have the option to try and fix the virus, remove the virus from those files, which is a harder kind of job, or whether or not to just do remove the files completely.
Now, you think the easy thing to do is to remove the files and it absolutely is, but what happens if those files are really crucial to you and you haven't backed them up? You might want to do a little bit more work to try and recover those files from a form that doesn't have a virus included with them.
So, that just maybe highlights the importance of backing up our data, making sure that we do have those backups.
So, we have a do full file to want a certain type of malware.
Then it's easier to recover the files.
Okay.
Now, obviously, in a large organisation or any organisation, a network manager should make sure that all the computers under their control are secure and that the antivirus or anti-malware software is up to date.
So, that brings us on nicely to the next section, which is network policies.
Okay? Now, there are two types of policies that we need to differentiate between.
Now, they normally have the same name, but I'm differentiating them in terms of network policy, and network policies.
Now, for us, We will consider network policy to be written documents, so written rules that we will be able to read and follow as human beings.
For example, acceptable use policies, archiving policies, backup policies, and disaster recovery policies.
But there's also something called network policies which are particular network settings that a network setting administrator can activate on a network.
For example, things on a firewall that only allow certain users to be able to access certain content on the internet.
That would be a network policy, for example.
Okay.
So, let's focus first of all, on the network policy, which is the written rules.
So, starts off by looking at an archiving policy.
Now, an archiving policy determines how long data can be kept for.
So, this can help us preserve file space.
So, rather than keeping files on a network forever or files that had never been looked up for, you might have a policy that for any file that hasn't been open for five years might get backed up or maybe archive somewhere.
Okay? Now ,this also helps us take into account guidelines, such as the general data protection regulation, that specifies how we can treat personal data.
So, we mustn't keep people's personal data for longer than necessary.
So, having that in our archive policy helps us maintain that we're not breaking that law Now, an acceptable use policy is exactly what it sounds like.
It's a set of rules that the users must agree that determines what is okay and what is not okay, what's appropriate and what's not acceptable use of the network as well as outlining consequences for not following the policy.
So for example, relating this to maybe a school context, your school will have an acceptable use policy that you in theory are meant to follow.
So, in that policy, it might specify the formative password.
So, make sure that you are using a password that is secure.
Make sure it would outline that you're not allowed to use the school network for any kind of gambling, any use of social media.
It might have set outlines, certain restrictions on what files you can download or whether or not you're allowed to download any software.
There's also has a rule, it might have a rule preventing individuals from bypassing existing filtering systems. So, just using a VPN, it might specify that you're not allowed to do that.
Now, like I said, as well as also my outline, the consequences for not following the policy.
So, it might be that if an organisation, so not a school, it might be that you get some kind of written warning or excuse me, or dismissal for not following these rules, let's say it'd be slightly different to a school, that might outline what kind of punishment you would get in school for not following the rules.
Okay.
So, let's look at backup and disaster recovery policies.
So, the question I've got for you is, have you ever lost a file and not had a backup to go to? I think in our heads, we always feel like any kind of insurance policy.
We always feel like it's not going to happen to us.
We're not going to lose our files.
So, you kind of care less about backing up your files, but once you've ever lost your system, or lost all files in your system, that's the point where you think I must always make sure in future I always back up my work.
So, if you've never ever been in a situation where you've lost all your files or your computers both, then you've lost that then you needed such as coursework or something you needed for an exam or school, then you probably didn't worry too much about it.
But if you ever have been in that situation, you are worried.
So, let me tell you now, if you've never been worried about that, you should always consider backing up your work.
So, please do that.
Okay? Now, can you imagine if you were responsible for a whole complete backups? Okay? What type of disaster do you think could affect the functioning of a network, and how are the two policies linked? How do you think a backup policy and a disaster recovery policy are linked? So, put yourself in the shoes of a network manager maybe for your school, and think what disasters could happen in a school that might affect the data on the network? Okay? Supposedly they will have to think about that.
Think about those kind of disasters that you might want to prepare for or plan for and then think how the two policies linked between a backup and a disaster recovery policy.
So, unpause the video when you have some answers for that.
Okay.
So, how did you get some without the view manager to find some answers to those two things? So, rather than directly answers questions, let's just have a look at a backup policy, and then we'll look at the disaster recovery policy.
So, a backup policy would outline the frequency of backups and who is responsible for taking those backups, or maybe who's responsible for putting them back into place should they need those backups restoring.
It might also outline the types of backups that you're going to use, whether or not it's going to be cloud-based, whether or not you're backing up off-sites.
So, whether or not you're using some internet services, some service somewhere outside of your network to add to backup your data, whether or not you're using backup discs that are going to be stored onsite.
So, you see the location and the type is really important.
Think about where would you put those back ups, would you have all your backup in the same room as your service, or would that be a really bad idea? For example, if something bad happened in the server room, that'll also therefore affect your backup discs.
So, maybe the backup discs should be stored somewhere completely separate.
Should that be maybe somebody's house, should it be maybe offsite? And we shouldn't just be the other end of the building, for example.
You might also have some service level agreements with your network team who would have some kind of policy in place to how quickly they're expected to restore the backups.
And also, this is really important as well, protocols for naming and dating backups.
So, having a naming convention for the backups is really important to know when we see a backup, what data does it refer to for example, and what type of files are being stored? So, if anybody else was to look at this, there's a very clear thing in the policy showing what that name and convention is.
Now, a disaster recovery policy.
So, a disaster recovery policy allows an organisation to resume business as quickly as possible either during or after a disaster.
So, those kinds of those disasters might include that natural disasters such as an earthquake or a lightning strike, for example, it might be a cyber attack, fire, or flood, terrorism or war or lots of electricity or electrical surge.
So, how many of those do you think you realistically, you're in danger of in your area or your school? Now, you might hope that you're not particularly in danger of a war, but there might be one in the future, hopefully not, but there might be.
You might think you're not necessarily in danger of a natural disaster, but a fire and flood, they might be realistic things that your school might be in danger of.
So, there was a very much things that would be factored in the policy.
So, how are they linked? Well, the links there of course is the fact that the disaster recovery policy plays into the back up policy.
In your disaster recovery, you say, then if a disaster happen, then we would follow procedures in our backup policy.
But of course, a backup policy doesn't necessarily consider disasters, it just considers how to tackle the back ups, how to restore them.
So, what do you think would happen if a company had not written these policies? It didn't have the network policies in place? Well, the simple fact is that people aren't following these policies, we risk things like backups not being taken or not knowing how to recover the backups.
We might risk the fact that people are going to misuse the system and there'd be no consequences for them.
So, that in turn would result in maybe a loss of revenue for the business.
Not being able to restore the system is obviously going to be very dangerous to any kind of organisation.
It might lead to dissatisfied customers if you've lost their records.
Maybe damage your reputation.
Maybe you might even break the law if you're keeping data for longer than you need to or not using it appropriately.
Now, one of the useful network consideration that we haven't covered yet is MAC address filtering.
And this is something that the network manager can put in place is to look at the filtering of MAC addresses.
So, MAC address is a unique code for any individual device.
Every device connected to the network will have a MAC address, and that is unique solely to that device.
So, a network manager can help make the network more secure by using this address to limit the devices on the network.
So, he might use a white listing and black listing servers.
So, any device that has caused problems on the network before can be blacklisted, therefore banned from network, therefore because of the MAC address, that device would never be able to connect to the network because network policy could be put in place to stop that MAC address or a setting can be put in the network to stop that device from ever connecting to the network.
Okay.
So, I think it's time that we have a go at our first exam style question.
Now, of course, all examples are different and present questions in a different way, but this kind of question helps you start thinking about the kind of question that you might face related to security.
Okay? So, let me read out the questions I'd like to answer.
So, it says a dentist practise stores thousands of patients details on its computer network.
The surgery has a responsibility to its patients to keep sensitive dental data secure.
So, number one, question number one, staff are expected to use strong passwords and not share them with anyone, with reference to system security, describe three other ways that the surgery could protect the network.
And that's for six marks.
And question two, identify three things that the dental practise staff could do wrong that could endanger the security of the network and outline the procedure that could be put in place to prevent each error.
And that's also worth six marks.
Now, I would always recommend a couple of tips when looking at exam style questions.
First of all, is there any context in the question? And if there is context in the question, always relate to that context.
For example, here, it says a dentist practise.
So, if there's a dentist practise, then make sure that any answer is in relation to that dentist practise.
Okay? So, you've got a context there.
Now, the other thing that I would really strongly recommend you look at is number of marks is out of, and any of the information in the question.
For example it says, the question one says, describe three other ways that the surgery could protect the network, but that's for six marks.
So, three points for six marks means for each one of your three points, you also need to add some clarification, some expansion there that's going to get you the extra mark.
So, give depth to your answer.
So, you've gotten a mark for a kind of right kind of answer, but the second mark for each individual point that you're making will be come from that description that you give.
Okay? And the second question says, identify three things that a dental practise could do wrong that could endanger security network and outline the procedure that could be put in place.
So, that second question, we should be looking for the three things that the stuff could do wrong, but then also the procedure that could be put in place for each one of the three things.
Okay? So, what I'd like to do is I'd like to pause the video now, and I'd like to head over to your worksheets where you've got those two questions outlined, and I'd like to spend a little bit of time having a go at answering those questions.
Okay? Don't be afraid to look back over this lesson and any notes that you've made throughout this unit, they'll help you site question.
Okay? But once you've answered both questions, unpause the video and we'll continue.
Okay.
So, hopefully, unpausing because you've had a go at those and you've got some answers.
Now, it might be worth if you have the opportunity to share this with maybe a teacher who might be able to look over your answers and give you some kind of feedback.
But what I'm going to do is go through some of the potential answers that you might have given.
Okay? So, question one.
So, I've got some bullet points here and I'll go through them, but obviously, then the question was for three points, so I've got more than that.
So, I've got five points, but you were unexpected to get three.
And also, you were expected to expand on the answer.
So, given the answers in the form that I've got here, wouldn't have been enough to get the full six marks.
Okay? So, one point you could've make is to, made, sorry, is to introduce network policies, such as rules that define acceptable use on the network.
You could have said introduce user access levels to restrict what users can do on the system.
You could have said to implement a firewall, which prevents unauthorised access to systems. You could have used encryption so that any intercepted data is not useful to hackers who can not interpret the data without the correct key.
And you could have said use anti-malware to remove viruses and or malware and prevent infection to the system.
Okay? So, those are the example answers that you could have given.
So, let's move on to question two.
Now, split into two.
So, you could have had example errors and procedures to prevent the errors.
So, one example, error could have been sharing or sending any sensitive data with third parties.
So, the way which you might have prevented that error might have been restricting email and internet usage, monitoring printing, that kind of stuff, disabling USB ports.
So they can't save it to that device and take it away from the system.
Bringing files in via any medium.
So, for example, prevent external devices being used on the network.
Again, that might be again blocking USB ports on the network.
Downloading infecting files from the internet.
So, one way in which you could prevent that will be to block and restrict access to insecure websites, again, using the firewall.
And then allowing unrestricted access to the dentist premises.
Okay? That might be an area that someone might make.
So, you might lock the doors, key cards, fobs, any other physical restrictions to permit only trusted staff from entering the building.
Okay.
So, those are example answers that you could have had.
So, that's all for this lesson.
and I hope that you've enjoyed it, And I hope you enjoyed giving your first exam style question a good go.
Now, don't worry if you didn't feel that you gave enough answers there or your answers were different to mine, this is your first attempt at it.
So, hopefully, you'll get better with more practise.
Okay? So, I hope you've enjoyed the content of this lesson as well.
I hope it made you really think about backups and what kind of things can happen on a network.
So, I'll be really interested to hear your thoughts, or see some of the work that you've done in this lesson.
So, if you would like to share your work with us, then please do and ask your parent or carer to share your work on Instagram, Facebook, or Twitter, tagging at @OakNational and using the hashtag #LearnwithOak.
So, I'm looking forward to seeing you next lesson.
