Security Fundamentals

Configure & Test Security Features in Digital Devices

Summary

A lot of ground has been covered in this unit.

  • We began by looking at the enormous growth in data and how its availability is feeding a growth in cyber-crime.
  • The different motivations of hackers attempting to access this data was examined.
  • Some of the common vulnerabilities in digital devices and networks that hackers exploit to gain access were highlighted, together with some of the methods used by hackers to gain entry.
  • We also looked at privacy and why it's important to look after your own data.
  • Some of the methods used to reduce the chances of successful attack were discussed, together with some of the steps you can take to limit the opportunities for a successful attack even further.
  • It can be difficult to know if you've been hacked, so we looked at some ways you can tell, together with discovering what to do, if you have been hacked.
  • We also looked at the laws that grant a degree of legal protection against cyber-criminals.
  • Finally, we looked at some of the security features of mobile digital devices and the ways they are at greater risk of being hacked.

Throughout all the various exercises we've been working on developing a common vocabulory and understanding that will help us move forward in the other units.

Security Testing
Tasks

Homework

An earlier exercise revealed how easy it was to hack into a wireless access point to recover a password and then use it, to break into a network.

This exercise is all about making life a little harder for would be hackers.

  1. Watch the video to make your modem/router at home less visible to others attempting to join the network. your wireless access point management page may look different but will contain similar functions. Look through them to disable WPS function.
  2. Disconnect from the network and test your work. Use the same hacking technique and instructions to see if you can see your router. - See 6.Exploiting Vulnerabilities Task 1.
  3. Take some screen shots (use Windows Snipping Tool or something similar) - and include them in your notebook for evidence

Now is the time to start building our hacking tool set. Download and install a free well known password cracking tool Cain and Abel. Make sure you have permission to do this.

  1. For Cain and Able to work in Windows 10, download and install WinPcap. A small utility packet sniffing program that detects traffic in networks.
  2. Download and install the latest version of Cain and Abel You may find your browser amd firewall warn you it contains a virus. It doesn't, it's what's called a 'false positive'. While installing you may get a message that the bundled WinPcap is out of date. Just ignore it: the latest version installed earlier will work fine.

Now you are tooled up, it's time for a brief introduction to passwords and how to use it.

  1. Watch and work along with video to see if you can recover the passwords of users who have user accounts
  2. Take some screen shots (use Windows Snipping Tool or something similar) - and include them in your notebook for evidence

More cracking Gromit.

Breaking passwords can be considered more of an art than a science. Choosing the right method can save a lot of time. So this exercise is to illustrate the difference between a 'brute force' and 'dictionary' attacks. As before we are going to be using Caine & Abel

  1. Watch and work along with the video. Try and use the same passwords used in the video. See how the hash generator converts the password into a jumble of letters and numbers.
  2. Make sure you try both methods of attack and take screen shots to include in your notebook as evidence of your work.

Note:

The video has no sound. And the instructions are typed out in notepad, but a lot of videos about cracking are made by people whose first language isn't English.

You should be able to:-
  • Increase the security of your home modem/router.
  • Use a brute force attack to recover lost passwords.
  • Explain the difference between brute force and dictionary attacks.
  • Use a brute force and dictionary attack to test the strength of your own password.
  • Change the settings of digital devices to reduce the risk of successful attacks.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

The End

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee