hi and welcome to komski corner today we're going to be talking about Network security looking at some of the threats there may be to a Computer or computer network this video is specifically for the new ocr gcse computer science course however it's applicable for most exam boards.
let's start off with Malware malware is malicious code that is designed to harm a computer and there are many different forms of malware the first and the one you've probably heard of before is a virus.
A virus is a programmed software that replicates itself causing damage to a computer ag editing copying or deleting a file or files the next type of malware is ransomware where access to your computer is held until ransom is paid then we have spyware this is a piece of software that records every key the user presses and then sends this data to a third party where they analyze and manipulate the data next there are worms which are similar to viruses in that they self-replicate and cause damage to a computer however worms are not hidden within other files instead they are often spread through emails.
the last piece of malware we are going to discuss is trojan horses these trick the user as they appear to be legitimate programs when in fact they are malware social engineering is another threat to a computer network this is where users are tricked into revealing their personal information which allows the attacker to gain access to their accounts or confidential information this takes advantage of people being the weakest point in security systems
there are two main types of social engineering
the first is called phishing here an email is sent to the victim with the link that when clicked redirects the user to a website that collects their personal information and gives it to the attacker he uses this information to gain access to the user's personal data and accounts the second type of social engineering is farming which follows a similar process to phishing however there is no email involved in farming a piece of code installed redirects the user to a fake website which collects personal data. Lets consider an example of a social engineering attack where a fake email has been constructed with a link meant to take the user to a website for them to input their personal details often the fake emails or text messages will be around a believable scenario such as a banking confirmation or in this case a university account password expiring this makes the user more likely to fall for the trap a big subsection of network threats is hacking which contains threats such as brute force attack denial of service attack data interception and sql injection all of which we will talk about in this video but first what is hacking hacking is when a person attempts to gain unauthorized access to data on a computer or computer network many problems can arise from unauthorized access including the fact that malware could be put on the device there would be breaches of privacy and data protection acts and the fact that data and files could be copied edited or deleted so the first form of hacking is the brute force attack as the name suggests this is where a program pushes through by trying every single combination of characters until the correct password is found and access is granted next we have denial of service attack again the name suggests the purpose of this attack to shut a website or web server down preventing users from accessing the network as well as preventing the server from being able to tell the difference between legitimate requests and bogus requests it does this by bombarding the server with requests until it is unable to handle it all data interception is where data is intercepted by a third party when being sent over a network for example if i had to send a message to you over the internet e.g by email someone could intercept and gain access to this data there are a couple of different ways that data interception can occur the method i just mentioned the same as the picture on the screen is a man-in-the-middle attack as an attacker intercepts a conversation between two parties in this example you and me the second type of data interception method is called shouldering this is where the attacker looks over someone's shoulder while they enter their pin or passwords lastly sql injection is where malicious code is entered in a website form with the intent to modify or malform the sql statement that's about to be executed this could result in many problems such as stealing or modifying or deleting data as well as inserting malware onto the system
the picture on this screen illustrates sql injection and as you can see the attacker has used an sql statement that requests to select and return all of the user's data from the system in this video we have looked at the different threats there can be to a network including malware social engineering and
hacking
