Essay

BTEC Level 3 Computing Unit 32 Distinction grade Networked Systems Security

0 purchase

Module
Unit 32 - Networked Systems Security

Institution
PEARSON (PEARSON)

This is the full assignment for Unit 32 in Networked Systems Security in my level 3 BTEC Computing. I have received a grade of Distinction and an overall grade of D*D*D* in the first year. The information in the document is detailed ad

[Show more]

Preview 4 out of 40 pages

View example

Uploaded on March 20, 2022
Number of pages 40
Written in 2021/2022
Type Essay
Professor(s) Unknown
Grade A+

btec level 3 computing
p1 p2 p3 p4 p5 m1 m2 m3 d1 d2 unit 32 networked systems security
distinction grade on the assignment and ddd overall

Unit 32
Ali Ghanem; 723202

Task1:
P1 + D1:
Attacks:
Types of attacks:
Denial-of-service attack: The DoS attack is the kind of attack that happens when a hostile
cyber threat actor prevents legitimate users from accessing information systems, devices, or
other network resources. Emails, websites, online accounts (such as banking), and other
services that rely on the compromised machine or network may be disrupted. This attack is
carried out by flooding the targeted host or network with traffic until it becomes unable to
react or simply just fails, denying genuine users’ access. While an organisation’s resources
and services are unavailable, DoS attacks can cost them both time and money. There are
few different methods to perform a DoS attack, however, the most common one is when
the attacker floods a network server with traffic, and this means that he sends multiple
requests to the target server overloading it with traffic. We also have a DDoS attack which is
the same as the DoS but the difference is that in this case there will be more than one
computer or device used to flood that targeted resource.

There are several DDoS attacks that happened to famous companies across the world:
The Google Attack, 2017; The AWS DDoS Attack in 2020; The Mirai Krebs and OVH DDoS
Attacks in 2016; The GitHub Attack in 2018.

, Unit 32
Ali Ghanem; 723202

The AWS DDoS attack that happened in 2020 was one of the largest attacks ever as it had
fired 2.3 Tbps, AWS reported. The company noted in an official report on its DDoS security
service, AWS Shield, that the attack’s peak was 44 percent larger than anything the service
has seen before, resulting in three days of “elevated threat” status. However, it did not
specify whose website or online service had been attacked.
Backdoor attack: in general, a backdoor attack is a type of breach in which hackers use
deception and proper hiding to install malware that can bypass a network’s normal security
requirements and authentication. Backdoors are designed to blend in with other
applications, such as a file converter, a suggested download, or a software update, although
some cyber-attacks are clearer and more noticeable (such as a ransomware attack or
phishing attempts).

WordPress uses the script language PHP to build up all their domains, however, in the 28th of
March 2021, they reported that it had been compromised by a backdoor attack that
included a remote code injection into a PHP script change. When the code was put into a
website’s language as part of a minor update, it opened the door for the hackers to
remotely take control of any PHP website. This sort of attack can only be prevented by the

, Unit 32
Ali Ghanem; 723202

continuous check of the servers and by increasing the security over the websites. Especially
a company like WordPress, as their website is used to create hundreds of other people’s
websites.
Spoofing: Spoofing occurs when an attacker pretends to be a legitimate device or user in
order to steal data, spread a malware, or get around access control measures.
There are several types of spoofing attacks, but the most common ones are:

 IP address spoofing - Attacker sends packets over the network from a false IP
address

 ARP spoofing - Attacker links their MAC address to an authorized IP address already
on the network

 DNS spoofing - Attacker initiates a threat such as cache poisoning to reroute traffic
intended for a specific domain name traffic to a different IP address
An example of a spoofing attack is Email spoofing, it happens when an attacker sends emails
with incorrect sender addresses, which is technically part of a phishing scam. These types of
spoofing attacks are planned to steal the victim’s information, infect his computer
with malware, or simply blackmail him for money. These emails may also use social
engineering to convince the victim to reveal sensitive data.
DNS spoofing attack:

Mathematical attacks: this attack entails attempting to decrypt data using computation
based on the encryption algorithm’s mathematical properties. Using strong encryption (128

, Unit 32
Ali Ghanem; 723202

bit) instead of a weaker encryption is the best technique to avoid data decryption (both 40
and 56-bit encryption can easily be broken).
Brute force attacks: A brute force attack involves guessing login information, encryption
keys, or locating a hidden web page by trial and error. Hackers try all conceivable
combinations in the hopes of making the right guess. These attacks are carried out using
“brute force”, which means that they try to force their way into your private account by
using extreme force or forces. Even though this is an old school kind of attack, but it is still
effective and popular with hackers, as based on the complexity and the length of the
password, cracking it can few seconds up to many years. Hacking using brute force would
make the hacker benefit by:
Profiting from ads or collecting activity data
Stealing personal data and valuables
Spreading malware to cause disruptions
Hijacking your system for malicious activity
Ruining a website’s reputation
An example of a Brute force attack:

Tesco has suffered from a Brute force attack; thousands of accounts were compromised by
an unauthorised third party where the hackers used a combination of usernames and
passwords that were leaked from somewhere else and then used to do a brute force attack.
The company reported that no financial details were leaked, and they took immediate
actions towards the activity. Tesco has then issued 600K new loyalty cards to the customers.
It is true that cyber-attacks have increased so much in the last couple of yours, but we
should adapt with this reality too. I suggest that users should always create strong
passwords, but still easy to remember. An example could better be 8 characters long, and a
combination of uppercase and lowercase letters, numbers, and symbols.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

You can quickly pay through credit card for the summaries. There is no membership needed.

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller alighanem. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for £10.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

66184 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy revision notes and other study material for 15 years now

Start selling