Task 1: Introduction (Max 1 point)
Network security involves protecting computer systems and data from various threats.
What is the primary purpose of implementing network security measures?
Task 2: Common Forms of Attack Recap (Max 6 points)
Networks face various threats. Match the attack form to its description by clicking one from each column, then check your answers.
Malware
Social Engineering (Phishing)
Brute-force Attack
Denial of Service (DoS)
Data Interception/Theft
SQL Injection
Task 3: Denial of Service (DoS) Attack (Max 1 point)
A Denial of Service (DoS) attack aims to make a machine or network resource unavailable to its intended users by disrupting services. This is often done by flooding the target with excessive requests or traffic.
Internet Users
Web Server
What is the primary goal of a Denial of Service (DoS) attack?
Task 4: SQL Injection (Max 5 points)
SQL Injection involves inserting malicious SQL code into data input fields (like search boxes or login forms). If the website doesn't properly check the input, this malicious code can be executed by the database, potentially allowing attackers to view, modify, or delete sensitive data.
Imagine a website search box. Which of the following inputs might be dangerous attempts at SQL injection? Click 'Dangerous' or 'Safe'.
Laptop Phone' OR '1'='1 Keyboard; DROP TABLE users;-- Mouse Mat What is the primary technique used to prevent SQL injection by cleaning or removing potentially harmful characters from user input?
Task 5: Spot the Phishing Email! (Max 4 points)
Phishing uses deceptive emails or messages to trick people into revealing personal information. Click on the parts of the email below that look suspicious.
From: [email protected]
Subject: Urgent Action Required: Your Account is Locked!
Dear Valued Customer,
We detected unusual activity on your account. For your security, we have temporarily locked it. You must verify your details immediately to avoid permanent closure.
Please click the link below to log in and confirm your information:
https://secure-mybank-login-update.com/verify
Thank you for your prompt attention to this matter.
Sincerely,
My Bank Security Team
Failure to comply will result in account termination imediatly.
Task 6: Firewalls (Max 3 points)
A Firewall monitors and controls network traffic based on security rules.
- Examines incoming/outgoing data packets.
- Blocks/filters traffic violating rules (e.g., specific IPs, ports).
- Helps prevent unauthorized access and malicious traffic.
Internet (Untrusted)
Your Network (Trusted)
How does a firewall primarily protect a network?
If a school wants to prevent students from accessing online game servers (which often use specific ports), what might a firewall rule do?
Besides ports, what else can a firewall commonly use as criteria to block traffic?
Task 7: Anti-Malware Software (Max 2 points)
Anti-malware software detects, prevents, and removes malicious software (malware).
- Scans files for known malware signatures.
- Needs regular updates for new threats.
- Can quarantine (isolate) or delete detected malware.
- Helps prevent viruses, spyware, ransomware etc.
What are the main functions of anti-malware software?
True or False: Anti-malware software is most effective when its virus definitions are kept up-to-date.
Task 8: Physical Security (Max 4 points)
Physical Security measures prevent unauthorized physical access, theft, or damage to hardware and infrastructure.
Select ALL the items below that are examples of physical security measures:
Task 9: Authentication & Passwords (Max 4 points)
Verifying user identity often involves passwords and other methods to prevent brute-force attacks and unauthorized access.
Password Strength Checker
- Length (8+)
- Uppercase
- Lowercase
- Number
- Symbol
Strong passwords help prevent brute-force attacks.
Requiring a password AND a code sent to your phone is an example of:
Temporarily disabling an account after too many failed login attempts is called:
Giving a standard user fewer permissions than an administrator is an example of:
A test designed to distinguish humans from bots, often used on login pages, is called:
Task 10: User Access Levels (Max 3 points)
User Access Levels restrict users' permissions to only what they need for their role. This limits potential damage if an account is compromised or misused.
Scenario: A user needs to submit homework to a shared area but should not be able to see or delete other students' submissions.
This user should likely have:
Scenario: A user needs to read and mark student homework in multiple folders and leave comments, but should not be able to install new software on the school network.
This user should likely have:
Scenario: A user needs to install updates on all school computers, manage user accounts, and configure network settings.
This user should likely have:
Task 11: Threat Prevention Grid (Max 11 points)
Drag the shield icon onto the grid cells where the prevention method (column) is a primary way to mitigate the threat (row). Some threats have multiple preventions.
Drag Shield:
| Threat | Firewall | Anti-Malware | Encryption | Strong Passwords / Auth | Training | Input Sanitisation | Access Levels |
|---|---|---|---|---|---|---|---|
| Malware | |||||||
| Phishing | |||||||
| Brute-force | |||||||
| Data Interception | |||||||
| SQL Injection | |||||||
| DoS Attack |
Task 12: Encryption (Max 1 point)
Encryption uses an algorithm and a key to scramble readable data (plaintext) into an unintelligible format (ciphertext).
Why is encryption important?
- Protects data confidentiality (makes intercepted data meaningless).
- Ensures only authorized users can access sensitive information.
- Helps comply with data protection laws.
- Secures data transmitted over networks (e.g., HTTPS).
What is the main purpose of encrypting data?
Task 13: Pen Testing & Hacker Hats Review (Max 2 points)
Let's quickly review these related concepts.
A company legally hires security experts to attempt to breach their systems to identify weaknesses. What is this called?
Which type of hacker usually performs penetration testing?
Task 14: Key Definitions (Max 6 points)
Match the security term to its definition:
Firewall
Malware
Phishing
Brute-force
Encryption
Penetration Testing
Task 15: Security Scenarios (Max 4 points)
For each scenario, choose the most relevant threat or prevention method.
1. Sending sensitive data over public Wi-Fi. Primary threat?
2. Preventing SQL injection in a website search box. Key technique?
3. A website stops accepting login attempts from your IP address after 5 failed tries. What prevention method is this?
4. To protect data if it's stolen during transmission (intercepted), what should be applied beforehand?
Task 16: Exam Practice Questions
Attempt to answer the following exam-style questions in the text areas provided. Then click 'Show Feedback' to see typical mark scheme points.
Hamish stores confidential documents on his laptop. Hamish needs his computer to be secure from unauthorised access when connected to a network.
i. Describe the problems that can arise from unauthorised access to his laptop and confidential documents. [3]
ii. Describe two ways Hamish can help prevent unauthorised access to his laptop. [4]
A hospital stores patients' details on its computer network. The hospital is concerned about the security of its patients' details. Staff already use strong passwords to protect systems.
Explain, with reference to system security, three other ways that the hospital could protect the network system. [6]
Task 17: Your Progress
See how you did on the interactive tasks!
Your Score: 0 / 0
Note: Score based on completed quiz questions and matching activities. Exam practice not scored.