week 28

K1.28 Techniques applied to ensure cyber security for internet-connected devices, systems and networks:

Wireless Security

• What it is: Methods to secure Wi‑Fi networks and prevent unauthorised access.

• Key Method:
  WPA2 (Wi‑Fi Protected Access 2):
  A strong encryption protocol for Wi‑Fi traffic.
  Example: College Wi‑Fi is configured with WPA2 so that only authorised staff and students with the correct password can connect.

• Extra Layer:
  End‑to‑end security:
  Encrypts data from the device to the access point or service.
  Example: A user’s laptop sends encrypted data via WPA2 so even if intercepted, the data is unreadable.

Device Security

• What it is: Measures to protect individual devices from misuse or theft of data.

• Methods:
  Strong passwords or PINs
  Biometric authentication (fingerprint, facial recognition)

• Application:
  A company issues tablets to staff that require fingerprint login, reducing risk if a device is lost.

Encryption

• What it is: Converting data into unreadable code without the correct key.

• Application:
  Data at rest: Full disk encryption on laptops to protect stored files.
  Data in transit: SSL/TLS encryption for online transactions.
  Example: A business uses TLS on its website so customer card details are secure when entered online.

Virtualisation

• What it is: Running multiple virtual systems on one physical machine, isolating environments.

• Application:
  Test environments are created on virtual machines so malware cannot spread to the live network.
  Virtual desktops allow employees to access a secure corporate system from home without saving sensitive data locally.

Penetration Testing

• What it is: Ethical hacking to identify vulnerabilities before attackers do.

• Application:
  A school hires a cyber‑security firm to simulate an attack on its student portal and fix any weaknesses found.

Malware Protection

• What it is: Tools and practices that stop malicious software.

• Application:
  Anti‑malware software scans files on download.
  Example: Email attachments are scanned automatically to block ransomware.

Anti‑Virus Protection

• What it is: A subset of malware protection specifically targeting viruses.

• Application:
  Regular updates ensure new virus signatures are recognised and quarantined before harm is done.

Software Updates and Patches

• What it is: Keeping operating systems, applications and firmware current.

• Application:
  A college’s IT department installs the latest patch for its firewall to fix a critical vulnerability.
  Prevents exploitation by attackers using known bugs.

Multi‑Factor Authentication (MFA)

• What it is: Requires two or more verification steps.

• Application:
  Staff log in with a password and a code sent to their phone.
  Even if a password is stolen, access is blocked without the second factor.

Single Logout (SLO)

• What it is: Logs the user out of all connected sessions and services at once.

• Application:
  A teacher logs out of the central portal, automatically ending sessions on email, storage and HR systems.
  Reduces risk of an unattended active session being exploited.

Lockdown
Scenario: 
You are asked to secure a new network for a small business.

Task:
1. Select three techniques from the list above.
2. For each technique:
   - Explain how it protects against threats (e.g. unauthorised access, malware).
   - Give an example of how you would implement it in the network design.

Extension:
Design a simple diagram of the network showing where each technique would be applied (e.g. firewall at perimeter, MFA at user login, virtualisation on server).

Last Updated
2025-07-15 10:44:08