Security threats
Security, privacy, integrity
- These three words sound alike but mean different things.
- Getting them straight is the foundation of this whole topic.
- Then we meet the threats that attack them.
Three different ideas
- Security — protecting data from unauthorised access, change or destruction.
- Privacy — a person's right to control who sees their personal data (with consent and a clear purpose).
- Integrity — data being accurate and complete — not corrupted or accidentally changed.
- A file can be secure but corrupted (no integrity), or accurate but readable by anyone (no privacy). You need all three.
Practice
Which best describes data "integrity"?
Integrity = accurate and complete. Security = blocking unauthorised access; privacy = control over personal data.
Malware
| Type | What it does |
|---|---|
| Virus | self-copying code that attaches to programs and spreads when they run |
| Worm | self-copying code that spreads over networks with no user action |
| Trojan | looks useful but hides malicious code |
| Spyware | secretly collects information (keystrokes, passwords) |
| Ransomware | encrypts your files and demands payment |
| Adware | pushes unwanted adverts |
Practice
How does a worm differ from a virus?
A worm self-propagates across networks without user action; a virus needs an infected program to be run.
Practice
Ransomware is malware that:
Ransomware encrypts the victim's files and demands a ransom for the key.
Practice
Match each type of malware to its behaviour.
Spyware spies, a Trojan disguises itself, and a worm self-spreads across networks.
Other threats
- Phishing — fake emails/sites that trick users into giving credentials.
- Hacking — unauthorised access, often via weak passwords or software flaws.
- Denial of service (DoS/DDoS) — floods a server so real users can't reach it.
- Eavesdropping — capturing data in transit (a risk on open Wi-Fi); man-in-the-middle — secretly relaying or altering messages.
- Social engineering — tricking people into giving up information.
Practice
Phishing is:
Phishing deceives users into revealing passwords or details via fake messages/sites.
Practice
A denial-of-service (DoS/DDoS) attack:
DoS/DDoS overwhelms a server with traffic so legitimate requests can't get through.
You've got it
Key idea
- security (block unauthorised access) · privacy (control over personal data) · integrity (accurate + complete)
- virus spreads via programs; worm spreads over networks with no user action
- ransomware encrypts files for payment; Trojan hides in something useful
- phishing, DoS/DDoS, man-in-the-middle, social engineering are key network threats