The world being a tech-world and our reliance on systems has also increased the coming risks with it and made us vulnerable to attacks from the black hat hackers. As the security issues are evolving the It system is getting better and organizations also have robust plans in place to deal with it before it occurs.
This unit teaches us different types of cyber attack, the vulnerabilities of the system and techniques that can be used to defend an organizations network system.

Internal threats: employee sabotage and theft, physical equipment theft, damage i.e. fire, flood, power loss, unauthorized access, weak cyber security measures. External threats: malware(malicious software), spyware, adware, ransomware; viruses, worms, rootkit and trojans, hacking and sabotage (commercial, government and individuals)social engineering techniques to obtain secure information by deception.

Different system are exposed to different threats: network: firewall ports and external storage device, organizations: file permission and privileges, software: untrustworthy source, downloaded software, operating system: unsupported versions and updates not installed, mobile devices reliant on original equipment manufacturers OEMs, physical using theft of equipment,, universal Serial Bus USB with sensitive data and collection of password, how people use system, security implications

Current and relevant European Union General Data Protection Regulation and UK legislation: Data Protection legislation, Computer Misuse Act 1990, Telecommunications (lawful business practice) (Interception of communications) Regulations 2000 and amendments, Fraud Act 2006, Health and safety at work etc. Act 1974.

Effectiveness and use of physical security measure include: site security locks, card entries, biometrics, closed-circuit televisions CCTV, Security Staff, Alarms, Protected Cabling and Cabinets, data storage, data protection and backup procedures.

Use of Antivirus software and detection techniques, Software and Hardware firewalls(packet filtering and inspection, application layer awareness, inbound and outbound rules and network address), User Authentication(login procedures, strong password, text and graphical password, biometrics, two step verification, security tokens, knowledge-based authentication, Kerberos network authentication for Windows), Access control, trusted computing, encrypting techniques: safe password storage.

We did the introduction. Then we made the intro TT with the learning aims and objectives. After that I worked through the Chapter 1 of Cyber security made it half way through did the first 2 activities of it as well.
Today we did unit 1 complete with 4 different exercises depending upon the chapter. We made a PowerPoint which includes hackers, black, grey, white, qualifications, some terminologies and IP address at the end.

We did work on chapter 1 of the cisco academy. We did individual studies along with the activities involved around the chapter.
We did chapter 2 today along with the activities involving AAA, some cisco practice i.e.. building of a simple network.

We did activity on AAA which means Authentication, Accounting and Authorization. We also worked our way through chapter 2 and learned about a lot of new terminologies as well.
Today we read about different threats which include viruses, worms, Trojan and much more. I also did the case study of different affecting the life of different people.
We made a

We did an activity on threats and the possible measure any example along with the level of threat. It includes different malware, worms., cyber crimes such as phishing, whaling, plug-ins, browser highjack and more.
we did an activity on Symmetric and Asymmetric key algorithms some examples with features. Then through a video we found out some history of OTP along with advantages, disadvantages and uses. The final exercise was on ACL standard and extended with pros/con and range table.

We did some symmetric and asymmetric algorithms activities and then some OTP exercise. We also did some ACL standard with some extended pros and cons.
Today we did Chapter 5 which involves attacks on database, PKI, Digital signatures and some hashing activities.

Last week we did Chapter 5 which involves attacks on database, PKI Public Key Infrastructure, Digital signatures and some hashing activities.
Today we did chapter 6 for cyber security. It involve the concept of 5 9s i.e. the network availability. Single point of failure and how it brings down the whole network. It was followed up by System resilience, Fault tolerance and defense in depth. Then we did RAID and wrote about RAID 0-7 and then RAID 10 and lastly spanning tree.

Before half term we did chapter 6 which includes the concept of 5 9's i.e. the network availability. This session was followed by single point of failure and how it can bring down the whole network, fault tolerance and spanning tree.
Today we did the simplest of configurations that include the FTP server, Web server, Email Server and a NTP server. We did these by selecting the required by turning them on and then testing them by using different web addresses.

Last week we did the Configuration of FTP server, DNS Server, Web/Email Server and a NTP Server. We configured these and then tested them individually by sending mail or by browsing the web address or IP address.
Today we did the Lab 2 which involves Communicating in a cyber world which involves the following steps sending email between users, uploading and downloading files, remotely access an enterprise router using telnet and SSH

At the first glance nothing seems to be ok because the impact of it is pretty strong.
Once you get to have a read of it you understand it somehow.
The development plan was making things clear as it mentioned a lot of points related to the network and security.
The plan also help to have an idea of the risk assessment task.
Risk assessment was looking difficult but once you try to think of possible risks as if threats along with the physical access and how it would be breached.

Paper B include more of forensics. I did my research on couple of things like how is phantom charge applied to some contactless payment cards. I also stumbled across the fact that the USB sticks were different makes which potentially points towards the fact that those belong to the employees rather then the company itself. Lack of responsibility and accountability regarding the phone and the laptops which were left there. In door access log the Senior manager got in but was in party.

Why does Secure Sockets Layer SSL and Https have the same port number i.e. 443. I looked for and it gave me that SSL is a protocol, it can be used over any transport medium, as long as that medium provides a bidirectional stream for arbitrary bytes.
I worked my way through the risk assessments and wrote notes on the same pdf and highlighted some of the pointers to have a last minute glance at. I also searched different terms such as SSID, ARP poisoning, NFC, DBS etc.