REVISION
No references needed, written format in English (United Kingdom)
The explanation of what needs to be put in the document as a minimum, is from my tutor below
The unit spec is:
http://qualifications.pearson.com/content/dam/pdf/BTEC-Specialist-Qualifications/ICT-Systems-and-Principles/2010/Specification/AP025131-BTEC-ICT-Systems-and-Principles-u45.pdf
And the outcomes being covered are:
1.1 Describe how networks can be attacked
2.1 Describe how networked systems can be protected
2.2 Explain what an organisation can do to minimise security breaches in networked systems
Then run through some different threats, as an example:
1. Type of Attack – Virus/Malware, DDoS, Phishing etc.
Description – Give a summary of what this is and some information about how this type of attack might take place, the source of the attack and the damage it could do/effect it will have
2. How to protect against this type of attack.
Mention any software/hardware that can be used to protect against it or minimise the effect of the attack
So you need to come up with a few different examples of the attacks and how to protect against it.
Here is the Unit Content (page 3 of the specification) which relates to the above:
(for 1.1)
Attacks: types eg denial of service, back door, spoofing, mathematical, brute force, software exploitation, viruses, rootkits, worms, Trojans, spyware, adware
Sources of attacks: internal eg disaffected staff; external eg via internet connections or through unsecured wireless access point, viruses introduced by email
(for 2.1)
Email systems: security features eg secure MIME, spam, hoaxing, relay agents
Wireless systems: security features eg site surveys, MAC association, WEP/WPA keys, TKIP
Networked devices: security features eg router, switch, wireless access point
Transmission media: issues eg use of shielding
Personal access control: devices eg biometrics, passwords, usernames, permissions, digital signatures
Security control at device level: access control eg protocols, log in, certificates
Encryption: eg encrypting files for confidentiality, encryption with application-specific tools, recovering encrypted data
Intrusion detection systems: devices eg firewalls, virus protection, spyware protection, file monitoring, folder monitoring, use of honeypots, alarms
You don’t need to mention everything pasted above, it is just to give you some ideas of what to talk about.
Pick some of the potential attacks/sources of attack from the 1.1 contents,
Then underneath that address the specific attack with something from the 2.1 contents.
For the second part of the presentation you are looking at the following outcome
2.2 Explain what an organisation can do to minimise security breaches in networked systems
Some people struggle to see the difference between this and 2.1.
2.1 is about addressing the specific attacks mentioned in 1.1. So quite technical.
2.2 is more about general good practice organisations can implements to minimise attacks. Notice the verb used is ‘Explain’ so you need a little bit more than bullet points here.
