Notes-for-CAIE

Table of contents

• 3.5.3 Encryption protocols
  • How SSL or TLS helps to keep secure
• 3.5.4 Malware
  • Vulnerabilities that a malware can exploit.
  • Spam [1]
  • Spyware [1]
  • Worm
  • Virus [2]
  • Pharming [1]
  • Phishing [1]

3.5.3 Encryption protocols

• show awareness of the purpose of Secure Socket Layer (SSL)/Transport Layer Security (TLS)
• show awareness of the use of SSL/TLS in client-server communication
• show awareness of situations where the use of SSL/TLS would be appropriate

How SSL or TLS helps to keep secure

s18 32 Q5.b [4]
s19 31 Q5.b [6]
s19 33 Q5 [6]

Write as much as possible! The marking schemes varies.

• Julio’s computer checks the digital certificate sent from the server against the certificate authority [3]
• If valid a session is created [2]
• The symmetric session key is generated
• Session key sent to the server encrypted by the server’s public key
• The session key is used to encrypt all further data

3.5.4 Malware

Vulnerabilities that a malware can exploit.

s18 32 Q5.c [3]

• Attaching a portable storage device
• Opening an email attachment // clicking links on an email attachment
• Accessing a suspicious website
• Downloading a file from the Internet
• Buffer overflow
• Software not up to date // Software poorly written
• No up-to-date anti-virus/anti-malware software installed
• Regular virus/malware scans not completed
• A firewall that is not set up correctly
• Weak/easily cracked passwords
• Lack of user/staff training

Spam [1]

• User’s inbox is filled by a large amount of unwanted email

Solution: setup filters to delete spam email

Spyware [1]

s18 33 Q6 [1]

• A piece of software that records user’s actions without user’s knowledge and sends them to a third party for analysis.

Worm

s17 31 Q2.a.i [1]

• A standalone piece of malicious software that can replicate itself using a network.
• Could corrupt user’s computer / delete data

Solution: run anti-virus software in the background

Virus [2]

s17 31 Q2.a.iii

• Malicious software that replicates by inserting a copy of itself [1] into a file of data [1]

Pharming [1]

w20 33 Q6 [2]

• Redirect website to fake website
• Domain name server compromised
• Proxy server compromised

Phishing [1]

w20 33 Q6 [2]

• Attempt to obtain somebody’s confidential data / install malware, through email