Identifying Vulnerabilities
Finding weaknesses before the hackers do.
Examiner's Eye - Avoid the Trap!
The "Firewall Magic" Trap: Students constantly claim a firewall will stop an angry ex-employee from plugging a USB drive into an internal office computer to steal files. It will not! A Firewall only checks network traffic passing through the router boundary (between the LAN and the Internet). It provides zero protection against direct physical internal threats.
Concept Explorer: The Pentest Sandbox
You have been hired as an Ethical Hacker to run a Penetration Test on a hospital's network. Run your scan to identify their critical vulnerabilities, and then use your knowledge to assign the correct prevention method to patch them.
Assign Fixes to Vulnerabilities:
Mitigation Strategies
Penetration Testing (Ethical Hacking)
Authorised, simulated cyberattacks carried out against a company's own computer system. The goal is to deliberately identify, report, and patch vulnerabilities before malicious hackers have a chance to exploit them.
User Access Levels
A network policy that restricts users so they can only access, view, or securely edit the specific files absolutely necessary for their job role. This drastically limits the scope of internal data theft and contains malware spread.
Physical Security
Securing the actual server hardware to prevent direct physical theft or tampering by unauthorised personnel. Examples include installing CCTV, hiring security guards, and restricting server rooms with biometric scanners.
Check Your Understanding
A student mistakenly opens a Phishing email on a school computer and accidentally downloads a Trojan virus. However, when the virus tries to delete the school's central database, it receives an "Access Denied" error and fails. Why did the virus fail?
Stretch & Challenge (AO2 Application)
Written Exam Scenario (AO2/AO3)
...