OCR J277 Network Security

Lesson 1: The Human Element

Understanding how human behaviour is exploited to compromise security.

Lesson Progress

0/5
01 Review of Previous Learning

DO NOW: Network Hardware Recap

Before we look at software and human threats, let's recap the physical hardware that makes up a network. Open your Google Doc and answer True or False to the following.

  1. A router's primary job is to connect different networks together (e.g., a home LAN to the Internet).
  2. A switch sends data packets to every single device on the network, regardless of the destination.
  3. A WAP (Wireless Access Point) converts wired data into radio waves for wireless devices to connect.
Reveal Answers (Use Green Pen in your Doc)
  • 1. True. Routers direct packets between different networks.
  • 2. False. A switch uses MAC addresses to send data only to the intended device. A hub sends data to all devices.
  • 3. True. WAPs provide a wireless bridge to a wired network.
02 Introducing the New Objective & KWs

Context & Keywords

Learning Objective

To understand how human behaviour is exploited through social engineering to compromise network security.

Tier 3 Vocabulary (Click to flip):

Social Engineering Click to enlarge

Manipulating people so they give up confidential information. People are often the 'weak point' in a secure network.

See analogy

Why break the lock when you can trick someone into handing you the key?

Click to close
Phishing Click to enlarge

Sending fraudulent emails or messages containing malicious links that direct users to fake websites to harvest credentials.

See visual

From: security@paypa1-alert.com

URGENT: Your account is locked!

Click here to reset password

Click to close
Pharming Click to enlarge

Malicious code that automatically redirects a user to a fake, fraudulent website, even if the correct URL was typed.

See visual
Type:
www.bank.com
Fake Bank Site! (Steals data)
Click to close
Shoulder Surfing Click to enlarge

Physically observing a person entering sensitive data, such as watching them type their password or ATM PIN.

See visual
Click to close
03 New Learning

The 'Weak Point' and Phishing Tells

Even if an organisation installs million-pound firewalls and complex encryption, a network is only as secure as the people using it. This is why hackers rely on Social Engineering.

Spotting the 'Tells' of a Phishing Email

Phishing emails are designed to cause panic or curiosity. Here is how you spot them:

From: Support@PayPa1.com

Subject: URGENT: Your account will be closed in 24 hours

Dear Customer,

We have detected unauthorised activity on your account. You must click the link below to verify your identity immediately, or your funds will be frozen.

Verify Account Now

Hover over the highlighted sections above to see why this is a scam.

04 Application

Independent Task & Exam Practice

Task 1: The Phishing Simulator

  • Open the Phishing_Simulator.html link shared in Google Classroom.
  • You will be presented with 5 fictional emails. Click on the 'red flags' in each email to identify them as phishing attempts.
  • Once you score 5/5, screenshot your certificate and paste it into your Google Doc.

Task 2: Exam Question

In your Google Doc, answer the following 6-mark OCR exam question in full sentences.

"A hospital stores sensitive patient data. Identify three errors that the hospital staff could make that may endanger the security of the network. Outline a procedure that could be put in place to prevent each error." (6 Marks)
05 Consolidation

Plenary: Exit Ticket

To finish the lesson, complete the final exit ticket on Google Classroom to demonstrate you have met today's learning objective.

Final Knowledge Check

Task: Answer the exit question: "Explain the difference between Phishing and Pharming."

Open Exit Ticket in Google Forms