Grade 9 Information Technology: Computer Security and Programming Fundamentals Study of Programming Fundamentals

Artificial Threats to Computer Security

• Nature of Manmade Threats: The vast majority of computer security threats are artificial, occurring through the devices and networks currently in use. These threats evolve in nature and method alongside changes in technology.

• Internet-Based Threats: Due to the development of Internet-based services, most manmade security threats leverage the Internet as a platform, entering systems through network connectivity.

• Interchangeable Terminology: The term cyber security is frequently used interchangeably with computer security. Similarly, attacks on computer security are widely referred to as cyber-attacks.

• The Prefix 'Cyber': In terms such as cyber-security, cyber-attack, and cyberspace, the prefix "cyber" refers specifically to computers and computer networks.

Classification and Varieties of Cyber-Attacks

Cyber-attacks are classified based on their methodology and intent. The textbook identifies eight primary types:

1. Denial of Service (DoS)

2. Malware attack

3. Man-in-the-Middle

4. Phishing

5. Eavesdropping

6. SQL injection

7. Password attack

8. Social engineering

• Historical Context: Malware attacks, including Trojan horses, worms, and viruses, have existed since the era of file sharing via portable storage.

• Internet-Era Attacks: Attacks such as DoS, phishing, SQL injections, and password attacks became popularized with the dominance of the Internet as a service platform.

• Psychological and Technological Combinations: Cyber-attacks often combine psychological manipulation with technological exploits, particularly in man-in-the-middle, eavesdropping, and social engineering scenarios.

Detailed Breakdown of Cyber-Attack Types

Denial of Service (DoS)

• Description: DoS attacks damage computer systems by flooding targets with excessive requests, which prevents regular users from connecting to the service.

• Impact: Network-based services cannot be provided in a timely manner. For example, a DoS attack on a bank's IT infrastructure could halt ATM and CBE Birr services, causing customer disappointment and reputation damage to the service provider.

Malware Attacks

Malware is a contraction for malicious software. Its varieties include:

• Trojan Horse: A code that takes over a system to steal or damage its contents. It downloads onto a computer by being disguised or masked as a legitimate program.

• Virus: A malicious code that enters a computer program by replicating itself to change the system's functioning.

  • Example: The Melisa virus is a common example that spreads without user acknowledgment. Some refer to these as rootkits.

• Key logger: These record movements on keyboards to steal passwords and account details.

• Worms: Independent programs that infect computer systems via network devices.

• Adware (Advertising Software): Software designed to spread malware through pop-up advertisements. It can slow down devices, hijack browsers, and install viruses or spyware.

• Botnets: A portmanteau of "robot" and "network." Cybercriminals use Trojan viruses to breach multiple computers, gain control over them, and organize these "infected machines" into a network of bots that can be managed remotely.

• Spyware: A secret program that tracks all user movements secretly to use that information against them.

• Ransomware: This malware locks files and data on a system, threatening to delete them unless a ransom is paid.

Man-in-the-Middle

• Description: Intercepting communication between people to steal data from their conversation.

• Common Vector: Open Wi-Fi networks are frequent locations for this type of attack.

Phishing

• Description: The practice of sending fraudulent communications that appear to come from a reputable source, usually performed via email.

• Goal: To steal sensitive data like credit card numbers and login information, or to install malware on the victim's machine.

Eavesdropping (Sniffing or Snooping)

• Description: Occurs when a hacker intercepts, deletes, or modifies data transmitted between two devices.

• Mechanism: It relies on unsecured network communications and data in transit. It often happens when a user connects to an unencrypted network to send sensitive business data.

• Detection: These attacks are difficult to spot because the presence of a listening device usually does not adversely affect device or network performance.

SQL Injection

• Description: An attacker injects unauthorized input into an SQL statement.

• Prerequisite: This is possible on websites where hackers can access the database using a user's ID and password.

Password Attacks

Methods include:

1. Dictionary Attack: Trying different possible passwords from a dictionary.

2. Brute Force: Trial and error decoding of the password (highly time-consuming).

3. Key-logger: Tracking keyboard movements.

4. Shoulder Surfing: Physical observation by looking over a user's shoulder.

5. Rainbow Table: Using pre-computed hash values to find passwords.

Social Engineering

• Description: Creating a social situation to trick a user into giving up information.

• Example: Receiving a call from a mobile company claiming "Your device is in danger," leading a user to provide sensitive data without verification.

Specific Challenges for Youth on the Internet

• Dangerous Actors: Religious fundamentalists, radical political/tribal extremists, terrorists, and sex traffickers use the Internet as a safe zone to attract youth to extreme views or illegal activities.

• Cyber Bullying: Ridiculing or humiliating others on social media or gaming platforms. It includes sharing negative, harmful, false, or mean content, or private information to cause embarrassment.

• Cyber Predators: People who exploit younger individuals for sexual or other purposes, often pretending to be someone else to gain trust.

• Posting Private Information: Many youth do not understand social boundaries and post personally identifiable information (PII) on social media profiles that should remain private.

Entities Behind Cyber Attacks

1. Online Criminals: Skilled in identifying appropriable data to sell or hold for ransom.

2. Hackers: Individuals with varying expertise levels, sometimes acting in an untargeted way to test skills or cause disruption.

3. Malicious Insiders: Individuals within an organization who use their access to steal information for competitors.

4. Honest Mistakes: Staff or students who accidentally email sensitive information to the wrong recipient.

5. School Pupils/Students: Those who enjoy the challenge of testing their cyber skills.

Potential Impacts and Losses Due to Security Threats

1. Destruction or Loss of Information: Physical destruction of components or data loss due to hard disk failure.

2. Corruption of Information: Unauthorized alteration of files.

   • Example: Adding or reducing student marks in a database or posting illegal documents on a school's Telegram or Facebook channel.

3. Theft of Services: Unauthorized use of network services.

   • Example: Using a school internet privilege reserved for education for online marketing.

4. Illegal Usage: Using system functions for malicious purposes, such as dispatching texts/videos that promote inter-conflict or inter-religious conflict via school internet.

5. Disclosure of Information: Disseminating information to unauthorized parties.

   • Example: Posting a picture of a private school noticeboard warning letter on social media.

6. Denial of Use: Covered under DoS; the intentional degradation or blocking of resources.

7. Elevation of Privilege: Exploiting system weaknesses to gain rights not meant for the user.

   • Example: A student accessing a teacher's account to register marks. This often happens due to guessable passwords or keystroke logging.

The 90/10 Rule and Best Practices

• The 90/10 Rule: Successful security relies on $90\%$ good computer practices (awareness) and $10\%$ technical practices.

• Key Principles (CIA Triad):

  • Confidentiality: Ensuring information is available only to the intended audience.

  • Integrity: Protecting information from being modified by unauthorized parties.

  • Availability: Ensuring information is consistently and readily accessible for authorized parties in a timely manner.

Preventive Measures

• Install reputable security and anti-virus software.

• Activate firewalls (a security guard between the internet and the local area network).

• Perform software updates as soon as they are available.

• Avoid clicking email attachments from unknown sources.

• Password Standards: Use unique combinations of numbers and letters (capital and small), with a recommended length of at least $15$ characters. Use different passwords for different accounts.

• Perform daily full system scans and schedule periodic system backups.

• Never reveal online where you live or attend school.

Fundamentals of Programming: Defining Problems

• Problem: In non-technical terms, a difficulty to understand something, a complex task involving doubt, or a matter difficult to settle.

• Computational Problem: A problem that can be solved step-by-step with a computer. These require well-defined inputs, constraints, and conditions for the output.

Types of Computational Problems

• Decision Problem: Has a Yes or No answer (e.g., "Is integer $n$ even?").

• Search Problem: Consists of one or more values satisfying a condition (e.g., finding a path on a map or a name in a spreadsheet).

• Counting Problem: The answer is a number of solutions to a search problem (e.g., counting female students in a list).

• Optimization Problem: Finding the "best" possible solution (e.g., computing the fastest route in network traffic management).

Steps in Problem Solving

George Polya's Four-Step Method

Published in the book How to Solve It, this method applies to all problems:

1. Understand the Problem: Figure out what is known/unknown and what answer is required.

2. Make a Plan: Choose strategies like making a list, drawing a picture, or using a formula.

3. Execute the Plan: Use the chosen strategy; if it fails, return to step 2.

4. Review and Extend: Check the answer and evaluate the method's effectiveness.

Adaptation for IT/Computer Science

1. Understand the Problem

2. Develop an Algorithm: Create a precise sequence of instructions in a human-understandable format.

3. Write the Program: Transform the algorithm into a sequence of instructions using a programming language that a computer can execute.

4. Test the Program

Algorithm Representation Tools

Flowcharts

• Definition: A graphical representation of an algorithm using boxes, ellipses, and arrows.

• Standard Symbols:

  • Start/End (Terminator): Ellipse shape marking the beginning or end.

  • Action or Process: Rectangle shape representing a single step or sub-process (e.g., arithmetic operations).

  • Decision: Diamond shape representing a choice or question with multiple exit paths (e.g., Yes/No).

  • Input/Output: Parallelogram representing material/info entering or leaving the system.

  • Connector: Small circle indicating the flow continues elsewhere.

  • Flow Line: Arrows indicating sequence and direction.

  • Subroutine (Module): Indicates a predefined process described in more detail elsewhere.

Pseudocode

• Definition: A simple and concise sequence of English-like instructions to solve a problem. It is closer to actual program instructions than a flowchart.

Programming Environments

Flowgorithm

• A beginner's programming language based on graphical flowcharts.

• Operators: Uses % for modulo-divide (gives the remainder of integer division, e.g., $14 \% 3 = 2$) and ^ for exponents (e.g., $6^2$ is written as 6^2).

• Assignment: Making a variable hold a value.

Scratch

• A visual, block-based programming language designed for education.

• Key Elements:

  • Sprite: The actors or main characters programmed to perform actions.

  • Stage: The area where sprites act. The coordinate system for the stage is $X$ in the range of $-240$ and $240$, and $Y$ in the range of $-180$ and $180$.

  • Programming Palette: Contains categories like Motion, Looks, Sound, Events, Control, Sensing, Operators, and Variables.

  • Script: The area where blocks are snapped together to control the sprite.

Instruction Processing Flow

1. Sequence: Executing instructions top-down in order.

2. Selection (Condition): Executing or jumping instructions based on a decision (e.g., if...else).

3. Repetition (Looping): Repeatedly executing instructions for a fixed number of times or until a condition is met (e.g., while, forever, repeat N, repeat until).

Problem-Solving Approaches

Top-Down Approach

• Process: Starts with the most general modules and works toward specific functionality.

• Decomposition/Modularization: Breaking a bigger problem into smaller, manageable sub-problems called modules.

• Subroutine: A solution developed for a smaller problem that can be called by a main module.

Bottom-Up Approach

• Process: The opposite of top-down. Fundamental units and sub-modules are designed first, then integrated into a concrete system.

• Synthesis: Bringing together existing modules to build a larger program.

Shared Concepts

• Incremental Development: Building a program piece by piece.

• Unit Testing: Testing each individual piece/module before moving to the next.

Questions & Discussion (Unit Review Highlights)

• True/False Concepts:

  • Being connected does introduce security vulnerabilities.

  • Ensuring availability means making services accessible at the time of need.

  • Confidentiality, Integrity, and Availability are core computer security principles.

• Key Identification:

  • Wait and broadcast are used in Scratch to make stories interactive.

  • "Desk checking" is the process of checking algorithms with paper and pencil for accuracy.

  • A software program is a sequence of instructions written in a programming language to perform a task.

• Scenario Exercise:

  • Student Halima noticed unauthorized mobile banking purchases.

  • Benefit: ICT allowed her convenience of online shopping.

  • Victimization causes: Potential phishing, shoulder surfing, or unsecured Wi-Fi usage during shopping sessions.