Know and understand avoiding password interception by using up to date anti-spyware and regularly changing passwords
Networks – Avoiding Password Interception and Maintaining Security
Learning Objective
Know and understand how to prevent password interception by using up‑to‑date anti‑spyware, changing passwords regularly and applying a range of complementary security measures. Relate these practices to the Cambridge IGCSE/A‑Level ICT syllabus (Sections 4.1‑4.10, 5, 6, 7, 8, 10).
1. Network Components (Syllabus 4.1)
| Component | Function | Security Relevance |
|---|---|---|
| Router | Connects a local network (LAN) to other networks (e.g., the Internet) and routes packets. | Can apply NAT, firewall rules and WPA/WPA3 for Wi‑Fi. |
| Network Interface Card (NIC) | Hardware that provides a physical (wired) or wireless link to a network. | MAC address can be filtered; drivers must be kept up‑to‑date. |
| Hub | Repeats incoming signals to all ports; no traffic management. | Creates a shared collision domain – easier for sniffing tools. |
| Switch | Forwards frames only to the destination port using MAC‑address tables. | Reduces exposure of traffic; supports VLANs for segmentation. |
| Wi‑Fi (Wireless LAN) | Uses radio frequencies (2.4 GHz/5 GHz) to connect devices without cables. | Encryption (WPA2/WPA3) is essential; open hotspots are high‑risk. |
| Bluetooth | Short‑range radio link for peripherals (headsets, keyboards, etc.). | Pairing codes and encryption protect against eavesdropping. |
| Cloud Services | Remote storage or applications hosted on third‑party servers. | Data must be encrypted in transit (HTTPS/TLS) and at rest; provider’s security policies apply. |
2. How Passwords Can Be Intercepted (Syllabus 4.2)
- Clear‑text transmission – Sending passwords without encryption (e.g., HTTP) allows packet sniffers to read them.
- Spyware / Keyloggers – Malicious software records keystrokes, screenshots or form data before encryption.
- Unsecured Wi‑Fi or public computers – Open hotspots and shared terminals are easy targets for eavesdropping and MITM attacks.
- Man‑in‑the‑Middle (MITM) – An attacker intercepts and possibly alters communication between user and server.
- Phishing & Social Engineering – Fake login pages trick users into revealing credentials.
3. Spyware – Methods of Interception (Syllabus 4.3)
- Keylogging – Captures every keystroke, including passwords.
- Screen Capture – Takes screenshots of login dialogs or sensitive applications.
- Form Grabbing – Reads data from web forms before it is encrypted and sent.
4. Using Up‑to‑Date Anti‑Spyware (Syllabus 4.3 & 8)
- Install reputable anti‑spyware/anti‑malware (e.g., Windows Defender, Malwarebytes, Bitdefender).
- Enable real‑time scanning of files, web traffic and email attachments.
- Schedule a full system scan at least once a week.
- Set automatic daily definition updates.
- Combine anti‑spyware with a firewall (software or hardware) to block unauthorised inbound/outbound traffic.
- Keep the operating system and all applications patched – many spyware infections exploit known vulnerabilities.
5. Creating & Changing Strong Passwords (Syllabus 4.4)
| Guideline | Details |
|---|---|
| Length | Minimum 12 characters; longer is better. |
| Complexity | Mix upper‑case, lower‑case, numbers and symbols. |
| Uniqueness | Use a different password for every account. |
| Avoid personal data | No names, birthdays, “password123”, or common words. |
| Pass‑phrase option | Combine unrelated words and symbols (e.g., Blue$Mountain!2024). |
| Change frequency | Every 60–90 days for critical accounts (email, banking, school portal). |
| Secure storage | Use a password manager; never write passwords on paper that can be seen. |
6. Complementary Security Measures (Syllabus 4.5‑4.7)
- Two‑Factor Authentication (2FA) – Adds “something you have” (code from phone, hardware token) to the password.
- Encryption in transit – Use HTTPS, TLS‑based VPNs, or SSH for remote access.
- Secure Wi‑Fi settings – Deploy WPA3 where possible; change router admin password; disable WPS; hide SSID if appropriate.
- Firewalls – Configure rules to block unnecessary ports; enable intrusion‑prevention features.
- Regular software updates – Apply patches to OS, browsers, plugins, and anti‑spyware definitions.
7. Health & Safety (Syllabus 5)
| Aspect | Best Practice |
|---|---|
| Ergonomics | Adjust chair height, monitor eye level and keyboard angle to avoid RSI. |
| Eye strain | Follow the 20‑20‑20 rule: every 20 min look at something 20 ft away for 20 s. |
| Physical safety | Keep cables tidy, use surge protectors, and ensure workstations are free from trip hazards. |
8. Real‑World Example (Syllabus 6)
Emma accesses the school e‑learning portal from home Wi‑Fi. She:
- Uses WPA3 on her router and changes the default admin password.
- Has a unique, 14‑character password stored in a password manager.
- Enables 2FA via an authenticator app.
- Runs Windows Defender with real‑time protection and weekly full scans.
When a classmate tries to install a keylogger on a public library computer, Emma’s layered defence (no reuse, 2FA, encrypted HTTPS connection) prevents the attacker from gaining access to her grades or personal data.
9. Link to the Systems Life‑Cycle (Syllabus 7)
- Implementation phase – Define password policy, install anti‑spyware, configure firewalls.
- Testing phase – Verify that passwords are stored hashed, that encryption works, and that anti‑spyware detects simulated threats.
- Evaluation phase – Review password change logs, scan reports and incident records; update policies as needed.
10. Legal & Data‑Protection (Syllabus 8)
- UK Data Protection Act 2018 and EU GDPR require organisations to protect personal data with appropriate technical measures (e.g., strong passwords, encryption, regular updates).
- Failure to do so can result in fines up to £17.5 million or 4 % of global turnover, plus reputational damage.
- Schools must have a written password policy and evidence of regular anti‑malware scanning to demonstrate compliance.
11. Secure Email Practices (Syllabus 10)
- Never send passwords via email; use a secure file‑sharing service or encrypted messaging instead.
- Check the sender’s address carefully; look for subtle misspellings that indicate phishing.
- Hover over links to reveal the true URL before clicking.
- Use email encryption (PGP/GPG or S/MIME) for confidential information.
12. Best‑Practice Checklist
| Action | Frequency | Responsible Person |
|---|---|---|
| Update anti‑spyware definitions | Automatic / daily | All users |
| Run full system scan | Weekly | All users |
| Change passwords for critical accounts | Every 60‑90 days | All users |
| Enable two‑factor authentication | Immediately after account creation | All users |
| Review and delete unused accounts | Quarterly | Administrator |
| Educate users about phishing, MITM and safe Wi‑Fi use | Monthly | Teacher / ICT coordinator |
| Check workstation ergonomics and cable safety | Each term | All users |
| Test backup and recovery of encrypted data | Bi‑annually | Administrator |
13. Summary
Keeping anti‑spyware software current, changing passwords regularly, and applying complementary measures such as 2FA, encryption, secure Wi‑Fi settings and firewalls dramatically reduce the risk of password interception. When these practices are embedded in the systems life‑cycle, supported by health‑and‑safety habits and legal compliance, they provide a robust defence against unauthorised access.
14. Practical Activities (Paper 2 & 3)
- Create a password‑protected Word document; use a 14‑character pass‑phrase and record the creation date.
- Design a spreadsheet that logs the last password change date for each school‑related account.
- Prepare a short PowerPoint presentation (5‑7 slides) that explains the checklist in Section 12.
- Write a sample email to a colleague demonstrating secure email etiquette (no passwords, verified links, optional PGP signature).