Open University logo   


Introduction to Cyber Security | Jez Phipps

The Introduction to Cyber Security course is a free MOOC (Massive Open Online Course) created by the Open University and hosted by FutureLearn, a UK-based social learning platform.

Although the course assumes no prior knowledge of computer security, it is a UK Government-backed MOOC intended 'to inspire and educate the next generation of cyber security professionals in the UK'. The course supports the UK Government’s aim to 'improve cyber security skills at all levels and ensure the UK has the knowledge and capability to meet current and future challenges'. The course has been funded through the UK Government’s 2011 National Cyber Security Programme, which included a 5-year £860 million investment plan to protect and promote the UK in cyber space. Further investments continue to be made by the UK Government as part of its National Cyber Security Strategy and also its Cyber Vulnerability Investigations programme, which aims to help the UK MOD better understand and build defences against cyber risks and threats.

This course is double accredited; as well as being a GCHQ Certified Training course, it is also accredited by the Institute of Information Security Professionals (IISP).

The course consists of 8 modules delivered over 8 weeks, covering the following aspects of cyber security:

  1. The current security threat landscape
  2. The importance of authentication to cyber security
  3. The different types of malware, their characteristics, and ways to prevent infection
  4. The technologies that underpin network communications
  5. How cryptography is used for securing information
  6. Securing communication networks from attack
  7. Steps the victim of an attack can take
  8. Assessing and mitigating cyber security risks

To test learning and knowledge gained, learners are required to complete end-of-week tests and, finally, an end-of-course assessment.

Having successfully completed the course, I subsequently decided to create this online record of my learning.

My FutureLearn profile can be found here: Jez Phipps

Week 1: Threat landscape

Increasingly, the systems that underpin our daily lives are connected to the internet. To ensure users adequately protect themselves from the security risks associated with their online activities, it is imperative that they gain a good understanding of the threats that exist.

With this in mind, in the first week, we:

  • began exploring the security threats that could affect our digital information and use of online services including online banking and shopping and use of social media
  • were introduced to some of the basic terms used in the cyber domain, including malware, ransomware, spyware, botnets and phishing
  • learned how to keep our knowledge of these threats up to date
  • started looking at how the threats relate to our own information assets and online activities
  • discovered the main countermeasures that can be put in place to guard against the threats that exist
  • learned about the wider world of cyber security and how attacks can affect a variety of systems
  • found out about the importance of 'CIA' (confidentiality, integrity and availability) within the context of information security
  • looked at some cyber security breach case studies including the 2010 'Stuxnet' attack in Iran and the 2013 spearphishing attack on Target in the US
  • considered the various motivations for each type of attacker (e.g. financial, political, commercial, revenge, protest etc.)
  • learned how to extract key information from security notices published by the likes of Microsoft and Apple

Week 2: Authentication

Many security threats depend on the attackers being able to impersonate us online. The most common method of authentication for users online is the password (i.e. something only you know)

In the second week, we covered:

  • the purpose of passwords and the different situations in which they are used
  • how password transmission security is provided by encryption such as SSL (Secure Socket Layer) used in ‘https’
  • how passwords can be stored more securely using 'hashing' and 'salting'
  • the ways in which attackers try to learn your password including using 'brute force' and 'dictionary' attacks
  • how authentication works and the role of passwords in the operation of authentication mechanisms
  • the techniques for creating strong passwords
  • the OAuth (Open Authentication) authentication mechanism and how it can simplify password management
  • the advantages and disadvantages of using of password managers and the options available
  • the benefits of using of two-factor authentication (2FA)

In addition, to extend my learning, I also:

  • created a Python 3 Trinket to demonstrate password salting and hashing
  • researched the importance of password entropy and how password strength meters can be misleading
  • clarified the key differences between 2FA and two-step verification (2SV)
  • explores the mechanics of some real world attacks in 'Play by Play: Ethical Hacking - Deconstructing the Hack' on Pluralsight

Week 3: Malware

In the third week, we:

  • learned the characteristics of the 3 main malware types: viruses, worms and Trojans
  • discussed the methods used by attackers to get malware on your device
  • looked into how phishing attacks operate and exploit the weaknesses of SMTP
  • found out how spammers use 'spoofing' to disguise their real email addresses
  • learned ways to spot phishing emails
  • discovered how malware can be used to facilitate click fraud
  • found out how botnets spread using malware
  • looked at some malware case studies including the 2008 'Conficker' worm
  • learned how 'sandboxing' and 'code signing' can help mitigate malware threats
  • covered the main ways users can keep their devices protected, including:
    • using reputable antivirus software
    • keeping software up to date
    • not clicking on links you are unsure of
    • implementing new security developments

In addition, I also:

  • looked into how the SMTP envelope data in email headers can be used to detect spoofing
  • created this pen to demonstrate how web link hovers can be disguised
  • researched whether antivirus is still regarded as essential and effective, given the advances in smart malware

Week 4: Networking and communications

In the fourth week, we covered:

  • how the TCP/IP protocol suite governs the transmission and reception of data
  • the use of traceroute tools for tracing packets from source to destination
  • the vulnerabilities of using public Wi-Fi
  • the use of encryption for wireless network security
  • the need for internet standards to ensure interoperability
  • the use of IP addresses and DNS for identifying network resources

In addition, to extend my learning a little further, I also:

  • investigated the usefulness of common network utilities such as tracert, nslookup, and ipconfig
  • reflected on the cyber security implications for the adoption of Wireless Body Area Networks (WBAN)
  • saw how vulnerable Wi-Fi can be to session hijacking in 'Play by Play: Ethical Hacking with Troy Hunt' on Pluralsight

Week 5: Cryptography

In Week 5, we covered:

  • how cryptography can be used to provide data confidentiality and integrity
  • why short encryption keys are vulnerable to brute force attacks
  • the features and pros and cons of symmetric and asymmetric encryption
  • where cryptography is used to secure our online activities
  • how email can be encrypted using OpenPGP-based utilities
  • some of the notable cryptography schemes in use today
  • how cryptographic hashing can be used to create digital signatures for authenticating data
  • the information a website digital certificate contains
  • the role of Certificate Authorities (CA) in public key ownership validation
  • how TLS/SSL provides secure browser-based communications over a computer network

In addition, to extend my learning, I also:

  • learned how to use the Security Panel in Chrome DevTools to obtain website security information
  • created a Python 3 Trinket to experiment with message hashing algorithms
  • researched how Android Pay relies on cryptography (i.e. the Elliptic Curve Integrated Encryption Scheme) to ensure secure transactions

Week 6: Network security

In Week 6, we covered:

  • the role of firewalls in protecting networks
  • how to configure a personal firewall
  • how networks can be automatically monitored and protected using IDS/IPS
  • how VPNs use an encrypted IP tunneling approach to provide user confidentiality

In addition, I also:

  • carried out checks on my personal firewall using ShieldsUp
  • researched which ports should be blocked and why
  • looked into Security Information and Event Management (SIEM) systems

Week 7: When your defences fail

In this penultimate week, the course covered:

  • how to recognise the signs of a security breach
  • the UK laws which protect users against cyber security threats
  • what you can do to recover from a security breach
  • how you can minimise the risk of a breach in your security
  • how to make your information less vulnerable to attack
  • the importance of remote data backups for large organisations
  • the pros and cons of backing up to the Cloud

Week 8: Managing security risks

In the final week, we:

  • learned how to identify and analyse the risks to our own information assets
  • carried out an audit on our own information security practices
  • discovered the countermeasures that can be employed as part of a risk management strategy
  • reflected on what we had learned about cyber security over the eight weeks of the course

Course result

My overall (averaged) assessment score was 97% - Eligibility for a Certificate of Achievement confirmed.

Note: This record does not imply the conferment of a University qualification; nor does it verify the identity of the learner. For more information about the effort required to become eligible, visit FutureLearn's Certificates and Statements FAQ.


©  Phipps E&OE