01 Section 2 - Network Security Threats

Question 1

What are the different forms which network attacks come in?

Answer 1

passive attack
active attack
insider attack
brute force attack
denial-of-service attack

Question 2

What is a passive attack?

Answer 2

When someone monitors data travelling on a network and intercepts any sensitive data they find

• use network-monitoring hardware and packet sniffer software
• they are hard to detect if the hacker is quietly listening

Question 3

How can you protect against a passive attack?

Answer 3

using data encryption for send messages

Question 4

What is an active attack?

Answer 4

When someone attacks a network with malware or other planned attacks
-they are more easily detected

Question 5

How can you protect against an active attack?

Answer 5

having firewalls

Question 6

What is an insider attack?

Answer 6

Someone within an organisation exploits their network access to steal information

Question 7

What is a brute force attack a type of, and what is it used to gain?

Answer 7

active attack

-used to gain information by cracking passwords through trial and error

Question 8

What is a brute force attack?

Answer 8

When passwords are cracked through trial and error using automated software to produce hundreds of likely password combinations
-hackers may try lots of passwords against one username or vice versa

Question 9

What are likely password combinations?

Answer 9

Real words with predictable number sequences

Question 10

How can you protect against a brute force attack?

Answer 10

• locking accounts after a certain number of attempts

- using strong passwords will reduce the risk

Question 11

What is denial-of-service attack?

Answer 11

DoS is where a hacker tries to stop users from accessing a part of a network or website
-involve flooding the network with useless traffic, making the network extremely slow or completely inaccessible

Question 12

What is malware?

Answer 12

Malicious software

• software that can harm devices
• it’s installed on someone’s device without their knowledge or consent

Question 13

What are the typical action of malware?

Answer 13

• deleting or modifying files
• scareware
• locking files
• spyware
• rootkits
• opening backdoors

Question 14

What ways can malware access a device?

Answer 14

• viruses
• worms
• trojans

Question 15

What is scareware?

Answer 15

e.g. tells the user their computer is infected with loads of viruses to scare them into following malicious links or paying for problems to be fixed

Question 16

What is malware in the terms of locking files?

Answer 16

Ransomware encrypts all the files on a computer. The user receives a message demanding a large sum of money to be paid in exchange for a decryption key

Question 17

What is spyware?

Answer 17

Secretly monitors users actions (e.g. key presses and sends this information to the hacker)

Question 18

What are rootkits?

Answer 18

They alter permissions, giving malware and hackers administrator-level access to devices

Question 19

What is opening backdoors in the terms of malware?

Answer 19

Holes in someone’s security which can be used for future attacks

Question 20

What is a virus in terms of accessing a device?

Answer 20

Viruses attach (by copying themselves) to certain files (e.g. .exe files and autorun scripts)
users spread them by copying infected files and activate them by opening infected files

Question 21

What is a worm in terms of accessing a device?

Answer 21

Worms are like viruses but they self-replicate without any user help, meaning they can spread quick
-they exploit weaknesses in network security

Question 22

What is a trojan in terms of accessing a device?

Answer 22

They are malware disguised as legitimate software

• they don’t replicate themselves
• users just install them not realising they have a hidden purpose

Question 23

What is social engineering?

Answer 23

Social engineering is a way of gaining sensitive information or illegal access to networks by influencing people

Question 24

What are the different types of social engineering?

Answer 24

• over the telephone, someone ringing and pretending to be someone else and asking for information
• phishing - phishing emails

Question 25

What is social engineering over the phone?

Answer 25

Someone rings up an employee of a company and pretends to be a network admin or somebody within the organisation
-the social engineer gains the employee’s trust and gets them to disclose confidential information

Question 26

What is phishing?

Answer 26

Where criminals send emails or texts to people claiming to be from a well-known business

• the emails are sent to thousands of people and often contain spoof versions of the companies website
• claim that a user should update their personal information, so criminal can steal their information

Question 27

What are the defences against social engineering?

Answer 27

• email programs, browsers and firewalls have anti-phishing features
• often giveaways such as poor grammar on the emails
• treating emails with links with caution, especially if they ask you to fill in information

Question 28

What networks are vulnerable to SQL injection attacks?

Answer 28

Networks which make use of databases are vulnerable to SQL injection attacks

Question 29

What does SQL stand for?

Answer 29

Structured Query Language

Question 30

What is SQL?

Answer 30

It is one of the main coding languages used to gain information in databases

Question 31

What do SQL injection attacks involve?

Answer 31

Pieces of SQL typed into a website’s input box which then reveals sensitive information

• if a website’s SQL code doesn’t have strong enough input validation then someone could enter a piece of SQL code which allows them to access people’s account information
• if a website’s SQL code is insecure, SQL injection can be an easy way for hacker to get past a firewall

Question 32

What does a good network policy involve?

Answer 32

• regularly testing and network forensics
• passwords
• enforcing user access levels
• installing anti-malware software and firewall software
• encrypting sensitive data

Question 33

What does penetration testing involve?

Answer 33

when organisations employ specialists to stimulate potential attacks on their network
-used to identify possible weaknesses in a network’s security and trying to exploit them, the results of the pentests are then reported back

Question 34

What does network forensics involve?

Answer 34

investigations undertaken to find the cause of attacks on a network, to conduct this an organisation needs to capture packets as they enter the network
-after the network is attacked, the packets can be analysed to prevent future attacks

Question 35

What does passwords in a network policy involve?

Answer 35

to help prevent unauthorised users accessing the network

-they should be strong, many character long, combination of letters, numbers and symbols and should be changed regularly

Question 36

What does user access level involve?

Answer 36

Controlling which part of a network different groups of users can access
-helps to limit the number of people with access to important data, to prevent an insider attack

Question 37

What does anti-malware software involve?

Answer 37

software designed to fins and stop malware from damaging a network

• antivirus - program which isolates and destroys computer viruses
• firewalls - to block unauthorised data and examine all data entering and leaving a network

Question 38

What does encryption in a network policy involve?

Answer 38

When data is translated into code which only someone with the correct key can access
-it is essential for sending data over a network securly

Question 39

What is encrypted text called?

Answer 39

cipher text

Question 40

What is text which hasn’t been encrypted called?

Answer 40

plain text

Question 41

What are types of malware?

Answer 41

• scareware
• spyware
• rootkits
• viruses
• worms
• trojans