1.4 – Network security

Question 1

What’re the different threats posed for networks?

Answer 1

• Malware
• Phishing
• Brute Force
• Denial of Service
• Data interception & theft
• SQL Injection
• People/Social Engineering

Question 2

What is Malware?

Answer 2

Software written to cause loss of data, encryption of data, fraud and identity theft , eg viruses, spyware

Question 3

What happens during a Malware attack?

Answer 3

• Files are deleted, corrupted or encrypted
• Computers crash, reboot randomly and slow down
• Internet slows down
• Keyboard inputs sent to hackers

Question 4

What is a Phishing attack?

Answer 4

Sending fraud emails (pretending to be companies/people) to get personal information

Question 5

What happens during a Phishing attack?

Answer 5

• Accessing accounts to get money
• Open bank accounts, credit cards & cash false cheques
• Access high value corporate data
• Cause companies to be blacklisted

Question 6

What is a Brute Force attack?

Answer 6

A trial and error method of getting passwords/pin numbers

Question 7

What happens during a Brute Force attack?

Answer 7

• Hackers steal data
• Gains access to corporate systems

Question 8

What is a Denial of Service attack?

Answer 8

Flooding a server with useless traffic, overloading it

Question 9

What happens during a DOS attack?

Answer 9

• Block customers accessing services
• Loose revenue
• Decrease productivity
• Damage reputation

Question 10

What is a Data Interception & Theft attack?

Answer 10

Stealing computer-based info from someone, compromising privacy/getting personal info

Question 11

What happens during a Data Interception & Theft attack?

Answer 11

• Usernames & passwords compromised
• Leaking & stealing data

Question 12

What is an SQL Injection?

Answer 12

A technique to view/change data by adding extra code into an input box

Question 13

What happens during an SQL Injection?

Answer 13

• Contents of databases leaked
• Data in databases amended/deleted
• New fake records added to databases

Question 14

What is Social Engineering?

Answer 14

The use of deception to manipulate individuals into divulging confidential or personal information

Question 15

How can people pose a threat to networks?

Answer 15

by NOT doing the following:
- Installing updates
- Locking doors to computer rooms
- Keeping anti-malware updated
//
- Writing passwords on sticky notes, weak passwords
- Not encrypting data

Question 16

What are the common methods of preventing attacks?

Answer 16

• Penetration testing
• Anti-Malware software
• Firewalls
• User Access Levels
• Passwords
• Encryption
• Physical Security

Question 17

What can prevent Malware attacks?

Answer 17

• Enabling OS & security software updates
• Staff training
• Backup files regularly
  & Softwares such as:
• Firewall , Spam Filters , Anti-Virus/Spyware/Spam

Question 18

What is anti-malware software?

Answer 18

Software that protects computing devices against malicious code

Question 19

What is a Firewall?

Answer 19

Used in a network to prevent external users gaining unauthorised access to a computer system / network

Question 20

What can prevent Phishing attacks?

Answer 20

• Strong security software
• Staff training : Awareness of fake emails, pop-ups & not leaking personal/corporate info

Question 21

What can prevent Brute Force attacks?

Answer 21

• Network lockout policy: locking after 3 password attempts
• Progressive delays
• Staff training: Strong passwords
• Challenge responses , recaptcha (bot response)

Question 22

What can prevent Denial of Service attacks?

Answer 22

• Strong firewall
• Packet filters on routers
• Configuring web servers
• Auditing, logging & monitoring systems

Question 23

What can prevent Data Interception & Theft?

Answer 23

• Encryption
• Use of virtual networks
• Staff training: Passwords, locking computers, use of portable media
• Investigating own network vulnerability

Question 24

What can prevent an SQL Injection?

Answer 24

• Validation on input boxes
• Using parameter queries
• Setting database permissions
• Penetration testing

Question 25

What is Penetration testing?

Answer 25

Testing designed to check the security and vulnerabilities of a system

Question 26

What is Physical Security?

Answer 26

Any form of real world physical security to help protect data and systems

Question 27

What are User Access Levels?

Answer 27

The amount of access a user is allowed to a computer system