1.4 Network Security

Question 1

Different forms of network attack

Answer 1

Passive attack
Active attack
Insider attack
Brute force attack
Denial of Service attack (DoS)

Question 2

Malware full form

Answer 2

Malicious Software

Question 3

Malware

Answer 3

installed on a person’s device without their consent

Question 4

Ways in which malware can access your computer

Answer 4

Viruses
Worms
Trojans

Question 5

How viruses enter the computer

Answer 5

Attach to files. Activated when the user opens the file

Question 6

What do viruses do?

Answer 6

Deletes/corrupts data

Question 7

How Worms enter the computer

Answer 7

Like viruses, but self – replicate (without users interaction)

Question 8

What do worms do?

Answer 8

Slows down the computer/creates backdoors

Question 9

How trojans enter the computer

Answer 9

Looks like legitimate software. Users install them thinking that they are legitimate software

Question 10

What do trojans do?

Answer 10

Slows down the computer/creates backdoors

Question 11

Typical Actions of Malware

Answer 11

Ransomware
Scareware
Spyware

Question 12

Ransomware

Answer 12

Encrypts users files and asks for money in exchange for the decryption key

Question 13

Scareware

Answer 13

Tells the user that their computer is infected with viruses and provides malicious links to ‘solve’ them

Question 14

Spyware

Answer 14

Secretly monitors user actions

Question 15

Social Engineering

Answer 15

influencing/manipulating people to give sensitive information

Question 16

Phishing

Answer 16

when criminals send emails/texts to people claiming to be from a well – known company, and asks the user to update their personal details -> these are sent to criminal
Normally have poor grammar.

Question 17

Defense against Phishing

Answer 17

firewall – reduces no. of phishing emails recieved

Question 18

SQL injection

Answer 18

SQL commands entered into website’s input box to gain access to database -> sensitive information

Question 19

When will SQL injection work?

Answer 19

Will work if a website does not have strong input validation

Question 20

What organisations can do to prevent network attacks

Answer 20

Penetration Testing
Physical Security
Passwords
User Access Levels
Anti - Malware Software
Encryption

Question 21

Penetration Testing

Answer 21

Company employs specialists to simulate a potential attack on the network -> to find weaknesses that can be fixed

Question 22

Physical Security

Answer 22

Protects the physical arts of a network
e.g. locks/passwords to restrict access to server room, surveillance cameras, motion sensors

Question 23

Passwords

Answer 23

Help prevent unauthorised access to the network
Should be strong-> combination of letters, symbols, numbers

Question 24

User Access Levels

Answer 24

Control which parts of the networks certain people can access
Help to limit number of people with access to sensitive information

Question 25

Anti-Malware Software

Answer 25

To find + stop malware from damaging the network
e.g. Anti – Virus, Firewalls

Question 26

Encryption

Answer 26

Data (plain text) is translated into a code (cipher text) which can only be read if a person has a decryption

Question 27

Passive Attack

Answer 27

• Someone monitors data travelling on a network to intercept sensitive information ->; done by packet sniffers
• Hard to detect

Question 28

Active Attack

Answer 28

• Someone attacks a network using malware
• Easily detected

Question 29

Insider Attack

Answer 29

• Someone within an organisation uses their network access to steal information

Question 30

Brute Force Attack

Answer 30

• Type of Active Attack -> uses trial and error to crack passwords + gain information

Question 31

Denial of Service Attack (DoS)

Answer 31

• When a hacker tries to stop users accessing a website by flooding the network with useless traffic

Question 32

Defense of Passive Attack

Answer 32

data encryption

Question 33

Defense of Active Attack

Answer 33

Firewall