1.4 – Network security

Question 1

What is one primary reason individuals or businesses might be targeted for a network attack?

Answer 1

One primary reason for a network attack is the heavy reliance of businesses and individuals on network access. If someone aims to damage a business or individual discreetly, bringing down the network is a potential avenue.

Question 2

List some reasons why someone might want to bring down a network.

Answer 2

-To gain a competitive advantage over the business or individual by undermining customer trust.
-To blackmail an individual for financial gain or other similar motives.
-To express opposing political views towards the business or its values.
-To exploit weaknesses in the network security of the targeted business.
Simply out of boredom.

Question 3

How can bringing down a network provide a competitive advantage to an attacker?

Answer 3

Bringing down a network can undermine customer trust in a business, potentially leading customers to seek more secure alternatives among the business’s rivals. This loss of trust may give the attacker a competitive advantage.

Question 4

What is one potential motive for blackmailing an individual through a network attack?

Answer 4

Blackmailing an individual through a network attack may be driven by the desire to gain money or something similar in exchange for not causing harm to the individual or their business.

Question 5

How might an attacker exploit weaknesses in a business’s network security?

Answer 5

Attackers may exploit weaknesses in a business’s network security to gain unauthorized access, extract sensitive information, disrupt operations, or potentially cause financial harm.

Question 6

What is malware, and what is its primary objective?

Answer 6

Malware, also known as bad software, is software designed to damage and corrupt computer systems. Its primary objective is to spread within a system rapidly.

Question 7

How does malware typically enter a computer system?

Answer 7

Malware often enters a computer system when users download something that seems genuine and safe, but the malware is attached to it. This accidental download allows the malware to spread throughout the system.

Question 8

Why might malware go undetected for long periods even with the right protection methods in place?

Answer 8

Malware might go undetected for extended periods when proper protection methods are in place because it can disguise itself or exploit vulnerabilities. Effective protection methods are crucial for identifying and preventing malware.

Question 9

In addition to accidental downloads, how else can malware spread from one device to another?

Answer 9

Malware can spread from one device to another via emails, secondary storage (such as USB drives), and shared files.

Question 10

What are some examples of malware

Answer 10

Examples of malware include viruses, worms, and spyware.

Question 11

is phishing a new thing?

Answer 11

No,they’ve been around for a long time,but as everything is online now,they have evolved and become very effective for hackers

Question 12

What is the primary purpose of a phishing scam

Answer 12

to grab confidential and important information from individuals by pretending to be someone they can trust.

Question 13

Why is the internet mentioned as a platform where phishing scams have become more popular?

Answer 13

The internet is mentioned as a platform where phishing scams have become more popular because people now conduct a wide range of activities online, providing more opportunities for scammers to target individuals.

Question 14

What is the deceptive approach used in phishing scams to trick individuals?

Answer 14

Phishing scams typically involve pretending to be someone the targeted individual can trust, creating a deceptive approach to entice confidential information.

Question 15

What is as one of the biggest threats to a network ironically

Answer 15

The people actually using the network themselves

Question 16

Why might users pose a risk to the network?

Answer 16

Users may pose a risk to the network because they may lack the necessary security knowledge to keep the network safe from threats, thereby putting the network at risk.

Question 17

What are some dangers that weak security practices by users can pose to a network?

Answer 17

-Leaving computers logged on and unattended.
-Writing passwords down on sticky notes and storing them on desks.
-Sharing passwords with colleagues.
-Not ensuring protection software is up to date.
-Opening email attachments without ensuring they are safe first.

Question 18

What defines a Brute Force Attack?

Answer 18

A Brute Force Attack involves an automated program persistently trying to access a network by continuously guessing passwords until it successfully gains entry.

Question 19

How does the automated program in a Brute Force Attack attempt to guess passwords?

Answer 19

The automated program adopts a method of trying various combinations of letters, numbers, and characters, along with testing commonly used passwords like ‘Password’ or the user’s name.

Question 20

What is the primary objective of a Brute Force Attack?

Answer 20

The main goal of a Brute Force Attack is to potentially gain unauthorized access to corporate systems or steal data by successfully guessing passwords through repetitive automated attempts.

Question 21

What elements does the automated program target in a Brute Force Attack?

Answer 21

The automated program in a Brute Force Attack targets passwords by experimenting with different combinations of letters, numbers, and characters, as well as trying commonly used passwords such as ‘Password’ or the user’s name.

Question 22

What is a DDoS Attack?

Answer 22

-distributed denial of service
A DDoS Attack happens when a network’s server is overwhelmed with requests beyond its capacity, leading to a server crash. Consequently, the entire network is brought down.

Question 23

What potential risk is highlighted when a network is down due to a DDoS Attack?

Answer 23

When the network is down due to a DDoS Attack, there is a potential risk of further damage, such as data theft. This is because it’s likely that the security systems for the network will also be compromised during the attack.

Question 24

What is Data Interception and Theft

Answer 24

Data Interception and Theft occur when data is stolen from the network, either directly from the network or during its transmission. This stolen data may include usernames, passwords for network access, or other critical information like customer details.

Question 25

What is SQL (Structured Query Language) and its primary use

Answer 25

SQL (Structured Query Language) is the language utilized for managing and maintaining databases. In businesses, databases store vital and confidential information such as customer details and business accounts.

Question 26

What is SQL Injection, and how does it occur, as described in the passage?

Answer 26

SQL Injection occurs when a user attempts to gain access to the database, leading to the output of database contents. This revelation can expose private and confidential information, and it opens up possibilities for unauthorized alterations (amendment, appending, or removal) of database data. SQL injection is often executed by submitting a form with malicious SQL code, interacting directly with the database.

Question 27

How can SQL Injection impact businesses, particularly in relation to customer details?

Answer 27

Exposure of customer details through SQL Injection can erode customer trust in a business’s ability to keep their information private and secure. This loss of faith may lead customers to leave, resulting in lost revenue for the business.

Question 28

What is Penetration Testing

Answer 28

Penetration Testing is when a legitimate individual or group tries to gain unauthorized access to the network. The purpose is to identify weaknesses in the network, allowing for fixes to prevent real threats. These individuals are often referred to as ‘White Hat Hackers.’

Question 29

Who are ‘White Hat Hackers’ and what is their primary objective during Penetration Testing?

Answer 29

‘White Hat Hackers’ are individuals or groups conducting Penetration Testing. Their primary objective is not to illicitly obtain money or information but to identify vulnerabilities in the network so that they can be fixed, preventing potential threats.

Question 30

How does Penetration Testing contribute to network security

Answer 30

Penetration Testing helps to prevent ‘Black Hat Hackers’ from gaining access to the network and causing damage. By revealing and fixing vulnerabilities, it enhances the overall security of the network.

Question 31

What is commonly known as Anti-Virus Software, and what does it primarily focus on, according to the information?

Answer 31

Commonly known as Anti-Virus Software, Anti-Malware Software focuses on preventing and removing more than just viruses. It is designed to prevent and eliminate various forms of malware, including viruses, spyware, and worms.

Question 32

What is the role of Anti-Malware Software in device security, as described in the passage?

Answer 32

Anti-Malware Software scans devices, identifies potential threats, and alerts users to take action in removing the detected threats. It plays a crucial role in protecting a network from various forms of malware.

Question 33

What types of threats does Malware encompass

Answer 33

Malware includes viruses, spyware, worms, and more. Therefore, having robust Anti-Malware Software is essential for protecting a network from these diverse threats.

Question 34

Is Anti-Malware Software always free, and what factors may influence the choice between free and paid versions?

Answer 34

Anti-Malware Software can be both free and have a cost. The choice between free and paid versions depends on the features one is looking for and the size of the business network.

Question 35

What is the primary function of a firewall

Answer 35

A firewall is used to control both incoming and outgoing network traffic. Its primary function is to prevent unauthorized access by allowing only authorized access to the network.

Question 36

acknowledge potential vulnerabilities even with firewalls in place?

Answer 36

The passage mentions that threats can sometimes bypass firewalls through ‘back doors’ in a server, emphasizing the need to protect these potential entry points as well.

Question 37

What are User Access Levels, and where are they commonly employed

Answer 37

User Access Levels are commonly used in organizations with a network. They offer varying levels of access to the network based on the identity of the user.

Question 38

What is the purpose of a password in accessing a network

Answer 38

A password serves as a means for users to access the network by using a combination of letters, numbers, and characters that only they know. It is utilized alongside a username and should be kept confidential, known only to the individual user.

Question 39

What is encryption, and what does it entail

Answer 39

Encryption involves scrambling data into a secret code before it is transmitted. To decrypt the code and access the original data, a ‘master’ key is required. Only the device sending the data and the device receiving it possess this key.

Question 40

How is the use of a ‘master’ key in encryption

Answer 40

prior to data transmission, a ‘handshake protocol’ ensures that both the sender and receiver use the same correct and valid key for encryption and decryption processes.

Question 41

In addition to digital protection, what does the passage emphasize the need for in securing a network?

Answer 41

In addition to digital protection, the passage emphasizes the need to protect a network physically, preventing unauthorized access or damage to the actual hardware used to operate the network.

Question 42

What are some physical measures suggested for securing a network

Answer 42

-Locking the door to the server room and allowing only approved personnel access.
-Using lockable cases to house servers.
-Monitoring and tracking personnel who enter and leave the server room or access any network hardware using CCTV

Question 43

How can one protect against Malware

Answer 43

Anti-Malware Software, Firewalls, and providing staff training on the risks associated with email attachments.

Question 44

What measures are suggested for protecting against Phishing?

Answer 44

implementing strong network policies and providing staff training on how to identify phishing attempts.

Question 45

How can one protect against Weak People posing a danger to the network

Answer 45

advises training staff on safe network usage and using Network Forensics to identify individuals who may pose a threat.

Question 46

What measures are recommended for protecting against Brute Force Attacks?

Answer 46

ensuring passwords are strong and changed regularly, along with the installation of a Firewall.

Question 47

How can one protect against DDOS Attacks

Answer 47

ensuring the installation of a Firewall.

Question 48

: What measures are suggested for protecting against Data Interception and Theft?

Answer 48

encrypting data sent within and out of the network and ensuring all staff use strong passwords.

Question 49

How can one protect against SQL Injection

Answer 49

implementing Access Levels on databases to allow only authorized individuals and conducting Penetration Testing to identify weaknesses.