1.4 – Network security Flashcards

1
Q

What is one primary reason individuals or businesses might be targeted for a network attack?

A

One primary reason for a network attack is the heavy reliance of businesses and individuals on network access. If someone aims to damage a business or individual discreetly, bringing down the network is a potential avenue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List some reasons why someone might want to bring down a network.

A

-To gain a competitive advantage over the business or individual by undermining customer trust.
-To blackmail an individual for financial gain or other similar motives.
-To express opposing political views towards the business or its values.
-To exploit weaknesses in the network security of the targeted business.
Simply out of boredom.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can bringing down a network provide a competitive advantage to an attacker?

A

Bringing down a network can undermine customer trust in a business, potentially leading customers to seek more secure alternatives among the business’s rivals. This loss of trust may give the attacker a competitive advantage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is one potential motive for blackmailing an individual through a network attack?

A

Blackmailing an individual through a network attack may be driven by the desire to gain money or something similar in exchange for not causing harm to the individual or their business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How might an attacker exploit weaknesses in a business’s network security?

A

Attackers may exploit weaknesses in a business’s network security to gain unauthorized access, extract sensitive information, disrupt operations, or potentially cause financial harm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is malware, and what is its primary objective?

A

Malware, also known as bad software, is software designed to damage and corrupt computer systems. Its primary objective is to spread within a system rapidly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does malware typically enter a computer system?

A

Malware often enters a computer system when users download something that seems genuine and safe, but the malware is attached to it. This accidental download allows the malware to spread throughout the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why might malware go undetected for long periods even with the right protection methods in place?

A

Malware might go undetected for extended periods when proper protection methods are in place because it can disguise itself or exploit vulnerabilities. Effective protection methods are crucial for identifying and preventing malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In addition to accidental downloads, how else can malware spread from one device to another?

A

Malware can spread from one device to another via emails, secondary storage (such as USB drives), and shared files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some examples of malware

A

Examples of malware include viruses, worms, and spyware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

is phishing a new thing?

A

No,they’ve been around for a long time,but as everything is online now,they have evolved and become very effective for hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the primary purpose of a phishing scam

A

to grab confidential and important information from individuals by pretending to be someone they can trust.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why is the internet mentioned as a platform where phishing scams have become more popular?

A

The internet is mentioned as a platform where phishing scams have become more popular because people now conduct a wide range of activities online, providing more opportunities for scammers to target individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the deceptive approach used in phishing scams to trick individuals?

A

Phishing scams typically involve pretending to be someone the targeted individual can trust, creating a deceptive approach to entice confidential information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is as one of the biggest threats to a network ironically

A

The people actually using the network themselves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why might users pose a risk to the network?

A

Users may pose a risk to the network because they may lack the necessary security knowledge to keep the network safe from threats, thereby putting the network at risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are some dangers that weak security practices by users can pose to a network?

A

-Leaving computers logged on and unattended.
-Writing passwords down on sticky notes and storing them on desks.
-Sharing passwords with colleagues.
-Not ensuring protection software is up to date.
-Opening email attachments without ensuring they are safe first.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What defines a Brute Force Attack?

A

A Brute Force Attack involves an automated program persistently trying to access a network by continuously guessing passwords until it successfully gains entry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How does the automated program in a Brute Force Attack attempt to guess passwords?

A

The automated program adopts a method of trying various combinations of letters, numbers, and characters, along with testing commonly used passwords like ‘Password’ or the user’s name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the primary objective of a Brute Force Attack?

A

The main goal of a Brute Force Attack is to potentially gain unauthorized access to corporate systems or steal data by successfully guessing passwords through repetitive automated attempts.

21
Q

What elements does the automated program target in a Brute Force Attack?

A

The automated program in a Brute Force Attack targets passwords by experimenting with different combinations of letters, numbers, and characters, as well as trying commonly used passwords such as ‘Password’ or the user’s name.

22
Q

What is a DDoS Attack?

A

-distributed denial of service
A DDoS Attack happens when a network’s server is overwhelmed with requests beyond its capacity, leading to a server crash. Consequently, the entire network is brought down.

23
Q

What potential risk is highlighted when a network is down due to a DDoS Attack?

A

When the network is down due to a DDoS Attack, there is a potential risk of further damage, such as data theft. This is because it’s likely that the security systems for the network will also be compromised during the attack.

24
Q

What is Data Interception and Theft

A

Data Interception and Theft occur when data is stolen from the network, either directly from the network or during its transmission. This stolen data may include usernames, passwords for network access, or other critical information like customer details.

25
Q

What is SQL (Structured Query Language) and its primary use

A

SQL (Structured Query Language) is the language utilized for managing and maintaining databases. In businesses, databases store vital and confidential information such as customer details and business accounts.

26
Q

What is SQL Injection, and how does it occur, as described in the passage?

A

SQL Injection occurs when a user attempts to gain access to the database, leading to the output of database contents. This revelation can expose private and confidential information, and it opens up possibilities for unauthorized alterations (amendment, appending, or removal) of database data. SQL injection is often executed by submitting a form with malicious SQL code, interacting directly with the database.

27
Q

How can SQL Injection impact businesses, particularly in relation to customer details?

A

Exposure of customer details through SQL Injection can erode customer trust in a business’s ability to keep their information private and secure. This loss of faith may lead customers to leave, resulting in lost revenue for the business.

28
Q

What is Penetration Testing

A

Penetration Testing is when a legitimate individual or group tries to gain unauthorized access to the network. The purpose is to identify weaknesses in the network, allowing for fixes to prevent real threats. These individuals are often referred to as ‘White Hat Hackers.’

29
Q

Who are ‘White Hat Hackers’ and what is their primary objective during Penetration Testing?

A

‘White Hat Hackers’ are individuals or groups conducting Penetration Testing. Their primary objective is not to illicitly obtain money or information but to identify vulnerabilities in the network so that they can be fixed, preventing potential threats.

30
Q

How does Penetration Testing contribute to network security

A

Penetration Testing helps to prevent ‘Black Hat Hackers’ from gaining access to the network and causing damage. By revealing and fixing vulnerabilities, it enhances the overall security of the network.

31
Q

What is commonly known as Anti-Virus Software, and what does it primarily focus on, according to the information?

A

Commonly known as Anti-Virus Software, Anti-Malware Software focuses on preventing and removing more than just viruses. It is designed to prevent and eliminate various forms of malware, including viruses, spyware, and worms.

32
Q

What is the role of Anti-Malware Software in device security, as described in the passage?

A

Anti-Malware Software scans devices, identifies potential threats, and alerts users to take action in removing the detected threats. It plays a crucial role in protecting a network from various forms of malware.

33
Q

What types of threats does Malware encompass

A

Malware includes viruses, spyware, worms, and more. Therefore, having robust Anti-Malware Software is essential for protecting a network from these diverse threats.

34
Q

Is Anti-Malware Software always free, and what factors may influence the choice between free and paid versions?

A

Anti-Malware Software can be both free and have a cost. The choice between free and paid versions depends on the features one is looking for and the size of the business network.

35
Q

What is the primary function of a firewall

A

A firewall is used to control both incoming and outgoing network traffic. Its primary function is to prevent unauthorized access by allowing only authorized access to the network.

36
Q

acknowledge potential vulnerabilities even with firewalls in place?

A

The passage mentions that threats can sometimes bypass firewalls through ‘back doors’ in a server, emphasizing the need to protect these potential entry points as well.

37
Q

What are User Access Levels, and where are they commonly employed

A

User Access Levels are commonly used in organizations with a network. They offer varying levels of access to the network based on the identity of the user.

38
Q

What is the purpose of a password in accessing a network

A

A password serves as a means for users to access the network by using a combination of letters, numbers, and characters that only they know. It is utilized alongside a username and should be kept confidential, known only to the individual user.

39
Q

What is encryption, and what does it entail

A

Encryption involves scrambling data into a secret code before it is transmitted. To decrypt the code and access the original data, a ‘master’ key is required. Only the device sending the data and the device receiving it possess this key.

40
Q

How is the use of a ‘master’ key in encryption

A

prior to data transmission, a ‘handshake protocol’ ensures that both the sender and receiver use the same correct and valid key for encryption and decryption processes.

41
Q

In addition to digital protection, what does the passage emphasize the need for in securing a network?

A

In addition to digital protection, the passage emphasizes the need to protect a network physically, preventing unauthorized access or damage to the actual hardware used to operate the network.

42
Q

What are some physical measures suggested for securing a network

A

-Locking the door to the server room and allowing only approved personnel access.
-Using lockable cases to house servers.
-Monitoring and tracking personnel who enter and leave the server room or access any network hardware using CCTV

43
Q

How can one protect against Malware

A

Anti-Malware Software, Firewalls, and providing staff training on the risks associated with email attachments.

44
Q

What measures are suggested for protecting against Phishing?

A

implementing strong network policies and providing staff training on how to identify phishing attempts.

45
Q

How can one protect against Weak People posing a danger to the network

A

advises training staff on safe network usage and using Network Forensics to identify individuals who may pose a threat.

46
Q

What measures are recommended for protecting against Brute Force Attacks?

A

ensuring passwords are strong and changed regularly, along with the installation of a Firewall.

47
Q

How can one protect against DDOS Attacks

A

ensuring the installation of a Firewall.

48
Q

: What measures are suggested for protecting against Data Interception and Theft?

A

encrypting data sent within and out of the network and ensuring all staff use strong passwords.

49
Q

How can one protect against SQL Injection

A

implementing Access Levels on databases to allow only authorized individuals and conducting Penetration Testing to identify weaknesses.