1.4 Network security

Question 1

What are examples of malware?

Answer 1

-Scareware
-Ransomware
-Spyware
-Rootkits
-Opening backdoors
-Viruses
-Worms
-Trojans

Question 2

What is malware?


Answer 2

Malicious software that is installed without the person knowing and can harm devices.

Question 3

What is scareware?


Answer 3

Tells the user their computer is infected with loads of viruses to scare them into following malicious links / paying for problems to be fixed.

Question 4

What is ransomware?

Answer 4

Encrypts all the files on a computer and the user recieves a message demanding a large sum of money in exchange for a decryption key.

Question 5

What is spyware?

Answer 5

Secretly monitors user actions like key presses and sends information to hacker.

Question 6

What are rootkits?

Answer 6

They alter permissions to give malware and hackers administrator-level access to devices.

Question 7

What are opening backdoors?

Answer 7

Holes in someone’s security which can be used for future attacks.

Question 8

What are viruses?

Answer 8

They attach to certain files by copying themselves and are spread by users by copying infected files and activating them by opening infected files.

Question 9

What are worms?

Answer 9

Similar to viruses but self-replicate without any user help therefore they spread very quickly and exploit weaknesses in network security.

Question 10

What are trojans?

Answer 10

Malware disguised as legitimate software and users install them not realising they have a hidden purpose. Doesn’t replicate like worms / viruses.

Question 11

What is a social engineering?

Answer 11

A way of gaining sensitive information / illegal access to networks by influencing people.

Question 12

What is an example of social engineering?

Answer 12

1. Someone rings up an employee of a company.
2. They pretend to be a network administrator / somebody within same organisation.
3. They gain the employee’s trust.
4. They persuade them to disclose confidential information like personal log in details or sensitive company data.

Question 13

What is phishing?

Answer 13

1. Criminals send emails / texts to people claiming to be from a well-known business.
2. The emails / texts contain links to spoof versions of the company’s website and then they request the user to update their personal information.
3. When the user inputs this data into the website, they hand it all to criminals who can access the user’s genuine account.

Question 14

Why are phishing emails sent to 1000s of people?


Answer 14

In the hope that someone will read the email and believe its content is legitimate.

Question 15

What is a brute force attack?


Answer 15

-A type of active attack used to gain information by cracking passwords through trial and error.
-Use automated software to produce hundreds of likely password combinations.

Question 16

What is an insider attack?

Answer 16

Someone within an organisation exploits their network to steal information.

Question 17

How can you reduce risk of brute force attack?

Answer 17

-Lock accounts after a certain number of failed password attempts.
-Use strong passwords.

Question 18

What is a denial of service (DOS) attack?

Answer 18

Hacker tries to stop users from accessing a part of a network or website by flooding the network with useless traffic so the network is extremely slow or completely inaccessible.

Question 19

What is an active attack?

Answer 19

Someone attacks a network with malware or other planned attacks.

Question 20

How to prevent an active attack?

Answer 20

Firewall

Question 21

What is a passive attack?

Answer 21

Someone monitors data travelling on a network and intercepts any sensitive information they find by using network-monitoring hardware and software.

Question 22

Why are passive attacks hard to detect?

Answer 22

The hacker is quietly listening.

Question 23

How do you prevent a passive attack?

Answer 23

Data encryption.

Question 24

What is data interception and theft?

Answer 24

-Example of passive attack where data is intercepted during transmission.
-This is done using software called a packet sniffer, which examines data packets as they are sent around a network, or across the internet.
-The gathered information is then sent back to the hacker.

Question 25

How does an SQL (Structured Query Language) injection work?

Answer 25

SQL code is entered as a data input into databases which use SQL code to interrogate the data and maintain the structure. The inputted code can cause errors or unintended operations.

Question 26

What is a poor network policy?

Answer 26

Where a network does not have security rules in place for users to follow.

Question 27

What is anti-malware software?

Answer 27

Loads of types and designed to find and stop malware from damaging a network and the devices on it.

Question 28

What are user access levels?

Answer 28

Control which parts of the network that different groups of users can access to help limit the number of people with access to important data and prevent insider attacks on the network.

Question 29

What is a firewall?

Answer 29

A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules to prevent unauthorised access to or from a private network.

Question 30

How to reduce risk of phishing?

Answer 30

Look for giveaways like incorrect spelling / grammar and ensure you treat your personal details with caution.

Question 31

Which networks are vulnerable to SQL injections?

Answer 31

Networks which use databases.

Question 32

What is an SQL (Structured Query Language) injection?


Answer 32

Give criminals easy access to insecure data if a website’s SQL code is insecure as the hackers are able to get past the website’s firewall.

Question 33

What is the importance of using strong passwords?

Answer 33

Weak passwords can easily be guessed / cracked which leaves your accounts vulnerable to unauthorised access.

Question 34

Strong passwords consist of:

Answer 34

-Minimum of 8 characters
-Mix of uppercase and lowercase
-Numbers
-Special symbols

Question 35

What is penetration testing?

Answer 35

Organisations employ specialists to simulate potential attacks on their network to identify possible weaknesses in their network security by trying to exploit them and these results are then reported back.

Question 36

How to prevent an SQL injection?

Answer 36

-Can detect them through penetration testing before putting a system live.
-Ensure database access permissions are appropriate.
-Check appropriate validation is being done on any data entered.

Question 37

What are examples of two-factor authentication?

Answer 37

-Something the user knows like a password.
-Something the user has like a smartphone.

Question 38

What are passwords?

Answer 38

Help prevent unauthorised users from accessing the network.

Question 39

What is cypher text?

Answer 39

Encrypted text / data.

Question 40

What is encryption?

Answer 40

Data is translated into a code which only someone with the correct key can access meaning unauthorised users cannot read it and is essential for securely sending data over a network.

Question 41

What is plain text?

Answer 41

Non-encrypted text / data.

Question 42

Why is it important to keep software up to date?


Answer 42

Updates often include security patches that address known vulnerabilities and so failure to update software can leave your system vulnerable to attacks which exploit these vulnerabilities.

Question 43

What should organisations do to ensure network security?

Answer 43

-Regularly test network to find and fix security weaknesses.
-Strong passwords.
-Enforce user access levels.
-Anti-malware software.
-Encrypt sensitive data.

Question 44

What are examples of physical security?

Answer 44

-Locks and passwords to restrict access to certain areas.
-Surveillance equipment like cameras / motion sensors to detect intruders.

Question 45

What is physical security?

Answer 45

Protects the physical parts of a network from either intentional / unintentional damage (fire or flooding etc).

Question 46

What is biometric testing?

Answer 46

Uses unique physical characteristics and features to identify people when they are using a computer system

Question 47

What are examples of biometric testing?

Answer 47

-Facial recognition.
-Fingerprint scan.