1.4 Network Security

Question 1

What are the types of network attacks?

Answer 1

• Data interception and theft
• Brute-force
• Denial of Service (DoS)
• SQL injection
• Malware
• Phishing -> social engineering

Question 2

Data interception and theft

Answer 2

Sensitive information travelling on a network is intercepted using monitoring hardware and software like packet sniffers

Question 3

Brute-force

Answer 3

Automated software is used to try millions of potential passwords until one works

Question 4

Denial of Service (DoS)

Answer 4

Hacker prevents users from accessing a network or website by flooding it with useless traffic/requests

Question 5

SQL injection

Answer 5

SQL code typed into input boxes on a website -> can gain access to databases behind the website if it doesn’t have strong input validation

Question 6

Malware

Answer 6

Software designed to damage or disrupt a device or network

Question 7

Types of malware

Answer 7

• Spyware
• Scareware
• Ransomware
• Rootkit
• Viruses
• Worms
• Trojans

Question 8

Spyware

Answer 8

Monitors user actions and sends info to the hacker

Question 9

Scareware

Answer 9

Tricks user into paying to fix fake problems

Question 10

Ransomware

Answer 10

Encrypts files. User pays for decryption key

Question 11

Rootkit

Answer 11

Gives hackers admin access to the system

Question 12

Viruses

Answer 12

Attached to other files. Only run or replicated when the file is opened

Question 13

Trojans

Answer 13

Malware disguised as legitimate software. Do not replicate themselves.

Question 14

Social Engineering

Answer 14

Gaining access to networks or sensitive information by using people as a system’s weak point

Question 15

Phishing

Answer 15

Hackers impersonate well-known businesses sending emails or messages to you. They contain links to fake websites that ask users to update their personal information, which the criminal steals.

Question 16

Passwords

Answer 16

Prevent unauthorised users from accessing a network. They should be strong and changed regularly to protect against brute-force attacks.

Question 17

Encryption

Answer 17

• Data translated into a code that needs a specific decryption key to access
• Limits the effectiveness of data interception attacks and SQL injections

Question 18

User access levels

Answer 18

It can control:
- Who has access to sensitive data
- Who has read/write access to files
- Who can change access levels of other users

Question 19

How can user access levels prevent network attacks?

Answer 19

Limits the number of people who can access sensitive data and important files -> makes social engineering and malware attacks less effective

Question 20

Anti-Malware Software

Answer 20

Prevents malware from damaging a network and the devices on it

Question 21

Firewalls

Answer 21

• Examine all data entering and leaving a network
• Identify threats using a set of security rules, blocking unauthorised access and unwanted data
• Protect against most types of attack

Question 22

Physical Security

Answer 22

Protects physical parts (like servers) of a network from damage
- Locks and passcodes -> restrict access to areas like server rooms
- Surveillance -> equipment can deter intruders

Question 23

Penetration Testing

Answer 23

• Hire specialists to stimulate attacks -> identify and report network security weaknesses.
• Weaknesses can be fixed to help to protect against real network attacks