1.4 Network Security

Question 1

Malware

Answer 1

malicious software, created with the intent to:

Cause damage to computer systems or
Steal data

Question 2

Vulnerabilities

Answer 2

Vulnerabilities can be caused by:

Human weakness
Software issues
Code quality

Question 3

Virus

Answer 3

malware in the form of a program that attaches itself to another file and can replicate itself when the file is executed.

DEFENCE: Antivirus and anti-malware software
Don’t click on links from unknown sources

Question 4

Worm

Answer 4

malware that is able to replicate itself and does not need to use another file as a vector.

DEFENCE: Antivirus and anti-malware software
Don’t click on links from unknown sources

Question 5

Trojan

Answer 5

a piece of malware that is hidden inside another file in a computer system

A trojan is a piece of software that appears to be legitimate (such as a game), to trick the user into executing it.

DEFENCE: Antivirus and anti-malware software
Don’t click on links from unknown sources

Question 6

RAT

Answer 6

Remote Access Trojan

The main objective of a trojan is to steal confidential information or inflict damage.

A type of trojan is a remote access trojan (RAT). A computer with a RAT may become a bot under the remote control of a hacker.

DEFENCE: Antivirus and anti-malware software
Don’t click on links from unknown sources

Question 7

Botnet

Answer 7

When the hacker controls many computers, the computers form a botnet.

A botnet (robot network) is a network of computers that are under the control of a single operator who can instruct all of the computers to do something at the same time. This could be to send out spam emails or perform a distributed denial of service (DDos) attack on a chosen target.

DEFENCE: Antivirus and anti-malware software
Don’t click on links from unknown sources

Question 8

Spyware

Answer 8

a form of malware that captures data from a computing device and transmits it without the user’s knowledge.

DEFENCE: Anti-malware software

Question 9

Keylogger

Answer 9

Spyware. A keylogger can keep a record of all keys pressed, meaning that usernames and passwords are recorded and transmitted back to the malicious software author.

DEFENCE: Anti-malware software

Question 10

Ransomware

Answer 10

a form of malware that locks a computer or encrypts files, and therefore prevents a user from accessing their data.

The attacker will demand a fee (ransom) is paid before they release the files, although there is no guarantee that the user will get their files back, even after they have paid the ransom.

DEFENCE: Anti-malware software

Question 11

Social Engineering

Answer 11

techniques used to trick users into giving away personal information by psychological manipulation

It is different to other cyber crimes because it involves humans trying to trick or manipulate other humans

DEFENCE: Security training

Question 12

Phishing

Answer 12

an attack in which the victim receives a message disguised to look like it has come from a reputable source (for example, a bank), in order to trick them into giving up personal information.

DEFENCE: Security training
Network policy
Firewall
User awareness of phishing ‘clues’

Question 13

Spear Phishing

Answer 13

Spear phishing is a more sophisticated version of the scam, where a fraudulent message is sent to a specific person and often includes personal details in order to appear legitimate.

For example, rather than sending phishing emails to a whole company, a spear phishing attack might just aim at the finance director and be more personalised

DEFENCE: Security training
Network policy
Firewall
User awareness of phishing ‘clues’

Question 14

Pharming

Answer 14

deceiving users by sending them to a fake website that the user believes is the real one, with the intention of tricking them into submitting personal information.

DEFENCE: Security training

Question 15

DNS Poisoning

Answer 15

A more sophisticated method of pharming, known as DNS poisoning involves hacking a DNS (the database that allows your browser to find the website that you are visiting).

When the victim enters a correct web address of the site they wish to visit into their browser, they visit a website controlled by the attacker, rather than the legitimate website.

Question 16

Blagging

Answer 16

an attack in which the attacker invents a scenario in order to convince the victim to give them personal information or money.

DEFENCE: Security training

Question 17

Shouldering

Answer 17

a type of social engineering attack design to steal a victim’s password or other sensitive information by using close visual observation.

DEFENCE: Security training
Concealing your password or pin entry
User access levels
User awareness

Question 18

Hacker

Answer 18

someone who deliberately gains, or attempts to gain, unauthorised access to a computer system with the intent to cause damage or steal data

Question 19

Ethical Hacker

Answer 19

expert in computer security who attempts to gain access to a computer system in order to find vulnerabilities.

If an ethical hacker is working with the permission of the network owner, this activity can be classed as penetration testing. However, if they are working without permission, the activity is illegal.

Question 20

Computer Misuse Act

Answer 20

Under the Computer Misuse Act, there are heavy penalties, including prison sentences, for anyone who makes an attempt to access a system without authorisation.

Question 21

Man-in-the-middle

Answer 21

where a hacker hacks the connection between two people or systems and intercepts the data they are passing to each other. The hacker may take the data or may alter it so that the recipient receives data that has been tampered with in some way. The users will be unaware that the data has been intercepted.

This kind of attack can be orchestrated by a malicious person setting up a free unencrypted Wi-Fi hotspot. Any data that is passed across the network can be readily intercepted.

Question 22

Server

Answer 22

is a computer that provides services to client computers. An example of a server is a web server that provides webpages. Servers are usually set up to run 24 hours a day, 7 days a week, constantly listening for requests for their services.

Question 23

Denial-of-Service Attack

Answer 23

Servers are configured to be able to cope with a certain volume of traffic.

In a denial-of-service attack, a server will be bombarded with requests at a level that it cannot cope with.

Anyone else who is trying to access the server will find that their request cannot be processed, therefore causing a denial of service.

DEFENCE: Firewall

Question 24

DDos

Answer 24

Distributed Denial of Service. A malicious attempt to overwhelm a server by bombarding it with requests.

In a distributed attack, the requests come from a large number of distributed computer systems, typically a botnet.

DEFENCE: Firewall

Question 25

SQL

Answer 25

stands for Structured Query Language and is a language that is used to form queries to extract or manipulate information in a database.

Question 26

SQL Injection

Answer 26

technique used by a malicious person to manipulate an SQL statement to their own benefit.

Question 27

Brute Force Attack

Answer 27

This type of attack uses a computer program to generate all combinations of characters until it finds the combination that matches the password.

If the password is short and made up of characters selected from a small character set, the password will be easy to find.

For example, if you have a password made up of six lower-case letters, there are only 626 = 308,915,776 possibilities. It would take a person a long time to try all of these passwords, but a computer could do it in seconds.

DEFENCE: Strong passwords with limited attempts
Penetration testing

Question 28

Dictionary Attack

Answer 28

A dictionary attack is a brute force attack that uses a list of passwords (the dictionary) to check if the password that is being cracked matches a password in the list. This list may include common passwords and also passwords that have been hacked from other sites.

Each password in the dictionary is tried in turn in an attempt to find the correct password.

You can find tools on the internet that will simulate a dictionary attack to test the security of your own passwords.

DEFENCE: Strong passwords with limited attempts
Penetration testing

Question 29

Information Commissioner’s Office

Answer 29

responsible for Data Protection in the UK

Question 30

Reputational Damage

Answer 30

Often the greatest impact of the failure of network security is reputational damage.

This is where customers or stakeholders find out about the attack and lose confidence in the organisation. They may take their business elsewhere, resulting in a loss of revenue for the organisation.

Question 31

Strong Password

Answer 31

Password strength is determined by the length of the password and the number of different types of characters that are used. For example:

Upper-case letters
Lower-case letters
Numbers
Special characters (e.g. *, $, #)

You should not use personal data as part of your password. Avoid using family and pet names, birthdays, or names associated with hobbies and interests.

Question 32

Default Password

Answer 32

Sometimes a system is set up with a default password. This is a password that is allocated by the system provider.

If the default password is weak, it should be changed immediately, especially if it appears that every new system user will be given the same password.

Question 33

Access Rights

Answer 33

The general rule is that a user should be given the lowest level of access needed to do their job.

In this way, there is less opportunity for the accidental loss of data and fewer accounts to investigate if a system is compromised.

When a user is given access to a computer system, their access to specific files within the system can be restricted. Setting appropriate permissions will help to prevent unauthorised access to sensitive or important data.

It is also possible to restrict the level of access that a user has; for example, the right to view, edit, or delete a file.

Most organisations store their data in databases; database management systems allow restrictions to be specified down to the individual record or even field level.

Question 34

Firewall

Answer 34

A firewall acts as a barrier between a trusted network and an untrusted network.

A firewall sits between two networks, usually a trusted network (such as your home network) and an untrusted network (such as the internet) as illustrated on the next slide.

The firewall will attempt to prevent malicious traffic entering the network. It can also be configured to prevent certain types of data from leaving the network.

Question 35

Physical Security

Answer 35

The physical security of network devices is also important.

Most large buildings are protected by security mechanisms to control access. This may be in the form of security guards who check that only authorised people can enter the building, or could be in the form of doors or barriers that can only be opened by someone with an appropriate smart card or access code.

CCTV is commonly deployed to record movement around the site and inside buildings.

Encryption
Physical locks
Biometrics

Question 36

Encryption

Answer 36

When data is encrypted, even if it is intercepted, it cannot be easily understood.

IMPORTANT: IT DOES NOT PREVENT DATA INTERCEPTION.

the process of applying an encryption algorithm (cipher) to plaintext to produce ciphertext that cannot be understood (without decryption)

Question 37

Symmetric Encryption

Answer 37

uses the same key for both encryption and decryption. Symmetric encryption schemes are faster than asymmetric encryption schemes because they use less complex mathematical operations, which means that data can be encrypted or decrypted at a speed and volume suitable for network communications.

Question 38

Asymmetric Encryption

Answer 38

uses a related set of keys, one public and one private. The keys work as a pair; one key is used to encrypt the message and the other to decrypt. Asymmetric encryption is slower, but allows the sender to be authenticated.

Question 39

Encryption Key

Answer 39

information that is needed by an encryption algorithm to encrypt (or decrypt) a message

Question 40

Pen testing

Answer 40

Penetration testing

a method of testing used to discover weaknesses of vulnerabilities in a system that could be exploited by hackers.

Organisations can spend large amounts of money on network security. It is important that the effectiveness of the measures they have put in place is tested. When a security system fails, the reputation of the business can suffer and they may also incur large fines if they have lost or compromised personal data.

Penetration testing is testing to make sure that the system is secure from hackers or other malicious attacks. It is used to discover weaknesses or vulnerabilities in a system that could be exploited.

Question 41

Black-box penetration testing

Answer 41

testing that does not rely on understanding the inner workings of a program

is designed to mimic an external attack on the system. The testing will assume that the attacker is unauthorised and has no knowledge of the system. The tester will use brute force methods and try to exploit well-known software vulnerabilities to get access to the system.

Question 42

White-box penetration testing

Answer 42

a method of testing where all possible routes through a program are identified and tested

is designed to mimic an attack from an insider who already has access to the system, and maybe has information about the way the system is configured and operates. This can help safeguard against the actions of someone who is inside the organisation and up to no good.

Question 43

Testing

Answer 43

the systematic process of checking that a subroutine, program or system works as expected.

Question 44

Anti-malware Software

Answer 44

Anti-malware or antivirus software is used to detect, quarantine, or remove malware such as viruses, trojans, and worms from computers.

Anti-malware software can have a real-time checker that scans files before they are used to keep the computer safe, and can also have scheduled scans, which perform checks upon computer files on a regular basis.

Question 45

Unauthorised Access

Answer 45

THREAT

Hacking, a personal attempting to gain unauthorised access to the network or device

Prevention/Mitigation: Strong passwords / Firewall / Physical security / 2FA / access rights