14- Threats to computer systems and networks

Question 1

What are the different ways a network can be hacked?

Answer 1

malware
phishing
brute force
denial of service
data interception and theft
structured query language injection
poor network policy
people

Question 2

What is malware?

Answer 2

Malware is malicious software that is designed to hack a system. Malware can take many different forms.

Question 3

What different forms can malware take place as?

Answer 3

Viruses, worms, trojans, spyware and ransomware

Question 4

What are viruses?

Answer 4

Programs embedded (hidden) within other files. They replicate themselves and become part of other programs. Viruses often cause damage by deleting or modifying data.

Question 5

What are worms?

Answer 5

Programs similar to viruses except that they are not hidden within other files. Worms often spread through emails.

Question 6

What are trojans?

Answer 6

Programs which pretend to be legitimate but in reality are malware. They are often disguised as email attachments. Trojans cannot spread by themselves - instead they deceive a user into installing the program

Question 7

What is spyware?

Answer 7

Programs that monitor user activities (such as websites visited, usernames and passwords used) and send the information back to a hacker.

Question 8

What is ransomware?

Answer 8

Programs that attempt to blackmail a user into making a payment to a hacker. Some types of ransomware do little but try to scare users into paying, while others go further - they encrypt documents and will not decrypt them until a ransom is paid.

Question 9

What is phishing?

Answer 9

Emails that try to trick users into giving away personal details. The phishing email pretends to be a genuine message and tries to deceive the user into following a link to a website that looks like the real company, for example, a bank. However, it is a fake website designed to catch data such as bank account numbers and security codes.

Question 10

What is a brute force attack?

Answer 10

Where a program is used to find a password by trying all possible combinations of characters until the correct one is obtained.

Question 11

What is a Denial of service attack?

Answer 11

Where a computer (or many computers) is used to prevent a server from performing its tasks. This is done by bombarding the server over and over again with requests. Eventually the server is tied up trying to handle all the DOS requests, making it very difficult for it to respond to legitimate requests.

Question 12

What is Data interception and theft

Answer 12

Where data is intercepted during transmission. This is done using software called a packet sniffer, which examines data packets as they are sent around a network, or across the internet. The information gathered is sent back to a hacker.

Question 13

What is SQL injection?

Answer 13

SQL is used to search databases. A hacker can enter some malicious SQL into a database, which can cause errors or unintended operations.

Question 14

What is poor network policy?

Answer 14

Where a network does not have security rules in place for users to follow.

Question 15

How are people a threat to networks?

Answer 15

Where users do not adhere to network policy. People frequently ignore rules, or accidentally or deliberately break them. For example, many users choose easy to guess passwords, or send and receive personal emails which may contain viruses. This behaviour increases the chances of a network being compromised and its data being accessed by unauthorised users. This is sometimes called social engineering.

Question 16

What do poor network policies tend to not have?

Answer 16

• levels of access to prevent users from accessing sensitive data unless they are authorised to do so
• rules preventing the connection of external devices such as USB memory sticks which may contain and transmit viruses
• regulation regarding secure passwords, for example using a number of letters, numbers and symbols
• rules to govern what websites can and cannot be visited
• methods to prevent any user wirelessly connecting an unsecured laptop, tablet or smartphone
• controls on what facilities can be accessed remotely (away from the organisation)
• a formal backup procedure that is adhered to
• a regular maintenance programme that is followed

Question 17

What is a network attack?

Answer 17

an attempt to gain access to, steal, modify or delete data on a network.

Question 18

What are the 4 types of network attack?

Answer 18

active, eavesdropping(passive), external, internal

Question 19

What methods are in place to help keep a network safe?

Answer 19

secure passwords
encryption
anti-malware software
firewalls

Question 20

Describe penetration testing

Answer 20

The purpose of penetration testing is to determine how resilient a network is against an attack. It involves authorised users (sometimes an external party or organisation) who probe the network for potential weaknesses and attempt to exploit them. Software that enables network managers to test the resilience of networks themselves is also available.

Question 21

Describe network forensics

Answer 21

Network forensics involves monitoring the traffic on a network. At regular intervals transmitted data packets are copied. The copy and information about the packet are then stored for later analysis. This is usually processed in batches. The information gathered can help identify invasive traffic (from hackers) or to determine where data is being sent.

Question 22

What is meant by network policies?

Answer 22

Rules put in place that ensure the safety of a network

Question 23

What do network policies ensure?

Answer 23

• users have a secure, hard-to-guess password which meets specified conditions
• users change their password on a regular basis
• users cannot connect unauthorised equipment to the network, such as USB memory sticks, smartphones and tablets
• levels of access are given, which allow only authorised users to access sensitive data
• a regular backup procedure is in place
• a disaster recovery procedure exists in case of data loss
• regular penetration testing and forensic analysis
• regular maintenance including applying software upgrades and security patches to equipment
• preventing physical access to servers
• maintaining a high level of security with up-to-date anti-virus software and firewalls

Question 24

What do user access levels do?

Answer 24

They determine the facilities a user has access to e.g. software, email, internet access, documents & data, the ability to install and/or remove software, the ability to maintain other users’ accounts.

Question 25

-

Answer 25

-

Question 26

What methods are in place to identify vulnerabilities in a network?

Answer 26

penetration testing, network forensics, network policies, user access levels

Question 27

What is the purpose of a password?

Answer 27

The purpose of a password is to verify who a user is. Without knowing the password, you cannot use a user ID to sign into a network.

Question 28

What is an ideal secure password?

Answer 28

One that contains a combination of upper an lower case letters, special characters and numbers. The password should also be at least 8 characters long and not be easy to guess.

Question 29

What is encryption?

Answer 29

the process of disguising data so that it cannot be understood. Even if a hacker gains access to encrypted data, they will not be able to understand it, as they do not have the key to turn the message from ciphertext to plaintext.

Network managers usually encrypt data which is to be stored or transmitted on a network.

Question 30

What are the 3 purposes of anti-malware?

Answer 30

• To detect malware that has been installed
• To prevent malware from being installed
• To remove malware from the system.

Question 31

What does anti-malware include?

Answer 31

anti-virus software, anti-phishing tools and anti-spyware software

Question 32

How does anti-malware work?

Answer 32

by scanning through all the files on a computer and checking them against a list (known as definitions) of known malware.

Question 33

What is the main problem with anti-malware?

Answer 33

that it is reactive - it can only detect, prevent and remove known malware. When new malware is introduced, anti-malware has to be updated to take account of the new threats. The longer the gap before anti-malware is updated, the less protection it offers.

Question 34

What does a firewall do?

Answer 34

A firewall stops unauthorised traffic entering and leaving a network.

Question 35

The decision for a firewall to allow or block traffic is based on what?

Answer 35

The firewall policy

Question 36

What is an example of the firewall policy in use?

Answer 36

some programs, such as email clients and web browsers have legitimate cause to send a transmission. These programs are known and the firewall policy allows their communications. However, any transmissions that are not sent from or to known - and allowed - sources are blocked.

Question 37

What are the 2 things firewalls can be?

Answer 37

Hard-ware based or soft-ware based

Question 38

Which is more expensive, hardware-based firewalls or soft-ware based firewalls?

Answer 38

Hard-ware based firewalls

Question 39

Which is more effective, hardware-based firewalls or soft-ware based firewalls?

Answer 39

Hard-ware based firewalls