1.4.2 Threat Prevention

Question 1

What are examples of common protection and detection methods

Answer 1

Penetration testing
Anti-malware
Firewalls
User access levels
Passwords
Encryption
Physical security

Question 2

What does penetration testing do?

Answer 2

Used to find potential vulnerabilities within a computer system that could be exploited for criminal purposes

Question 3

What does anti-malware do?

Answer 3

Designed to spot a malicious virus, worm, Trojan, adware or spyware program and to remove it from a system or network

Must be regularly updated to meet the latest threats that appear on a daily basis.

Question 4

What does firewalls do?

Answer 4

Control the transmission of data between a computer and other network computers or the internet.

Question 5

What are the characteristics of firewalls?

Answer 5

Can be configured to apply ruled to certain programs, websites or network connections

Can be either software or hardware based – a hardware firewall is generally more expensive but more robust

Question 6

What does a user access level do?

Answer 6

Are used to control the info that a specific user(s) can access, read or edit.

Question 7

What are the characteristics of a user access level?

Answer 7

May be limited to data that is relevant only to them or to protect personal info

Are essential as users are often the weakest link in any computer systems in respect to security

Question 8

What do passwords do?

Answer 8

Essential in preventing unauthorised access to a computer system, but they need to be complex enough so that they cannot be guessed or calculated by hackers.

Question 9

What does encryption do?

Answer 9

Converts info using a public encryption key into a meaningless form that cannot be read if intercepted

Question 10

What are the characteristics of encryption?

Answer 10

Only way to decrypt the info is with a private key or cypher generated by the owner

The encryption text and the cypher are never transmitted together

Question 11

What does physical security do?

Answer 11

Practical way to protect equipment and data from external hackers.

Protects important network equipment or data by physically preventing access

Question 12

What are examples of physical security?

Answer 12

use of safes, locked rooms or obstacles to protect equipment

increased surveillance on equipment

removable hard drives or data storage

biometric scanners that check fingerprints, iris or facial scans or voice recognition systems

Question 13

What makes a strong password?

Answer 13

Make sure all passwords are at least eight characters long

Use upper0 and lower-case characters

Include special character (?, % and #)

Avoid real dictionary words

Avoid any personal info – names of family members or pets, important dates or phone numbers

Regular change passwords and never use them for more than one system.

Question 14

What are the characteristics of penetration testing?

Answer 14

Is usually carried out by security specialists that offer their services to organisations with security concerns