2.2 Security Aspects

Question 1

Features of a strong password

Answer 1

1. Mixture of uppercase and lowercase letters
2. Combination of letters, numbers and special symbols
3. At least 8 characters

Question 2

Virus

How to minimise the risk

Answer 2

• Software that replicates itself
• Intends to delete or alter data stored on a computer
• Can make the computer “crash”/run slow

Minimise risk:

• use of anti-virus software
• do not download software/data from unknown sources

Question 3

Spyware

How to minimise the risk

Answer 3

• Software that gathers information by recording key presses on a user’s computer/keyboard and relays the information back to the person who sent the software
• User activity/key presses can be analysed to find sensitive data eg. passwords
• a common pattern/word in the key logs could allow a password to be identified

Minimise risk:

• use anti-spyware software
• use data entry methods such as drop-down boxes

Question 4

Hacking

How to minimise the risk

Answer 4

The act of gaining illegal access to a computer system without the owner’s consent/permission

Minimise risk:

• use of passwords / user IDs
• use of firewalls
• encrypt data

Question 5

How does anti-virus software protect the user?

Answer 5

1. Scans computer system for viruses
2. Removes any viruses found from computer
3. Checks data before it is downloaded, and stops download if virus found / warns you may contain virus

Question 6

Firewall

Answer 6

Software that filters data coming from the Internet, to stop malware and hackers and block unsuitable content

Question 7

5 ways that data could be accidentally damaged or accidentally lost

Answer 7

1. human error eg. accidentally deleting a file
2. hardware failure
3. physical damage eg. fire/flood
4. power failure
5. misplacing a storage device

Question 8

Methods to prevent data entry errors that can accidentally cause data corruption

Answer 8

1. Using checks on data entry such as check digits, range checks, etc.
2. Entering data twice

Question 9

Explain what is meant by a denial of service (DoS) attack.

Answer 9

• designed to deny people access to a website
• a large number of requests is sent to a server all at the same time
• the server is unable to respond to ALL the requests
• the server fails/times out as a result

Question 10

Proxy server

Answer 10

A computer that acts as an intermediary between a web browser and the Internet

Question 11

Advantages of a proxy server

Answer 11

1. Helps to improve web performance by storing a copy of frequently used web pages
2. Can help improve security by filtering out some web content and malware

Question 12

Transport Layer Security (TLS)

Answer 12

The TLS security protocol checks that the website you are using is real and then establishes a private link between two devices that are communicating, using encryption

Question 13

Secure Sockets Layer (SSL)

Answer 13

SSL security protocol has different methods of encryption to TLS and is less secure; uses public and private keys, uses https
*purpose is the same as TLS (check authentication of website, establish private communication between devices using encryption)

Question 14

Encryption

Answer 14

The process of converting plain text into cypher text

Question 15

Decryption

Answer 15

The process of converting cypher text into plain text

Question 16

Symmetric VS Asymmetric encryption

Answer 16

Symmetric encryption
- Uses the same encryption key to encrypt and decrypt a message (1 key)
- The secret key has to be sent over the Internet before encryption can begin, so anyone who finds out the key can decrypt the messages
Asymmetric encryption
- 2 keys: a public key and a private key
- The public key is shared with any computer that needs to send a message
- The private key is kept secret on your computer. Only your computer can use it to decrypt the messages sent to you
- slower than symmetric, but safer

Question 17

What will increase the strength of the encryption?

+ explain

Answer 17

Increasing the length of a key and making it more complex

- will generate more possibilities for key

Question 18

Phishing

How to minimise the risk

Answer 18

• Legitimate-looking emails sent to a user
• As soon as recipient clicks on link in the email the user is directed to a fake website (without their knowledge)
• To obtain personal/financial information

Minimise risk:

• do not open emails/attachments from unknown sources
• some firewalls can detect fake websites

Question 19

Pharming

How to minimise the risk

Answer 19

• Malicious code installed on a user’s computer/actual web server
• This code redirects user to a fake website (without their knowledge)
• To obtain personal/financial information

Minimise risk:

• only trust secure websites, eg. look for https
• check the URL matches the intended site

Question 20

4 examples of biometrics

Answer 20

1. fingerprint scanner
2. face recognition software
3. retina scanner/iris scanner
4. voice recognition software

Question 21

Cracking

How to minimise the risk

Answer 21

• The act of illegally changing the source code of a program so that it can be exploited for another use

Minimise risk:

• set strong passwords
• encrypt data

Question 22

6 ways of preventing ACCIDENTAL loss or corruption of data

Answer 22

1. back up files on a regular basis to another device / to the cloud
2. set data to read only to prevent accidental editing
3. save data on a regular basis to prevent loss/corruption of data in unexpected shutdown/failure
4. use correct shut down / start up procedures to prevent damage to components/stored files
5. use correct procedures before disconnecting portable storage device to prevent damage to device/data corruption
6. keep storage device in a safe place away from fire hazards

Question 23

5 tasks carried out by a firewall

Answer 23

1. Examines traffic to and from a user’s computer and the Internet
2. Checks whether incoming and outgoing traffic meets a given set of criteria
3. Firewall blocks traffic that doesn’t meet the criteria
4. CAN prevent viruses and hackers gaining access
5. Blocks access to specified IP addresses/websites

Question 24

How does anti-spyware software work?

Answer 24

1. scans the computer for spyware
2. removes any spyware that is found
3. can prevent spyware from being downloaded

Question 25

Describe how data are encrypted.

Answer 25

1. an encryption algorithm is used
2. …to scramble data
3. the original data is called the plain text
4. a key is used to encrypt the data
5. the key is applied to the plain text
6. plain text is encrypted into cypher text

Question 26

Explain what is meant by spam.

Answer 26

• junk/unwanted emails
• sent to large numbers of people
• used for advertising / spreading malware
• fills up mail boxes