2.8 Data Security Flashcards

1
Q

What are the key risks to files for most companies with an online presence?

A

Outside access and manipulation of files.
Unauthorised reading or copying of files.
Corruption of files.
Loss or deliberate deleting of files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What protection can be applied to files?

A

Levels of permitted access.
Passwords for access.
Write-protect mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Cryptography?

A

The act of scrambling a piece of plain text into cipher text so that it can’t be immediately understood. (Practically known as encryption)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a Caesar Cypher?

A

The simplest and most well known form of encryption where each letter in the alphabet is shifted a certain number of places.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Symmetric Encryption?

A

Where the process of decryption is the opposite process used to encrypt. These algorithms have one key which is needed at both ends of a transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an advantage and disadvantage of Symmetric Encryption?

A

Symmetric is best used for data on your own disks as its fast however, they are very easy for modern computers to crack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Asymmetric Encryption?

A

Algorithms which have two keys - a private and a public key. If someone knows the encryption key, they can encrypt information but they can’t decrypt it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an advantage and disadvantage of Asymmetric Encryption?

A

A shared secret key doesn’t have to be exchanged over an insecure medium such as the internet however, asymmetric keys are far slower to use and are not feasible for use in transmitting large amounts of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a biometric device?

A

A device which adds security to a computer system which works with unique features of the human body.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are 5 examples of biometric security?

A

Fingerprint Recognition.
Iris Scanning.
Retina Scanning.
Facial Recognition.
Voiceprint Recognition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the key stages of deploying biometric security?

A

Captured.
Digitised.
Stored.
Compared.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some examples of Facial Recognition being used?

A

Used by the police at football grounds to check for known trouble-makers.
City centre drunkenness patrols.
Shopping centre CCTV.
Airport Security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are 4 examples of issues associated with the use of biometrics?

A

If innocent people’s faces are stored by the police that could cause privacy issues.
Physical/Eye damage from repeated flash photography.
Concerns around the use of personal data.
Criminals could gain access if original data capture was flawed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What 3 situations could prevent Voiceprint Recognition from working?

A

High background noise.
Cold/Sore Throat.
Recording and playing back of the original voice to gain unauthorised access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are 3 advantages of the use of biometrics?

A

Biometrics are unique to a person.
Very difficult to copy, steal or imitate.
It is not possible to forget as you don’t have to remember a card or PIN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why is disaster planning important for an organisation?

A

Many organisations could not survive if their system went down as their data is vital.
Planning is a must as all computer systems are liable to fail as you can’t always avoid fires/floods.

17
Q

What are 5 procedures that should be utilised for disaster planning?

A

Backups should be made.
Files should be archived off-site.
There should be an alternative system that can quickly replace the existing one.
Should be back-up power supplies.
Staff should be trained in recovery procedures.

18
Q

What are Black hat hackers?

A

Hackers which break into systems for their own purposes.
This could be for financial gain, testing their skills or for fun.

19
Q

What are White hat hackers?

A

Hackers which use their skills to break into a system to expose flaws and then advise on how they will be fixed.
They will work directly for a company, or hired by a company to perform penetration testing.

20
Q

What are Grey hat hackers?

A

White hat hackers who are not directly hired by a company but perform penetration testing anyway to expose flaws.
This is in hope to be hired by the company but more often than not they are prosecuted under the computer misuse act.

21
Q

What is Penetration Testing?

A

Done by all three types of hackers which involves breaking into a system and exploring vulnerabilities in the Operating System, application flaws, poorly configured systems and user behaviour.

22
Q

What are the 5 phases of Penetration Testing?

A

Reconnaissance.
Scanning.
Gaining Access.
Maintaining Access.
Clearing Tracks.

23
Q

What is Reconnaissance?

A

Collecting as much public data as possible. This could include the software in use, names of employees, IP addresses and other such data.

24
Q

What is the Scanning process in Penetration Testing?

A

The plan is to scan all available ports, find software versions, find out the addresses of all public computers and create a blueprint of the target.

25
Q

What do the final three stages of penetration testing involve?

A

The final stages involve changing passwords, creating back doors and changing logs.

26
Q

What is a Virus?

A

A software which will attempt to spread over the network by infecting emails, removable storage devices or known software vulnerabilities.
The attack vector for a virus tends to be through emails or infected websites and once it is in play, other pieces of software are deployed which is known as the payload.

27
Q

What are Trojans?

A

Tricks users into downloading files which are hidden within programs. Once the Trojan is activated, the payload is delivered.
The most common attack vector is getting users to download files or use illegal peer-to-peer networks.

28
Q

What is Spyware?

A

Spyware tracks key presses and software which is sent back to the hacker.
Commonly used to commit identification fraud.
The attack vector tends to be from other malicious software such as viruses.

29
Q

What is Scare-ware/Ransom-ware?

A

Software which tries to scare the user into buying fake or further malicious software.
It will suggest that your system is compromised and only their software can fix it.
The attack vector of Ransom-Ware is involved in the payload of a virus.
Scare-Ware is used on compromised websites.

30
Q

What are Botnets?

A

They create a backdoor to your computer allowing a hacker to use it without your permission.
The hacker then uses your computer as a part of a larger group of compromised users to launch further attacks, usually denial of service attacks.
Tends to be in the payload of a virus.