4.2 Preventing vulnerabilities

Question 1

List different ways to prevent vulnerabilities against attacks

Answer 1

• Penetration testing
• Anti malware software
• Firewall
• Use access levels
• Password
• Encryption
• Physical security

Question 2

Penetration testing

Answer 2

Penn testing is the practice of deliberately trying to find the security role in your own systems

Question 3

Goal of penetration testing

Answer 3

Identify the targets of possible attacks
Identify possible entry points
Attempts to break in
Report back findings

Question 4

Anti malware software

Answer 4

They detect malware and it gets sent to the anti virus company and verify whether it’s malware or not and then create signature of the virus
Then it is added to the database and tell computers to update

Question 5

What is a result of virus morph

Answer 5

It makes it harder to create a signature

Question 6

External penetration test

Answer 6

The objective is to find out whether a hacker can get in, and once they’re in, find out how far they can get into the system

Question 7

External penetration test targets?

Answer 7

Email servers, web servers or firewalls

Question 8

Internal Penetration test

Answer 8

The objective is as an employee with standard rights find how much damage a dishonest employee could do

Question 9

Define encryption

Answer 9

A way of securing daya so that it cannot be read without the encryption key

Question 10

Prcoess of encryption

Answer 10

Passwords are stored with an ecryption

Question 11

Why is it important to have data encrypted?

Answer 11

If hacker obtains passwords and other data, it will be encrypted so it won’t be easily read

Question 12

How can you transmitt encrypted data?

Answer 12

HTTPS (Secure HyperText Transfer Protocol)

Question 13

How does HTTPS work?

Answer 13

Web browser sends its key and form sata, encrypting with the server’s key
The server encrypts the web page you request using your web browser’s key

Question 14

Encryption on individual files

Answer 14

They can only be viewed by people who have the password. This can be done with software such as zip files

Question 15

Encryption of drives

Answer 15

Passwords are used to access the encrypted files. Some removable media can be encrypted with special hardware

Question 16

Firewalls

Answer 16

Separate a trusted network from an untrusted network (normally the Internet)

Question 17

How do firewalls work?

Answer 17

When data packets are sent around a small network, they are checked to see whether they are coming from and going to.

Question 18

What is a packet filterer?

Answer 18

A filterer that compares the packets to the filtering rules and if not, they are dropped

Question 19

How can you run firewalls?

Answer 19

They can be run on dedicated hardware (can be built into your device) or as software. For example your router

Question 20

Firewall features

Answer 20

• Prevents attackers from gaining access to computers on a network
• Can block certain malicious computers by filtering packets from a certain IP address.
• Can prevent access to certain ports on the network. This can be known as port blocking
• Malicious or inappropriate websites can be blocked
• Dedicated hardware firewalls can be blocked
• Software firewalls will slow down a computer

Question 21

User Access Levels

Answer 21

Access levels can be set on disks, folders and individual files

Question 22

Password policy

Answer 22

Passwords are often checked to see if they are secure enough. For example it might require a capital letter, special characters or numbers

Question 23

Physical security

Answer 23

Physical security is where hardware, software and networks are protected by physical methods.

Question 24

Give examples of physical security

Answer 24

• CCTV
• Intruder alarms
• Door locks
• Fences, barbed wire
• Security guards
• ID cards and signs
• Turnstiles and gates