5.3 cyber security

Question 1

Brute-Force Attack

Answer 1

• a trial-and-error method used to crack passwords by trying every possible combination until the correct one is found
• Can be carried out manually or automatically by software

Question 2

Aim of Brute-Force Attack

Answer 2

 Steal/view/access data
 Delete data
 Change data

Question 3

Solution for Brute force attack

Answer 3

• Use stronger passwords with more characters and symbols (strong/complex passwords)
• Setting a limit for login attempts

Question 4

Data Interception

Answer 4

This involves stealing data by tapping into a wired or a wireless transmission line

Question 5

Data Interception aim

Answer 5

steal sensitive information, such as passwords, credit card numbers, or personal data for personal gain

Question 6

Data Interception is done by Packet Sniffing
HOWWWW? -

Answer 6

Uses Packet sniffers to examine packets sent over a line, all the data collected is sent back to the attacker

Question 7

How to prevent data interception?

Answer 7

Encryption
strong Passwords
firewall

Question 8

What does DDoS stand for?

Answer 8

Distributed Denial of Service (DDoS) Attack

Question 9

DDos definition (4marks)

Answer 9

• A DDoS attack is where multiple computers are used as bots
• They flood a server with lots of requests at the same time which the server can’t respond to; causing it to crash or become unavailable to users

Question 10

Aim of DDos

Answer 10

to disrupt the normal functioning of a system or network by denying users access

Question 11

How can u prevent a DDoS attack?

Answer 11

firewall OR proxy server

Question 12

Hacking

Answer 12

the act of gaining illegal access to a computer system without the user’s permission.

Question 13

Effect of Hacking (what happens)

Answer 13

data can be deleted, passed on, changed or corrupted

Question 14

How to prevent Hacking

Answer 14

1. Firewalls
2. Strong passwords/ user IDs
3. Use of anti-hacking software

Question 15

Malware

Answer 15

Malware is malicious software

Question 16

VIrus

Answer 16

• is a malware that attaches itself to a legitimate program or file and then
• replicates itself to spread to other programs or files on the computer.
• It can cause damage to the system, including deleting data or damaging hardware and causing it to malfunction

Question 17

Where viruses are found and how to prevent them

Answer 17

• On email attachments, infected software or websites.

Prevention:
* run up-to-date virus checkers.
* use a firewall
* use a proxy server
* Dont download unoriginal software,
* dont click on unknown links

Question 18

Worms

Answer 18

• is similar to a virus but is a standalone program that can spread and replicate itself over computer networks.
• takes up storage space
• with the intention of corrupting the entire network

Question 19

How to prevent worms (1)

Answer 19

Run up-to-date anti-virus programs.

Question 20

Difference between worms and viruses

Answer 20

Viruses require active hosts and for each end user to initiate the virus, worms dont

Question 21

Trojan horse

Answer 21

a program that disguises itself as a legitimate program or file, but when installed, it can delete data or damage hardware

Question 22

How to prevent trojan horse

Answer 22

Very hard as it involves user tricking, so even firewalls and anti-virus software can be useless

Question 23

Spyware

Answer 23

a software that records all key presses and transmits these to a third-party

Question 24

Adware

Answer 24

a type of software that displays unwanted advertisements on the computer without the user’s consent. Some of these may contain spyware and some may link to viruses when clicked

Question 25

Ransomware

Answer 25

• Software that stops a user from accessing their computer/data by encrypting the files and demands a ransom (fee) payment to decrypt them.
• It can cause data loss, and financial damage and disrupt business operations

Question 26

Examples of malware (6)

Answer 26

1. Viruses
2. Worms
3. Trojan horse
4. Spyware
5. Adware
6. Ransomware

Question 27

Phishing

Answer 27

*Legitimate-looking email sent to user
* encourages user to click a link that directs user to a fake website
* User encouraged to enter personal details into a fake website

Question 28

Aim of phishing

Answer 28

to steal sensitive information for personal gain

Question 29

How to prevent Phishing

Answer 29

1. Don’t open links from unknown receivers
2. Use anti-phishing tools
3. Block pop-up ads
4. Have an up-to-date browser

Question 30

Pharming

Answer 30

Malicious code is downloaded without users’ knowledge that redirects the user to a fake website where they’re encouraged to enter their personal details

Question 31

How to prevent Pharming

Answer 31

• Using anti-virus software
• Checking the spelling and the weblink carefully
• Make sure that the green padlock is present in the URL bar

Question 32

Social Engineering

Answer 32

manipulating individuals to gain access to confidential information

Question 33

Common types of social engineering

Answer 33

1. posing as someone else to gain trust or access to sensitive information
2. Phising/emails
3. Scareware - done using a pop-up message claiming a computer is infected
4. Baiting- leaving a malware-infected stick somewhere that a curious person plugs into their computer

Question 34

Cyber security threats (8)

Answer 34

1. Brute force attacks
2. Phishing
3. Pharming
4. DDoS attacks
5. Malware
6. Social engineering
7. Data interception
8. Hacking

Question 35

Accidental Damage

Answer 35

• Liquids being spilt
• Software failure- Make sure it is always up to date
• Pressing delete by mistake
• Not saving data
• Not shutting down the computer correctly

Question 36

Access Levels

Answer 36

Having Different levels of access for different people

(for example - Only doctors can have access to patient’s data)

Question 37

Anti-Malware

Answer 37

prevent and remove malware

Question 38

Examples of anti-malware

Answer 38

anti-virus
anti-spyware

Question 39

How does Anti-malware work?

Answer 39

1. scans the computer’s files
2. If any malware is found, it is quarantined to prevent the spread
3. The malware is then deleted

Question 40

Authentication

Answer 40

• ensure that only authorised users can access data
• process of Users Proving Who They Are
• prevent unauthorised access and protect sensitive data

Question 41

Passwords

Answer 41

1. Strong password should be complex, unique, and not easily guessed
2. Passwords should be changed regularly
3. Users should avoid reusing passwords across multiple accounts.

Question 42

How can authentication be done (3)

Answer 42

1. Passwords
2. Biometrics
3. Two-step verification

Question 43

Biometrics

Answer 43

biological data for authentication by identifying unique physical characteristics of a human such as

• fingerprints,
• facial and voice recognition,
• iris scans.

Question 44

Why is biometric authentication more secure than using passwords?

Answer 44

• A biometric password cannot be guessed
• It is very difficult to fake a biometric password
• A biometric password cannot be recorded by spyware
• A perpetrator cannot shoulder surf to see a biometric password

Question 45

Two-factor authentication

Answer 45

requires users to provide two forms of authentication before accessing data, such as a password and a verification code sent to a mobile device

Question 46

What does Two-factor authentication (2FA) do

Answer 46

This provides an extra layer of security and reduces the risk of unauthorised access. 2FA is widely used to protect online accounts, such as email or banking.

Question 47

Automating Software Updates

Answer 47

• ensures that software systems are up-to-date with the latest security patches, which helps to prevent security threats
• important for operating systems and software that are frequently targeted by hackers

Question 48

Communications

Answer 48

Checking the spelling and tone of communications is important to prevent phishing attacks

Question 49

URL

Answer 49

• Checking the URL attached to a link is another way to prevent phishing attacks.
• Hackers often use fake URLs to trick users into visiting fraudulent websites
  —-e.g. http://amaz.on.co.uk/ rather than http://amazon.co.uk/

Question 50

Firewalls

Answer 50

Type of hardware or software that stands between the user and external networks. It filters and monitors incoming and outgoing traffic.
blocks unauthorised access

Question 51

Tasks Firewall does

Answer 51

• The user sets criteria for the traffic (this is called the whitelist/blacklist)
• The firewall will monitor the incoming and outgoing traffic
• It will accept or reject the traffic based on the criteria and if data does not meet the criteria it rejects it and an alert can be sent to the user
• It can help prevent hacking and malicious software that could be a threat to the security of the data

Question 52

Privacy Settings

Answer 52

• used to control the amount of personal information that is shared online
• important measure to prevent identity theft and other forms of online fraud
• Users should regularly review their privacy settings and adjust them as needed

Question 53

Proxy-Servers

Answer 53

• used to hide a user’s IP address and location, making it more difficult for hackers to track them
• act as a firewall and can also be used to filter web traffic by setting criteria for traffic
• Malicious content is blocked and a warning message can be sent to the user
• divert attack away from the server
• can stop website from falling into DoS attack

Question 54

Secure Socket Layer (SSL)

Answer 54

• a security protocol which is used to encrypt data transmitted over the internet
• SSL is widely used to protect online transactions, such as those involving credit card information or other sensitive data

Question 55

Process of SSL

Answer 55

1. – Web browser requests web server to identify itself/view the (SSL) certificate
2. – the web server sends copy of the (SSL) certificate to the browser and browser checks if SSL certificate is authentic/trustworthy
3. – sends signal back to webserver that the certificate is authentic/trustworthy
4. – starts to transmit data once connection is established as secure
   5.- encryption method will be agreed and a session key is generated
5. – if website is not secure browser will display an open padlock/warning message

Question 56

ad and dis of fingerprint scans

Answer 56

ad-
* One of the most developed biometric techniques.
* Very easy to use

dis-
* Very intrusive for some, since it is still related to criminal identification.
* Can make mistakes if the skin is dirty or damaged
(for example, cuts).

Question 57

ad and dis of retina scans

Answer 57

ad-
● Very high accuracy.
● No known way to replicate a person’s retina

dis-
● Can be relatively slow to verify a retina scan using stored scans.
● Very expensive to install and set up

Question 58

ad and dis of Face recognition

Answer 58

ad-
● Non-intrusive.
● Relatively inexpensive

dis-
● Can be affected by changes in lighting, the person’s hair, change in age, and if the person is wearing glasses

Question 59

ad and dis of Voice recognition

Answer 59

ad-
● Verification takes less than five seconds.
● Relatively inexpensive

dis-
● Low accuracy.
● Illness, such as a cold, can change a person’s voice,
making absolute identification difficult or impossible.