5.4 User Security

Question 1

Define social engineering (2)

Answer 1

Invovles manipulating of people

occurs when cybercriminal creates a social situation that can lead to a victim dropping their gaurd

Question 2

What are the 5 types of social engineering (5)

Answer 2

Instant messaging

Scareware

Email/Phishing scams

Baiting

Phone calls

Question 3

What is instant messaging (1)

Answer 3

Malicious links embedded into instant messages

Question 4

Features of scareware (2)

Answer 4

pop-up message claiming that user’s computer is infected with a virus

user is told to download anti-virus that looks real (fake)

Question 5

How is baiting carried out (2)

Answer 5

cybercriminal leaves malware infected memory stick somewhere

curious user plugs memory stick into computer and downloads the malware

Question 6

What human emotions is social engineering exploiting (3)

Answer 6

fear

curiosity

empathy and trust

Question 7

Purpose of access levels (2)

Answer 7

different levels of access for different people

have a hierarchy of access levels

Question 8

What are the 4 access levels (4)

Answer 8

Public access

friends

customs

data owner

Question 9

Define public access (1)

Answer 9

data that the general public can access

Question 10

Define friends (1)

Answer 10

(only people identified as “friends” by the owner of the data can see certain data

Question 11

Define customs (1)

Answer 11

user can exclude certain content from selected people

Question 12

Define data owner (1)

Answer 12

data only owner can see

Question 13

2 types of anti-malware (2)

Answer 13

anti-virus

anti-spyware

Question 14

Define anti-spyware (1)

Answer 14

Detects and removes spyware programs

Question 15

How does anti-spyware remove spyware using the rules method (2)

Answer 15

software looks for typical features which are usually associated with spyware

identifying any potential security issues

Question 16

How does anti-spyware remove spyware using the file structure method (1)

Answer 16

looks for certain file structures associated with spyware

Question 17

Define authentication (1)

Answer 17

Ability of a user to prove who they are

Question 18

Common factors used in authentication (3)

Answer 18

Something you know (password or PIN code)

Something you have (mobile phone or tablet)

Something unique to you (biometrics)

Question 19

two Methods of authentication (2)

Answer 19

Passwords

biometrics

Question 20

Function of passowords (1)

Answer 20

restrict access to data or systems

Question 21

What should strong passwords contain (3)

Answer 21

-at least one capital letter

-at least one numerical value

-at least one other keyboard character

Question 22

Function of biometrics (1)

Answer 22

Relies on certain unique characteristics of human being

Question 23

Examples of biometrics (4)

Answer 23

fingerprint scans

retina scans

face recognition

voice recognition

Question 24

How do fingerprint scans work? (3)

Answer 24

Images of fingerprints compared against previously scanned fingerprint images stored in a database.

System compares patterns of ‘ridges’ and ‘valleys’ that are unique.

If they match, then a user is correctly recognised

Question 25

Benefits of fingerprint scans (5)

Answer 25

Unique

Can’t be misplaced

Easy to use

Small storage

Most developed biometric technique

Question 26

Disadvantages of fingerprint scans (3)

Answer 26

Expensive to set up

Affect scanning accuracy if finger is damaged

Some may consider it as infringement of civil liberties

Question 27

Function of retina scans (1)

Answer 27

Uses infrared light to scan unique pattern of blood vessels in the retina (back of the eye)

Question 28

Advantages of retina scans (2)

Answer 28

secure as there is no way to duplicate the blood vessels patterns

very high accuracy

Question 29

drawbacks of retina scans (3)

Answer 29

can be intrusive

slow to verify retina scans with stored scans

expensive to set up

Question 30

Disadvantages of face recognition (1)

Answer 30

can be affected by change facial features

Question 31

Benefits of voice recognition (3)

Answer 31

not intrusive

quick to verify

relatively cheap technology

Question 32

Disadvantages of voice recognition (3)

Answer 32

voice can be easily recorded and used for unauthorised access

low accuracy

voice can change

Question 33

Define two step verification (1)

Answer 33

Requires two methods of authentication to verify who a user is

Question 34

Where is two step verification often used? (1)

Answer 34

online purchases

Question 35

How does two step verification work? (2)

Answer 35

1st step is entering username and password

2nd step is when an 8 digit pin is sent to device’s email or text message. And user enters the 8 digit pin

Question 36

Define automatic software updates (2)

Answer 36

updating software on user computer

improves software performance and security

Question 37

2 Actions to take before opening emails (2)

Answer 37

spelling in email

tone used in emails

Question 38

Different ways of protecting against cyber security threats (10)

Answer 38

access levels

anti-malware

authentication (username and password
biometrics, two-step verification)

automatic software update

checking the spelling and tone of
communications

checking the URL attached to a link

firewalls

privacy settings

proxy servers

Secure socket layer (SSL) security protocol

Question 39

Purpose of firewall (1)

Answer 39

security system designed to prevent unauthorised access to or from your computer or private network.

Question 40

How do firewalls work? (3)

Answer 40

sit between the user and the external network, examining both the incoming and outgoing traffic

checks what is received and requested to ensure that traffic (data) meets a given set of criteria (rules).

Any traffic (data) that doesn’t meet the criteria is filtered and stopped.

Question 41

Purpose of proxy servers

Answer 41

intermidiary between user and web server

Question 42

Benefits of proxy servers(3)

Answer 42

Anonymity: IP address given to web server is the IP address of the proxy server (not user)

Security: IP is hidden so hacker cannot target user

Improved control: Large organisation can control what content is allowed to be accessed by employees, students etc

Question 43

Purpose of SSL

Answer 43

allows data to be sent and received securely over the internet

Question 44

Define SSL

Answer 44

Set of rules used by computers to communicate with each other over a network

Question 45

Are firewalls hardware based, software based or both

Answer 45

Can be hardware or software based

Question 46

Are proxy servers hardware based or software based or both

Answer 46

Can be hardware or software based