8. Security and ethics

Question 1

What is hacking?

Answer 1

The act of gaining illegal access to a computer

Question 2

What are viruses?

Answer 2

Program or program code that can replicate itself with the intention of deleting or corrupting files or cause the computer to malfunction.

Question 3

What is phishing?

Answer 3

The creator sends out a legitimate looking email in order to obtain confidential information.

Question 4

What is pharming?

Answer 4

Code installed on the user’s hardware or on the web server that redirects the user to a fake website without their knowledge.

Question 5

What is wardriving?

Answer 5

Act of locating and using wireless internet connections illegally.

Question 6

What is spyware/key-logging software?

Answer 6

Software that gathers information by monitoring key presses on the user’s keyboard; the information is then sent back to the person who sent the software

Question 7

What are the possible effects of hacking?

Answer 7

Identity theft

Data can be deleted, changed or corrupted

Question 8

What are the possible effects of viruses?

Answer 8

Can cause the computer to crash, stop functioning normally or become unresponsive
Data can be deleted, changed or corrupted

Question 9

What are the possible effects of phishing?

Answer 9

Sender can gain info such as bank account numbers
Identity theft
Fraud

Question 10

What are the possible effects of pharming?

Answer 10

Can gain info such as bank account numbers
Identity theft
Fraud

Question 11

What are the possible effects of wardriving?

Answer 11

Possible to steal a user’s internet time to download large files
Can steal a user’s password and personal information

Question 12

What are the possible effects of spyware?

Answer 12

Can gain info such as bank account numbers

Able to install other spyware, read cookie data and change default web browser

Question 13

What methods can be used to prevent hacking?

Answer 13

Firewalls
Strong passwords and user ids
Anti-hacking software
(Encryption wont stop hacking but will make the data useless to the hacker)

Question 14

What methods can be used to prevent viruses?

Answer 14

Anti-virus software
Not using software from unknown sources
Being careful when opening email attachments

Question 15

What methods can be used to prevent phishing?

Answer 15

ISPs often filter out phishing emails

Being careful when opening email attachments

Question 16

What methods can be used to prevent pharming?

Answer 16

Anti-spyware software

Be alert and look for clues that the website is not legitimate e.g. https

Question 17

What methods can be used to prevent wardriving?

Answer 17

Use wired equivalent privacy (WEP) encryption
Use strong passwords
Firewalls

Question 18

What methods can be used to prevent spyware?

Answer 18

Anti-spyware software

Use a mouse to select keys for passwords

Question 19

What are cookies?

Answer 19

Packets of data that collect information about the user’s habits.

Question 20

Why are cookies used?

Answer 20

So that companies can display adverts that may be of interest to the user.

Question 21

How can you prevent accidental loss of data?

Answer 21

Backups
Save data regularly
Use passwords to restrict access to authorised users only

Question 22

How can you prevent data loss through hardware fault (such as head crash on HDD)

Answer 22

Backups
Save data regularly
Use uninterruptable power supply

Question 23

How can you prevent data loss through software fault?

Answer 23

Backups

Save data regularly

Question 24

How can you prevent data loss due to incorrect computer operation?

Answer 24

Backups

Good training procedures

Question 25

What does a firewall do?

Answer 25

Check whether data meets a set of criteria and if doesn’t block the traffic and give the user a notification
Logging all traffic to allow later interrogation
Keep a list of undesirable IP addresses created by the user
Helping prevent viruses and hacking

Question 26

What does a proxy server do?

Answer 26

Acts as a firewall
Keeps IP address secret
Uses a cache so that the user can connect to a website faster

Question 27

How does SSL work?

Answer 27

The web browser sends a message to the server requesting that it identifies itself
The server responds by sending a copy of its SSL certificate
If the web browser can authenticate the certificate it sends a message to the server to allow communication to begin
One this message is received the server acknowledges the browser and the data transfer can begin

Question 28

What is the purpose of TLS?

Answer 28

Provides encryption and authentication to prevent hacking.

Question 29

What are the two layers of TLS?

Answer 29

Record protocol - contains the data being transferred over the internet
Handshake protocol - allows the website and the user to authenticate each other and use encryption algorithms

Question 30

What are the differences between TLS and SSL?

Answer 30

Possible to extend TLS by adding new authentication methods
TLS makes use of session chaching
TLS separates the handshaking process from the record layer

Question 31

What is the advantage of using session caching?

Answer 31

Opening a TLS session requires a lot of computer time but caching allows the user to start or resume a session which is faster.

Question 32

What is symmetric encryption?

Answer 32

Uses 2 secret keys, 1 to encrypt and 1 to decrypt

Question 33

What is a problem with symmetric encyption?

Answer 33

Key distribution problem - keys could be interpreted by a user

Question 34

How can the key distribution problem be solved using symmetric encryption?

Answer 34

Algorithms which create a key using random numbers chosen by the sender and receiver

Question 35

How does asymmetric encryption work?

Answer 35

User A applies a symmetric key
The symmetric key is encrypted using the public key
User a sends the message with the encrypted key
User B decrypts the symmetric key by applying their private key
The symmetric key is used to decrypt the message sent by A

Question 36

How can the user increase the security of encryption?

Answer 36

Increase the length of the key - lots more possible keys

Question 37

What is authentication?

Answer 37

Used to verify that data comes from a trusted source

Question 38

Examples of authentication

Answer 38

Passwords, digital signatures, biometrics

Question 39

How do digital signatures work?

Answer 39

User writes a message
Message put through hashing algorithm
The hash number is encrypted using a private key
The message and hash number are sent over the internet
The hash number is decrypted using a public key
The hash number is compared with the message to see if the message has been altered

Question 40

Types of biometric

Answer 40

Fingerprint scans, retina scans, face recognition, voice recognition

Question 41

What is a denial of service attack?

Answer 41

An attempt to prevent users from accessing part of a network by repeatedly bombarding the server with requests

Question 42

What effects can a DOS attack have?

Answer 42

Prevent a user from accessing emails, websites or online services

Question 43

How can a user guard against DOS attacks?

Answer 43

Use up to to data malware checking software
Use a firewall
Apply email filters

Question 44

Signs a DOS is happening

Answer 44

Slow network performance
Unavailability of a website
Large amounts of spam email

Question 45

Ways a bank protects customers’ information

Answer 45

10-12 digit code
Input random numbers from pin/password
Card reader - generates a code from an internal clock and the PIN
Insert password using drop down boxes
Ask for personal data

Question 46

What is free software?

Answer 46

Users can copy, change or adapt it.

Question 47

What is freeware?

Answer 47

Software a user can download for free without further charges but they cannot study or modify the source code.

Question 48

What is shareware?

Answer 48

A free trial of a software which, after a period of time, the user will be asked to pay for.

Question 49

What can a user do with free software?

Answer 49

Run it for any legal purpose
Study the source code and modify it to meet their needs
Pass the software in original or modified form to other people