AS16 Flashcards
1
Q
Threats
A
- Unauthorised access/modification of data.
- Disclosure/Disruption of data.
- Destruction/Loss of data/storage media.
- Unhappy employees (leaking files, disrupting communications)
2
Q
Standard Clerical Procedures
A
- Removal of data prohibited by a policy.
- Removal of USB ports from machines to prevent theft.
- Only hiring employees w/ no criminal record.
- Regular data back-up.
3
Q
Levels of Permitted Access
A
- Employees can only access essential data.
- Different users can read/write data and create/remove tables to varying degrees or access.
4
Q
Passwords
A
- A combo of uppercase, lowercase, numbers and symbols is a requirement.
- Imposing a minimum length to ensure complexity.
- Requiring frequent changes to avoid being compromised.
5
Q
Write-protect Mechanisms
A
- A setting that can be applied to disk drives/certain folders.
- This data can be read but not changed.
6
Q
Anti-virus Software
A
- File servers are protected with this software.
- Regularly scans all files on a server to check for viruses.
7
Q
Encryption
A
- The encryption key is only known/used by the organisation.
8
Q
Firewall
A
- Servers are protected with firewalls which checks network traffic and blocks any suspicious traffic from accessing the internet.
9
Q
Disaster Planning
A
- Data must be backed up.
- Backups must be stored in an off site location.
- Critical operations may include a system of redundancy, where other computers can account for the workload of a computer that goes down.
- An alternative means of communication must be established.
- Backups must have a plan of retrieval.
10
Q
Malicious Damage
A
- Damage that had the specific intent to create such consequences.
- A hacker gaining access to a system; A virus being installed; An employee damaging data for their gain.
11
Q
Accidental Damage
A
- When data is lost but there was no deliberate intention.
- A person accidentally deleting a record; A server crash; A loss of power; Destruction of equipment in a disaster.
12
Q
Black Hat Hacking
A
- Hackers breaking into systems for their own purposes.
- Computer Misuse Act 1990, could be prosecuted.
13
Q
White Hat Hacking
A
- Hackers breaking into systems to expose flaws and advise companies on security measures.
14
Q
Grey Hat Hacking
A
- Not directly hired by a company, perform pen testing to expose flaws.
- Computer Misuse Act 1990, could be prosecuted.
15
Q
Phases of Pen Testing
A
- Reconnaissance (collecting publicly available data)
- Scanning/Probing (scanning for available ports, testing addresses)
- Gaining access (using this info to test vulnerabilities)
- Maintaining access (changing passwords, creating backdoors)
- Clearing tracks (deleting user logs)
16
Q
Virus
A
- Software which will spread over a network by infecting emails/websites/removable devices.
- Will deliver a payload of other malicious software.
17
Q
Trojans
A
- Hidden in files/programs.
- File opened = trojan activated = payload delivered.
- Tricking users into downloading files/Using illegal peer-to-peer file sharing networks is how it spreads.
18
Q
Spyware
A
- Tracks key presses and software use and sends details back to the hacker.
- Used to commit identity fraud.
- Tends to be a virus payload.
19
Q
Scare-ware
A
- Scare-ware scares user into buying fake software in order to ‘fix a problem’ on their computer (pop-up messages).
- Delivered via a compromised website.
20
Q
Ransom-ware
A
- Will delete, collect or encrypt files which will be ransomed back.
- Can take control of webcams.
- Delivered via a payload of a virus.
21
Q
Botnets
A
- Creates a backdoor to your computer, allowing the hacker to run your computer as part of a larger group of compromised computers.
- Delivered via a payload of a virus.
22
Q
Attack Vector
A
- A path/method by which a hacker can gain access to a computer/network server in order to deliver a payload.
