B - Cyber Security

Question 1

Hacking

Answer 1

Unauthorised access to a computer system. Covered by the Computer Misuse Act 1990

Question 2

Why are systems attacked?

Answer 2

Fun, financial gain, industrial espionage, personal attacks, hacktivism (hacking for activism)

Question 3

Types of Hackers

Answer 3

Black Hat - a hacker with malicious intent, Grey Hat - a hacker with neither malicious or heroic intent, White Hat - a hacker with heroic intent to stop other hackers

Question 4

Types of threat to a computer system

Answer 4

Unauthorised access, virus, worm, botnet/DDoS attack, rootkit, trojan, ransomware, spyware

Question 5

Virus

Answer 5

A computer program or part of a computer program that can make copies of itself and is intended to prevent the computer from working normally

Question 6

Worm

Answer 6

a harmful computer program that can copy itself and spread across a number of connected computers

Question 7

Botnet

Answer 7

A group of computers that are controlled by software containing harmful programs, without their users’ knowledge

Question 8

DDoS

Answer 8

Distributed Denial of Service: an occasion when a computer network or website is intentionally prevented from working correctly, by a botnet sending lots of data at once.

Question 9

Rootkit

Answer 9

A type of malware designed to give hackers access to and control over a target device. Most rootkits affect the software and the operating system.

Question 10

Trojan

Answer 10

A computer program that has been deliberately designed to destroy information, or allow someone to steal it.

Question 11

Ransomware

Answer 11

Software designed by criminals to prevent computer users from getting access to their own computer system or files unless they pay money.

Question 12

Spyware

Answer 12

Software that collects information about how someone uses the internet, or personal information such as passwords, without the user knowing about it

Question 13

Social Engineering

Answer 13

Manipulating people so that confidential information can be found out.

Question 14

Why does social engineering work?

Answer 14

Most people want to do the right thing, and this is why it works. In a recent study, 60% of unauthorised USB drives were mounted to a computer and used in a controlled environment.

Question 15

Types of Social Engineering

Answer 15

Phishing, pharming, shoulder surfing, tailgating, baiting, pretexting

Question 16

Internal Threats

Answer 16

dodgy websites, portable storage, stealing/leaking data, disclosure of data, overriding security, downloads

Question 17

Why do Internal Threats happen?

Answer 17

accidents or employee choosing to attack a business

Question 18

impacts of an Internal Threat

Answer 18

short term (data loss/downtime, lost sales), long term (reputation damage, financial loss)

Question 19

Firewall

Answer 19

set of rules that filter suspicous network packet from remote networks

Question 20

Hardware Firewall

Answer 20

Sits between an external network and an internal connection - like a LAN and the internet - as a first line of defence.

Question 21

Software Firewall

Answer 21

On a system - like a computer - to filter network data in and out. Secondary protection, which uses an ACL to block certain data.

Question 22

Types of Device Hardening

Answer 22

security patches, anti-virus, firewalls, user permissions, closing ports, encryption