Chap 5.2 - cyber security threats

Question 1

8 cyber security threats

Answer 1

-DDos
-Malware
-Hacking
-Pharming
-Phishing
-Social engineering
-Brute force attack
-Data interception

Question 2

What is brute force attack

Answer 2

a type of cyber security attack that tries to guess the user’s password using all possible combination of characters

Question 3

How is brute force attack done

Answer 3

uses a program that automatically generates and tests different passwords until the right one is found

Question 4

how does quality of password affect the effectiveness of brute force attack

Answer 4

weak password - effective
strong password - time- consuming

Question 5

2 ways to reduce number of attempts for brute force attack

Answer 5

-check is password is one of the common ones
-use a strong words list

Question 6

What is data interception

Answer 6

type of cyber security attack where transmitted data is stolen

Question 7

how do you make brute force attack harder

Answer 7

-change passwords frequently
-long passwords with variation of characters

Question 8

How is data interception done

Answer 8

-packet sniffer
-packet injection
-Man in the Middle ( MITM)
-wardriving / Access Point Mapping

Question 9

what does packet sniffers do

Answer 9

examine data packets transmitted over a network

Question 10

is packet sniffing done in wireless or wired network

Answer 10

both

Question 11

what does packet injection do

Answer 11

forging data packets and sending them back in the network

Question 12

why is packet injection used

Answer 12

-to intercept/ disrupt transmitted data packets
-causes network quality to degrade - blocks user from accessing network resources

Question 13

what does Man in the Middle do (MITM)

Answer 13

hacker secretly intercepts data between 2 people who think they are communicating directly

Question 14

what does wardriving/ Access Point Mapping do

Answer 14

-intercepting data from a wireless network using a device, antenna, GPS device and software outside the building

Question 15

ways to safe guard from data interception

Answer 15

-have complex passwords to protect wireless router
-don’t use free public wifi
-us Wired Equivalence Privacy protocol (WEP)
-use a firewall

Question 16

What does Wired Equivalency Privacy protocol do

Answer 16

• encrypts wifi transmission - makes data incomprehensible to hacker

Question 17

What is hacking

Answer 17

a type of cyber attack that involves gaining unauthorised access to a computer system or network

Question 18

how is hacking done

Answer 18

• social engineering
  -exploits vulnerabilities in computer system or network

Question 19

What is the limitation of encrypting data form hacking

Answer 19

it doesn’t prevent hacker from corrupting files but it makes data incomprehensible

Question 20

what can hacking do

Answer 20

-change data
-delete or pass on data

Question 21

How do you prevent hacking

Answer 21

-use firewalls
-use proxy server
-frequently change passwords
-use strong passwords

Question 22

what is ethical hacking

Answer 22

hackers are paid to test company’s systems

Question 23

What is DDoS

Answer 23

-Distributed denial of services
-type of cyber security attack that overwhelms website/ server with traffic

Question 24

how is DDoS done

Answer 24

-using useless spam traffic - when server is overwhelmed by attackers useless requests to prevent service to user’s legitimate request
-botnet - spam traffic comes from different computers controlled by the attacker

Question 25

why does useless spam traffic work

Answer 25

-server can only handle a finite number of requests

Question 26

what does DDoS do to user

Answer 26

-prevents users access to emails, websites, online services

Question 27

3 signs of DDoS attacks

Answer 27

-slow network performance
-unable to access websites
-spam emails

Question 28

how to reduce DDoS

Answer 28

-use an up to date anti- malware
-firewall to restrict traffic
-email filters to filter unwanted emails

Question 29

What is phishing

Answer 29

-deceptive messages, text, calls to lure user to fake websites to login in their details

Question 30

what is must be done for phishing to work

Answer 30

user must initiate at attack

Question 31

what do phishing messages usually have

Answer 31

-appear to be trust worthy
-create panic and fear in user to make them act without thinking
-have typos/ grammatical errors

Question 32

what is spear phishing

Answer 32

phishing done to specific people

Question 33

How to prevent phishing

Answer 33

-don’t click on links/ emails until total certainty that it’s safe
-look for secure website protocol
-run anti- phishing tools bar

Question 34

what is pharming

Answer 34

type of cyber security attack computer’s system or DNS is manipulated to redirect user to a fake website

Question 35

what is the difference between pharming and phishing

Answer 35

pharming does not need user to initiate attack

Question 36

How is pharming done

Answer 36

-malware
-DNS cache poisoning

Question 37

what does DNS cache poisoning do

Answer 37

• changes real Ip address of URL to the one of the fake website

Question 37

What does malware do (pharming)

Answer 37

-alters the host’s files that map domain names to Ip address to direct user to fake website

Question 38

How to prevent Pharming

Answer 38

-use anti- virus software
-check website for correct address
-look for secure protocol

Question 39

What is social engineering

Answer 39

-manipulating users into revealing information or taking action
-to gain illegal access to comp or put malware
-try to impersonate or create a fake situation so they can scare or give advise on

Question 40

5 ways social engineering is used

Answer 40

-instant messages
-phone calls
-bait
-scareware
-email/ phishing scams

Question 41

how is instant messaging used in social engineering

Answer 41

attacker send message to user to click malicious link

Question 42

how is scareware used in social engineering

Answer 42

-message with a fake situation is sent to user to scare them into initiating the attack without thinking

Question 43

how is baiting used in social engineering

Answer 43

clickbait - user is tricked into clicking link and gets nothing in return
pen drive bait - user plugs in malware infected memory stick that was intentionally left by attacker

Question 44

how is emails/ phishing scams used in social engineering

Answer 44

-user is tricked into opening an email and is redirected to a fake website

Question 45

how is phone calls used in social engineering

Answer 45

attacker advises user on fake situation to get information out of them

Question 46

What is tactics do social engineering have

Answer 46

-impersonating
-create urgency and fear to make user act without thinking
-scarcity and opportunity - offering details to get user’s information

Question 47

What is malware

Answer 47

a type of software designed to harm a computer’s system

Question 48

6 types of malware

Answer 48

-virus
-worm
-torjan horse
-adware
-ransomware
-spyware

Question 49

what is a virus and how does it work

Answer 49

-program that replicates itself to damage files or malfunction user’s computer
-needs an active host
sent as emails, infected websites or software to be downloaded

Question 50

what is a worms and how does it work

Answer 50

-standalone virus that replicate itself to spread to other computers
-doesn’t need and active host
-rely on security failures to move through the network
-one infect computer can infect the whole network

Question 50

what is a spyware and how does it work

Answer 50

software that monitors user’s online activity and gathers them

Question 50

what is a adware and how does it work

Answer 50

-software that flood user’s computer with ads
-usually as pop- up
-hard to remove - difficult to determine its harmfulness by anti- malware
-hijacks browser and creates it own defult search requests
-shows weakness in computer’s system which may be exploited by other malware

Question 50

what is a ransomware and how does it work

Answer 50

-program that encrypts user’s data until money is paid
-installed on computer through a torjan horse or social engineering

Question 51

what is a torjan horse and how does it work

Answer 51

-programs disguised as legitimate softwares
-need an active host
-spyware and ransomware often installed though this

Question 52

describe how brute force attacks are used

Answer 52

-uses trial and error to guess the password
-combinations are repeatedly entered
-either manually or automatically by a software

Question 53

5 ways to target and attack intended victim

Answer 53

-spear phishing- use deceptive calls, links and messages
-ransomware- encrypt user’s data, demand money to decrypt it
-malware infected memory sticks- put in comp to infect comp
-instant messaging- malicious links
-scareware- fake antivirus softwares