Chapter 10: Cybersecurity

Question 1

What is accurate data?

Answer 1

Data that is true to the source. How close the data is to its true or accepted value

Question 2

What is correct data?

Answer 2

If the data is free from error

Question 3

If data is precise, what does this mean?

Answer 3

How close the data is to other sets of data

Question 4

What is authentic data?

Answer 4

If the data is from a trusted source

Question 5

If data is reasonable, what does this mean?

Answer 5

The data meets the expected range, values

Question 6

What is data mining?

Answer 6

Process of extracting and discovering patterns in large sets of data, to come to conclusions

Question 6

What are deliberate threats?

Answer 6

Where unauthorised people try to gain access to an organisations information, and can be both from the inside and outside of an organisation.

Question 7

Give examples of accidental threats

Answer 7

1) Deletion of files without having a backup
2) Files saved in the wrong format, causing it to be lost or corrupt
3) Physical loss of hardware

Question 7

What are Event-based threats, give examples?

Answer 7

Particular events that occur where the user has NO CONTROL over them, such as:

1) Failure of hardware, power failure, Software freezing all cause a file to be corrupt
2) Natural disasters -> significant loss of data

Question 8

Define protection

Answer 8

What can be done to prevent malicious attacks on the data within the organisation, AKA “front door”

Question 8

What is internet security?

Answer 8

Application of security measures based on a cost/benefit analysis, for instance a company can have a large range of security measures placed on it, but the cost of it will be very large

Question 8

What are the 3 categories of user authentication?

Answer 8

1) Ownership factors (what the user has)
- ID Card
- Phone

2) Knowledge factors (something the user knows)
- Password
- PIN
- Answer to a specific question

3) Inherence factors
- fingerprint
- biometrics

Question 9

Define User Authentication

Answer 9

Process where a person who wishes to gain access to an information system provides satisfactory credentials to allow them to be confirmed

Question 10

What is defined as a “complex” password?

Answer 10

Consisting of:

1) At least 8 characters
2) A mix of numbers, letters and special case characters
3) Upper and Lowercase

Question 10

What is password entropy?

Answer 10

How easily a password can be “cracked”, which is why the length of a password is important.

Question 11

What is a dictionary attack?

Answer 11

Trying all the strings in a pre-arranged list, think “Dictionary”

Question 12

How can you prevent a dictionary attack?

Answer 12

By choosing a password that is not simple and common and isn’t found in any dictionary

Question 13

How do you encrypt data using hashing?

Answer 13

When a user enters their username and password, both are hashed using a key to produce a hashed value of each that is SIGNIFICANTLY different from the original.
This hashed value can be compared to the hashed value that is stored in the database

Question 14

What is the benefit of encrypting data using hashing, and how can hashing be bypassed?

Answer 14

The main benefit is the database only contains hashed values, however, if a hacker obtains the hashed database, they can take their time and brute force all the different hash table keys, or by using a rainbow table.

Question 14

What are rainbow tables?

Answer 14

List of all possible permutations of encrypted passwords, which are specific to a given hash table

Question 15

How do rainbow tables work?

Answer 15

Once a hacker gains access the password database, they can compare the rainbow table’s PRECOMPILED list of potential hashes to the hashed passwords in the database

(Reverse engineering of the hash is applied to the username and password basically)

Question 16

What is salt and how does it prevent the use of rainbow tables?

Answer 16

Process of adding random data to each username and password before it is hashed, for instance making them longer means that they have a larger hashed value.

Rainbow tables have difficulties with salted hashes as they first need to figure out what was used + what salt was added

Question 17

What is honeypot intrusion detection?

Answer 17

A form of trap that is used to detect hacking attacks or collect information on malware that can be used to protect the information system against future attacks.

It can also collect evidence that can be used in any potential prosecution if the intruder is caught.

A honeypot is a server on the network which often doesn’t have much protection to lure the intruder to the network, thus a (trap)

Question 17

What are firewalls?

Answer 17

They are either software or hardware security devices that filter traffic (both incoming and outgoing) within a network based off a specific configuration (or a set of rules)

Question 18

How do firewalls work?

Answer 18

When the traffic passes through a firewall, it is inspected to see if it meets certain criteria.

1) if it does -> it is allowed through
2) if it doesn’t-> it is blocked

How is traffic filtered?

1) the type of network traffic
2) source address
3) attributes of the address

Question 19

What is Malware?

Answer 19

Malicious Software. Basically, designed to steal data and cause damage to computers and computer systems, eg networks and servers.

Question 19

Difference between client and network firewalls

Answer 19

Client firewalls are software that run on an end user’s computer, and only protect the computer on which it is running

Whereas network firewalls are installed on the boundary between 2 networks and protect the whole organisation

Question 20

How do computer viruses avoid detection?

Answer 20

Some of the viruses include code that encrypts the virus so that the “signature” of the virus is different

Question 21

What are worms?

Answer 21

Unlike computer viruses, worms are programs that replicate itself for the sole purpose of consuming bandwidth, which is the rate of transfer of data

Question 21

What are computer viruses?

Answer 21

A program which is designed to replicate itself and is often transmitted via unremovable secondary storage devices such as USB Thumb drives, and portable hard drives

Question 22

What are trojans?

Answer 22

They are viruses that are disguised as another software package that performs a different purpose

Question 23

What are the functions of a trojan?, and what does it not do well?

Answer 23

[+] It can install a “spambot”
[+] It can install software that allows the user of the trojan to get access to the infected computer
[+] Install pop-up advertisements
can turn computer into a zombie
[+] Can delete files the same way a virus does
[-] A trojan does not replicate itself well, as it relies on the user to download or distribute the program.

Question 24

What is a Distributed Denial of Service (DDOS) Attack?

Answer 24

A malicious attempt to disrupt the normal traffic of a targeted server/network by flooding it with an overload of traffic.

Question 24

How can organisations stop a DDOS attack?

Answer 24

Changing your IP, which takes time. However, When you change your IP, the hacker can just redirect the attack to the new IP Address.

Question 25

How does a DDOS attack work?

Answer 25

Zombies which are apart of the ‘botnet’. These zombies are instructed to send Internet protocol (IP) requests to a targeted web server. The sheer amount of requests is too much to handle.

Question 26

What is Spyware?

Answer 26

Type of malware which is concerned with the collection of information, often delivered as a payload, alongside a worm or a trojan

Question 27

What is Adware?

Answer 27

Subset of spyware, will display popup ads frequently, and these ads are a source of income for the owner

Question 27

What is a SQL?

Answer 27

Structured Query Language, designed to extract, add, delete or edit records in a database

Question 28

How does an SQL Injection work?

Answer 28

In a login system taking direct input from the user and placing it in a SQL command can be a concern, as the user has the ability to INJECT their own code into the query.

They can simply add an “or” statement, which makes the whole statement ALWAYS TRUE, such as fkrmgkmgrkw, “or” 1=1”.

This gives the user access to the entire database

Question 29

What is packet sniffing?

Answer 29

Gathering or collecting data that passes through a network by intercepting and reading it.

Question 29

How do you protect from an SQL Injection?

Answer 29

Simply by validating the user input prior to inserting them into the SQL string as parameters, which prevents the users to directly write code into the input

Question 29

How are unsecured public wireless connections a threat?

Answer 29

Public unsecured “open” connections may be sourced via a router which is protected by a firewall, you are not protected from the people close by to you. Because data sent over an unsecured network is NOT ENCRYPTED, any data that you send or receive can be packet sniffed, or intercepted.

Question 30

What is a Man in the middle attack?

Answer 30

Gaining access to a user’s data by inserting themselves in the middle of the communication that the user is having with the information system they are connected with (EAVESDROPPING)

Question 31

How can you protect yourself from a Man in the middle attack?

Answer 31

1) Network discovery, by turning network discovery off, meaning that your computer will not be seen on the network

2) Disabling all means of sharing files and resources which are usually open by default

3) Using https instead of http when entering sensitive informationin sites, as https use an established encrypted connection to protect the data

4) Using ur own personal firewall

5) Connecting to a Virtual Private Network (VPN), as it is encrypted.

Question 31

What is the benefit of using symmetric key encryption?

Answer 31

Good for sending a large amount of information

Question 31

Define Encryption?

Answer 31

Encoding information so that it is unreadable.

Question 32

What is Symmetric Key Encryption?

Answer 32

The “plaintext” version of the data is encrypted using a “secret” key and then sent to the recipient who then needs to decrypt it using the same key. The problem with this is sending the secret key to the recipient without it being intercepted easily (securely)

Question 33

How does Asymmetric key encryption work?

Answer 33

1) If someone wants to send information to someone else, they must first request a copy of the public key

2) This enables them to encrypt the information and send it

3) When the information is received, the owner of the both the public and private key is able to decrypt the info using the private key

keep in mind that public keys can be sent to anyone who wishes to send information to you

But only you should have access to your private key

Question 33

What is Asymmetric key encryption?

Answer 33

Uses 2 keys, 1 public and 1 private key.

The public key can only be used to encrypt information

The private key can only be used to decrypt the information

Question 34

What is the disadvantage of Asymmetric key encryption?

Answer 34

Works well but is not good for large amounts of information and is slow.

Question 35

What is Security Sockets Layer (SSL)?

Answer 35

Technology that keeps an internet connection secure, using encryption to protect the data being sent between 2 systems

Is a common application of ASYMMETRIC key encryption, which establishes a “handshake” between a web server and a web browser, by making sure that any data that is transferred impossible to read. TSL is just the more advanced version of SSL.