Component 1.9 - Security And Data Management (Finished) Flashcards
What can be used to improve network security?
Encryption techniques, user access levels, suitable passwords
What do user access levels do?
User access levels define which change/view selected stored data. It allows certain users read/write access to data on a computer system
Why would user access levels be used on a network?
Certain users don’t need to access all data so user access levels are used to keep them from viewing/changing it. E.g. an administrator in a company should have access to all data but an assistant should not have access to confidential data
What do passwords do?
Passwords are used to prove a person’s identity to a computer system allowing them access to it
What is a brute force attack?
Using programs to try multiple password guesses in quick succession
What is the problem with short, simple passwords?
Another user can easily guess them and a hacker could use a brute force attack
How do you calculate the number of attempts needed to brute force a password?
Attempts = number if characters^password length
What is a suitable password for network security like and why?
A suitable password should be long and use a combination of different characters (upper case, lower case, alphanumeric) as it will be harder to guess and take longer to brute force due to more characters available and a longer length
What is encryption?
Encryption is the conversion of data using an algorithm into cyphertext that can’t be easily understood by people without the decryption key
Which logical operator is often used for encryption?
XOR
How is the xor logical operator used for encryption?
During encryption, the XOR logical operator is used on the data and a key. (If data is 10101010 and key is 11110000, you do 1 XOR 1, 1 XOR 0 and so on to get 01011010). The data is encrypted now.
What is a ‘key’
A ‘key’ is a secure binary number, known only to the sender and recipient
How is data encrypted using XOR decrypted?
The encrypted data can be XOR’d with the key once again to regain the original data
What is compression?
Compression is the process of making a file size smaller
What is the advantage if compression?
Compression allows for more data to be stored on the disk and for files to be transferred faster.
What are the two primary compression methods?
Lossy and lossless
What is lossless compression?
Lossless compression is a data compression technique using an algorithm to compress data into a form that can be decompressed at any time with no loss. (The file is returned to its exact original form)
When is lossless compression used?
Lossless data compression is used when any loss of detail (e.g. word document) could have a
Really bad effect
Give an example of lossless compression?
Replacing ‘the’ in a word document with the character @
What is lossy compression?
Lossy compression is a data compression technique that compresses the file size by discarding some data
How is the compression ratio calculated?
Original file size / compressed file size
What is lossy compression used for?
The compression of multimedia data (sound, video)
What are network policies?
Network policies are documents written to outline the rules users are required to follow while using a computer network. Following publication, users need to adhere to the rules
What are some typical rules set out in network policies?
- List of unacceptable types of websites
- Activities not allowed on the network (e.g. gambling)
- unauthorised software
Give some examples of disasters covered by ‘disaster recovery’
- Fire, flooding
- hardware failure
- software failure
- malicious damage (hacking)
- accidental damage
What are the three parts to a disaster recovery policy?
- Before the disaster
- during the disaster
- after the disaster
What does the ‘before the disaster’ section of a disaster recovery policy include?
It includes risk analysis, preventative measures and staff training
What does the ‘during the disaster’ section of a disaster recovery policy include?
The staff response - implementation of plans
What does the ‘after the disaster’ section of a disaster recovery policy include?
Recovery measures, purchasing of replacement hardware, software reinstalling, restoring backup data
What is a backup?
A backup is a copy of data that can be used if the original data is lost
Why should regular backups be made?
The older a backup, the less likely it is to match current data stored on the computer system
What does a backup policy do?
It sets out how often to backup and what backup medium to use
What would a typical backup policy require?
That three different backups are kept at a given time, with one stored off sight
What is the name given to the oldest (of three), second oldest (of three) and most recent backup?
Grandfather, father and son. If a new one is made all names shift, so father becomes grandfather, son father and new one son
What is the three backup policy called?
The grandfather-father-son method
What is archiving?
Archiving is the process of storing data that is no longer in current or frequent use
Why is archived data (old no longer used data) held?
Archived data is held for security, legal or historical reasons
Why is archiving done?
Archiving data frees up resources on the main computer system and allows faster access to data that is in use
When is data archived?
When it is no longer in chrrent or frequient use
What do attacks on online networks usually target?
Confidential data such as customers’ details or technical info about products etc
What is cybersecurity?
Cybersecurity is the range of measures taken to protect computer systems, networks and data from unauthorised access or cyberattack.
Name the types of malware used for cyberattacks?
Viruses, Worms, Spyware, Trojans
What are Viruses?
Viruses are programs that can replicate themselves and be spread from one system to another by attaching themselves to host files.
What are viruses used for?
Viruses are used to modify or corrupt information on a targeted computer system
What are worms?
Worms are self-replicating programs that identify vulnerabilities in operating systems and enable remote control of the infected computer
How does a computer become infected by spyware?
Spyware can be installed by opening attachments or downloading infected software
What is spyware used for?
Apyware is used to collect stored data without the user’s knowledge
What is a trojan?
A trojan is a program that appears to provide a useful function but provides a ‘backdoor’ that allows data to be stolen
What are keyloggers?
Keyloggers are a type of spyware used to track keystrokes
Why are keyloggers used to track keystrokes?
Keyloggers can be used to capture passwords, account numbers etc for fraudulent use
What does anti-virus software/virus protection software do?
Anti-virus software is loaded into memory when the computer is running. It monitors activity on a computer system for the signs of virus infection
How does an anti-virus software detect viruses?
Each virus has its own unique ‘signature’, known to virus protection software and stored in a database. Data stored on a computer system is scanned and compared to signatures in the database to see if any of the virus signatures within the database exist on the computer system
Why does virus protection software need to be updated regularly?
New viruses are created every day, so databases of virus protection software need to be updated to combat these
How can you protect against malware?
- Instal, virus protection software
- Use a firewall
- Keep your operating system updated
- use latest web browser versions
- look out for phishing emails
What is a firewall?
A firewall is a software or hardware security system that controls the incoming and outgoing network traffic
How does a firewall determine if packets of data should be allowed through or not?
A firewall monitors where data has come from and where it is going to and determines if communication is allowed by checking a list of pre-defined rules
Why does updating the operating system protect against malware?
New ways to bypass the operating systems’ security are often discovered, so by installing security patches they can be covered up
How does using the latest version of a web browser help protect against malware?
The manufacturers of web browsers seek to improve their products and remove (possible) security vulnerabilities. By installing updates you are covering up previously possible vulnerabilities.
What should be done if you suspect you have malware on your computer?
You should run a malicious software removal tool that should detect and remove malware not blocked by the anti-virus software
Give 3 forms of cyberattack?
- shoulder surfing
- SQL injection
- DoS attack
- Password-based attacks
- IP address spoofing
- Social engineering
What is shoulder surfing?
Shoulder surfing is using direct observation to get information
How does the cyberattack shoulder surfing work?
Direct observation is used to get a PIN number, details from a form etc. Watching someone enter personal information
How does the cyberattack ‘SQL injection’ work?
Malicious users can inject SQL commands into an SQL statement (database request) via web page input. These injected SQL commands can alter SQL statements and compromise the security of information held in a database
What is a DoS attack?
A DoS attack is a cyberattack that attempts to make a website and servers unavailable to legitimate users, by swamping/spamming a system with fake requests - usually to try and exhaust server resources
What is the difference between a DoS and DDoS attack?
A DoS (Denial of service) attack involves a single internet connection. However a DDoS attack (Distributed denial of service) is launched from multiple connected devices distributed across the internet
Why are DoS/DDoS attacks useful?
DoS attacks can be used as a distraction to cover up another attack. By flooding the network infrastructure with high volumes of traffic, IT staff could be distracted and not notice another ongoing attack
What are the three password based attacks?
Dictionary attacks, brute force attacks, educated guessing
How does a dictionary attack work?
Dictionary attacks use a simple file containing words found in a dictionary containing common passwords. The attacker uses exactly these kinds of words since many people use them as their passwords
How does IP address spoofing work?
In IP address spoofing, an attacker changes the IP address of a legitimate host so that a visitor who types it is taken to a fraudulent disguised web page. That page can then be used to steal sensitive data or install malware.
How does the cyberattack ‘social engineering’ work?
Social engineering involves tricking a user into giving out sensitive information such as a password, by posting as a legitimate system administrator (e.g. scam emails)(phishing)
What is pharming?
Pharming is where users are unknowingly re-directed to a fake website used to steal data
What is phishing?
Phishing is an attempt ot acquire users’ details using fake emails and webpages
What is Ethical hacking?
Ethical hacking is hacking carried out with the permission of the system owner to search for weak points
How does ethical hacking work?
In ethical hacking a hacker is permitted by the system owner to cover all computer attack techniques. They attempt to bypass system security and search for weak points that could be exploited by malicious hackers. The information is then used by the owner to improve security
What is footprinting?
Footprinting is the first step in the evaluation of the security of a computer system, involving gathering all information about it
How does footprinting help improve system security?
Footprinting involves gathering all available information about a computer system or network and devices attached to it. This enables a penetration tester to discover how much detail a potential attacker could find out about a system. This allows an organisation to limit the technical information publicly available
What is ethical hacking?
Ethical hacking is hacking carried out with permission from the system owner to cover all computer attack techniques
How does ethical hacking help improve data security?
An ethical hacker will attempt to bypass system security and search for any weak points exploitable by malicious hackers. This information can then be used by the system owner to improve their security system.
What is penetration testing?
Penetration testing is a sub set of ethical hacking that deals with the process of testing a computer system or network to find vulnerabilities
What are the four four penetration testing strategies we should know?
Targeted testing, external testing, internal testing, blind testing
How does the ‘blind testing’ penetration test strategy work?
In blind testing, the information given to the term performing the test is limited to simulate the actions and procedures of a real attacker
What happens in the ‘targeted testing’ penetration test strateg?
The testing is carried out by the organisation’s IT team and penetration testing team working together.
Why would the external testing strategy for a penetration test be used?
External testing is used to find out if an outside attacker can get in and how far they can get in once they have found access
Why would the internal testing penetration test strategy be used?
The internal testing strategy is used to find out how much damage a dissatisfied employee could cause
What is ‘secure by design’?
Secure by design is an approach seeking to make software systems as free of vulnerabilities through measures such as continual testing and adherence to best programming practices
What is the benefit of security issues being taken into account and corresponding security measure being considered during design in ‘secure by design’?
This ensures that security is not an afterthought, reducing the need for addressing vulnerabilities and patching security holes discovered in use.
What are some examples of attacks prevented during design and testing?
Buffer overflow attacks, permissions, scripting restrictions, accepting parameter without validation
What is a buffer overflow?
A buffer overflow occurs when a program tries to store more data in a buffer (temporary data storage area) than it was intended to hold
How do buffer overflow attacks work?
In a buffer overflow attack, a buffer overflow may intentionally be caused, where the overflow data may contain codes designed to change data or disclose confidential information
How can a buffer overflow attack be prevented?
Through thorough testing, particularly of any library routines used
How can malicious practices using permissions be prevented with ‘secure by design’ strategy?
App developers need to consider the scope of access and limit the number of permissions required at the design stage for their app
What is Same Origin Policy (SOP)?
Same Origin Policy is a security measure that prevents a web site’s scripts from accessing and interact in with scripts on other sites
Why is accepting parameter without validation a security issue?
If inputs submitted to (dynamically generated) HTML webpages are not validated on the way in to another page, maulicious script can be embedded within inputs which could then appear to browsers as originating from a trusted source
What are cookies?
Cookies are data stored on a computer system
What do cookies allow websites to do?
Cookies can allow websites to store a small amount of uniquely identifying data on your computer system while you are visiting them.
Why can cookies be useful?
Cookies can allow the website you visit to identify you in future without requesting for identity every time. The cookies could also store information such as a shopping basket between separate browsing sessions
