Component 1.9 - Security And Data Management (Finished)

Question 1

What can be used to improve network security?

Answer 1

Encryption techniques, user access levels, suitable passwords

Question 2

What do user access levels do?

Answer 2

User access levels define which change/view selected stored data. It allows certain users read/write access to data on a computer system

Question 3

Why would user access levels be used on a network?

Answer 3

Certain users don’t need to access all data so user access levels are used to keep them from viewing/changing it. E.g. an administrator in a company should have access to all data but an assistant should not have access to confidential data

Question 4

What do passwords do?

Answer 4

Passwords are used to prove a person’s identity to a computer system allowing them access to it

Question 5

What is a brute force attack?

Answer 5

Using programs to try multiple password guesses in quick succession

Question 6

What is the problem with short, simple passwords?

Answer 6

Another user can easily guess them and a hacker could use a brute force attack

Question 7

How do you calculate the number of attempts needed to brute force a password?

Answer 7

Attempts = number if characters^password length

Question 8

What is a suitable password for network security like and why?

Answer 8

A suitable password should be long and use a combination of different characters (upper case, lower case, alphanumeric) as it will be harder to guess and take longer to brute force due to more characters available and a longer length

Question 9

What is encryption?

Answer 9

Encryption is the conversion of data using an algorithm into cyphertext that can’t be easily understood by people without the decryption key

Question 10

Which logical operator is often used for encryption?

Answer 10

XOR

Question 11

How is the xor logical operator used for encryption?

Answer 11

During encryption, the XOR logical operator is used on the data and a key. (If data is 10101010 and key is 11110000, you do 1 XOR 1, 1 XOR 0 and so on to get 01011010). The data is encrypted now.

Question 12

What is a ‘key’

Answer 12

A ‘key’ is a secure binary number, known only to the sender and recipient

Question 13

How is data encrypted using XOR decrypted?

Answer 13

The encrypted data can be XOR’d with the key once again to regain the original data

Question 14

What is compression?

Answer 14

Compression is the process of making a file size smaller

Question 15

What is the advantage if compression?

Answer 15

Compression allows for more data to be stored on the disk and for files to be transferred faster.

Question 16

What are the two primary compression methods?

Answer 16

Lossy and lossless

Question 17

What is lossless compression?

Answer 17

Lossless compression is a data compression technique using an algorithm to compress data into a form that can be decompressed at any time with no loss. (The file is returned to its exact original form)

Question 18

When is lossless compression used?

Answer 18

Lossless data compression is used when any loss of detail (e.g. word document) could have a
Really bad effect

Question 19

Give an example of lossless compression?

Answer 19

Replacing ‘the’ in a word document with the character @

Question 20

What is lossy compression?

Answer 20

Lossy compression is a data compression technique that compresses the file size by discarding some data

Question 21

How is the compression ratio calculated?

Answer 21

Original file size / compressed file size

Question 22

What is lossy compression used for?

Answer 22

The compression of multimedia data (sound, video)

Question 23

What are network policies?

Answer 23

Network policies are documents written to outline the rules users are required to follow while using a computer network. Following publication, users need to adhere to the rules

Question 24

What are some typical rules set out in network policies?

Answer 24

• List of unacceptable types of websites
• Activities not allowed on the network (e.g. gambling)
• unauthorised software

Question 25

Give some examples of disasters covered by 'disaster recovery'

Answer 25

- Fire, flooding - hardware failure - software failure - malicious damage (hacking) - accidental damage

Question 26

What are the three parts to a disaster recovery policy?

Answer 26

- Before the disaster - during the disaster - after the disaster

Question 27

What does the 'before the disaster' section of a disaster recovery policy include?

Answer 27

It includes risk analysis, preventative measures and staff training

Question 28

What does the 'during the disaster' section of a disaster recovery policy include?

Answer 28

The staff response - implementation of plans

Question 29

What does the 'after the disaster' section of a disaster recovery policy include?

Answer 29

Recovery measures, purchasing of replacement hardware, software reinstalling, restoring backup data

Question 30

What is a backup?

Answer 30

A backup is a copy of data that can be used if the original data is lost

Question 31

Why should regular backups be made?

Answer 31

The older a backup, the less likely it is to match current data stored on the computer system

Question 32

What does a backup policy do?

Answer 32

It sets out how often to backup and what backup medium to use

Question 33

What would a typical backup policy require?

Answer 33

That three different backups are kept at a given time, with one stored off sight

Question 34

What is the name given to the oldest (of three), second oldest (of three) and most recent backup?

Answer 34

Grandfather, father and son. If a new one is made all names shift, so father becomes grandfather, son father and new one son

Question 35

What is the three backup policy called?

Answer 35

The grandfather-father-son method

Question 36

What is archiving?

Answer 36

Archiving is the process of storing data that is no longer in current or frequent use

Question 37

Why is archived data (old no longer used data) held?

Answer 37

Archived data is held for security, legal or historical reasons

Question 38

Why is archiving done?

Answer 38

Archiving data frees up resources on the main computer system and allows faster access to data that is in use

Question 39

When is data archived?

Answer 39

When it is no longer in chrrent or frequient use

Question 40

What do attacks on online networks usually target?

Answer 40

Confidential data such as customers' details or technical info about products etc

Question 41

What is cybersecurity?

Answer 41

Cybersecurity is the range of measures taken to protect computer systems, networks and data from unauthorised access or cyberattack.

Question 42

Name the types of malware used for cyberattacks?

Answer 42

Viruses, Worms, Spyware, Trojans

Question 43

What are Viruses?

Answer 43

Viruses are programs that can replicate themselves and be spread from one system to another by attaching themselves to host files.

Question 44

What are viruses used for?

Answer 44

Viruses are used to modify or corrupt information on a targeted computer system

Question 45

What are worms?

Answer 45

Worms are self-replicating programs that identify vulnerabilities in operating systems and enable remote control of the infected computer

Question 46

How does a computer become infected by spyware?

Answer 46

Spyware can be installed by opening attachments or downloading infected software

Question 47

What is spyware used for?

Answer 47

Apyware is used to collect stored data without the user's knowledge

Question 48

What is a trojan?

Answer 48

A trojan is a program that appears to provide a useful function but provides a 'backdoor' that allows data to be stolen

Question 49

What are keyloggers?

Answer 49

Keyloggers are a type of spyware used to track keystrokes

Question 50

Why are keyloggers used to track keystrokes?

Answer 50

Keyloggers can be used to capture passwords, account numbers etc for fraudulent use

Question 51

What does anti-virus software/virus protection software do?

Answer 51

Anti-virus software is loaded into memory when the computer is running. It monitors activity on a computer system for the signs of virus infection

Question 52

How does an anti-virus software detect viruses?

Answer 52

Each virus has its own unique 'signature', known to virus protection software and stored in a database. Data stored on a computer system is scanned and compared to signatures in the database to see if any of the virus signatures within the database exist on the computer system

Question 53

Why does virus protection software need to be updated regularly?

Answer 53

New viruses are created every day, so databases of virus protection software need to be updated to combat these

Question 54

How can you protect against malware?

Answer 54

- Instal, virus protection software - Use a firewall - Keep your operating system updated - use latest web browser versions - look out for phishing emails

Question 55

What is a firewall?

Answer 55

A firewall is a software or hardware security system that controls the incoming and outgoing network traffic

Question 56

How does a firewall determine if packets of data should be allowed through or not?

Answer 56

A firewall monitors where data has come from and where it is going to and determines if communication is allowed by checking a list of pre-defined rules

Question 57

Why does updating the operating system protect against malware?

Answer 57

New ways to bypass the operating systems' security are often discovered, so by installing security patches they can be covered up

Question 58

How does using the latest version of a web browser help protect against malware?

Answer 58

The manufacturers of web browsers seek to improve their products and remove (possible) security vulnerabilities. By installing updates you are covering up previously possible vulnerabilities.

Question 59

What should be done if you suspect you have malware on your computer?

Answer 59

You should run a malicious software removal tool that should detect and remove malware not blocked by the anti-virus software

Question 60

Give 3 forms of cyberattack?

Answer 60

- shoulder surfing - SQL injection - DoS attack - Password-based attacks - IP address spoofing - Social engineering

Question 61

What is shoulder surfing?

Answer 61

Shoulder surfing is using direct observation to get information

Question 62

How does the cyberattack shoulder surfing work?

Answer 62

Direct observation is used to get a PIN number, details from a form etc. Watching someone enter personal information

Question 63

How does the cyberattack 'SQL injection' work?

Answer 63

Malicious users can inject SQL commands into an SQL statement (database request) via web page input. These injected SQL commands can alter SQL statements and compromise the security of information held in a database

Question 64

What is a DoS attack?

Answer 64

A DoS attack is a cyberattack that attempts to make a website and servers unavailable to legitimate users, by swamping/spamming a system with fake requests - usually to try and exhaust server resources

Question 65

What is the difference between a DoS and DDoS attack?

Answer 65

A DoS (Denial of service) attack involves a single internet connection. However a DDoS attack (Distributed denial of service) is launched from multiple connected devices distributed across the internet

Question 66

Why are DoS/DDoS attacks useful?

Answer 66

DoS attacks can be used as a distraction to cover up another attack. By flooding the network infrastructure with high volumes of traffic, IT staff could be distracted and not notice another ongoing attack

Question 67

What are the three password based attacks?

Answer 67

Dictionary attacks, brute force attacks, educated guessing

Question 68

How does a dictionary attack work?

Answer 68

Dictionary attacks use a simple file containing words found in a dictionary containing common passwords. The attacker uses exactly these kinds of words since many people use them as their passwords

Question 69

How does IP address spoofing work?

Answer 69

In IP address spoofing, an attacker changes the IP address of a legitimate host so that a visitor who types it is taken to a fraudulent disguised web page. That page can then be used to steal sensitive data or install malware.

Question 70

How does the cyberattack 'social engineering' work?

Answer 70

Social engineering involves tricking a user into giving out sensitive information such as a password, by posting as a legitimate system administrator (e.g. scam emails)(phishing)

Question 71

What is pharming?

Answer 71

Pharming is where users are unknowingly re-directed to a fake website used to steal data

Question 72

What is phishing?

Answer 72

Phishing is an attempt ot acquire users' details using fake emails and webpages

Question 73

What is Ethical hacking?

Answer 73

Ethical hacking is hacking carried out with the permission of the system owner to search for weak points

Question 74

How does ethical hacking work?

Answer 74

In ethical hacking a hacker is permitted by the system owner to cover all computer attack techniques. They attempt to bypass system security and search for weak points that could be exploited by malicious hackers. The information is then used by the owner to improve security

Question 75

What is footprinting?

Answer 75

Footprinting is the first step in the evaluation of the security of a computer system, involving gathering all information about it

Question 76

How does footprinting help improve system security?

Answer 76

Footprinting involves gathering all available information about a computer system or network and devices attached to it. This enables a penetration tester to discover how much detail a potential attacker could find out about a system. This allows an organisation to limit the technical information publicly available

Question 77

What is ethical hacking?

Answer 77

Ethical hacking is hacking carried out with permission from the system owner to cover all computer attack techniques

Question 78

How does ethical hacking help improve data security?

Answer 78

An ethical hacker will attempt to bypass system security and search for any weak points exploitable by malicious hackers. This information can then be used by the system owner to improve their security system.

Question 79

What is penetration testing?

Answer 79

Penetration testing is a sub set of ethical hacking that deals with the process of testing a computer system or network to find vulnerabilities

Question 80

What are the four four penetration testing strategies we should know?

Answer 80

Targeted testing, external testing, internal testing, blind testing

Question 81

How does the ‘blind testing’ penetration test strategy work?

Answer 81

In blind testing, the information given to the term performing the test is limited to simulate the actions and procedures of a real attacker

Question 82

What happens in the ‘targeted testing’ penetration test strateg?

Answer 82

The testing is carried out by the organisation’s IT team and penetration testing team working together.

Question 83

Why would the external testing strategy for a penetration test be used?

Answer 83

External testing is used to find out if an outside attacker can get in and how far they can get in once they have found access

Question 84

Why would the internal testing penetration test strategy be used?

Answer 84

The internal testing strategy is used to find out how much damage a dissatisfied employee could cause

Question 85

What is ‘secure by design’?

Answer 85

Secure by design is an approach seeking to make software systems as free of vulnerabilities through measures such as continual testing and adherence to best programming practices

Question 86

What is the benefit of security issues being taken into account and corresponding security measure being considered during design in ‘secure by design’?

Answer 86

This ensures that security is not an afterthought, reducing the need for addressing vulnerabilities and patching security holes discovered in use.

Question 87

What are some examples of attacks prevented during design and testing?

Answer 87

Buffer overflow attacks, permissions, scripting restrictions, accepting parameter without validation

Question 88

What is a buffer overflow?

Answer 88

A buffer overflow occurs when a program tries to store more data in a buffer (temporary data storage area) than it was intended to hold

Question 89

How do buffer overflow attacks work?

Answer 89

In a buffer overflow attack, a buffer overflow may intentionally be caused, where the overflow data may contain codes designed to change data or disclose confidential information

Question 90

How can a buffer overflow attack be prevented?

Answer 90

Through thorough testing, particularly of any library routines used

Question 91

How can malicious practices using permissions be prevented with ‘secure by design’ strategy?

Answer 91

App developers need to consider the scope of access and limit the number of permissions required at the design stage for their app

Question 92

What is Same Origin Policy (SOP)?

Answer 92

Same Origin Policy is a security measure that prevents a web site’s scripts from accessing and interact in with scripts on other sites

Question 93

Why is accepting parameter without validation a security issue?

Answer 93

If inputs submitted to (dynamically generated) HTML webpages are not validated on the way in to another page, maulicious script can be embedded within inputs which could then appear to browsers as originating from a trusted source

Question 94

What are cookies?

Answer 94

Cookies are data stored on a computer system

Question 95

What do cookies allow websites to do?

Answer 95

Cookies can allow websites to store a small amount of uniquely identifying data on your computer system while you are visiting them.

Question 96

Why can cookies be useful?

Answer 96

Cookies can allow the website you visit to identify you in future without requesting for identity every time. The cookies could also store information such as a shopping basket between separate browsing sessions