Data Security

Question 1

Antivirus Software

Answer 1

A program that can be loaded into memory when the computer is running. It monitors the activity on a computer for the signs of a virus.

Question 2

Firewalls

Answer 2

Software or hardware that controls the incoming and outgoing network traffic. Data is analysed to decide if it should be allowed through or not

Question 3

Access Levels

Answer 3

A method used to allow only certain users read and/or write access to data on a computer system.

Question 4

Passwords

Answer 4

Used to prove a persons identity to computer system, thus allowing them access to relevant data.

Question 5

Double authentication

Answer 5

Users provide 2 forms of ID. Usually something they know (pin) and something the have (bank card).

Question 6

Network Forensics

Answer 6

This involves monitoring the traffic on a network. At regular intervals transmitted data packets are copied. The copy information about the packet are then stored for later analysis. This is usually processes in batches. The information gathered can help identify invasive traffic or to determine where data is being sent.

Question 7

Ethical hacking

Answer 7

Carried out with the permission of the system owner to cover all computer attack techniques.
An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the system owner to improve system security.

Question 8

Penetration testing

Answer 8

A sub-set of ethical hacking that deals with the process of testing a network/system to find vulnerabilities that an attacker could exploit.

Question 9

Targeted

Answer 9

Carried out by the organisation’s IT team and the penetration testing team working together.

Question 10

External

Answer 10

to find out if an outside attacker can get in and how far they can get in once they have gained access.

Question 11

Internal

Answer 11

to estimate how much damage a dissatisfied employee could cause

Question 12

Blind

Answer 12

to simulate the actions of a real attacker by severely limiting the information given to the team performing the test.

Question 13

Foot printing

Answer 13

The first step in the evaluation of system security. It involves gathering all available information about the computer system or network. Used to limit technical information about a system that is publicly available.

Question 14

Networking standards

Answer 14

Ensures how different hardware and software produced can work together. Without networking standards, it would be difficult to develop networks that easily share information.

Question 15

Viruses

Answer 15

A program that is able to copy itself onto other programs with the intention of damaging data. A virus is transmitted by ‘piggybacking’ on another program known as a ‘vector’.

Question 16

Key logger

Answer 16

Covert programs that capture keyboard inputs and transmits or stores this data for a hacker.

Question 17

Worm

Answer 17

a standalone program that self-replicates in order to spread to other computers. It does not need a vector.

Question 18

Spyware

Answer 18

Installed by opening attachments or downloading infected software. Can be used to collect stored data without the user’s knowledge.

Question 19

Trojan Horse

Answer 19

Appears to perform a useful function, but provides a ‘backdoor’ that enables data to be stolen.

Question 20

SQL injection

Answer 20

Malicious users can inject SQL commands into a web page input form and compromise data held in a database

Question 21

DoS Attack

Answer 21

Denial of service attacks attempt to make your website and servers unavailable to real users, by swamping a system with fake requests.

Question 22

Brute Force Attack

Answer 22

A hacking algorithm, which tries all possible combinations of lowercase and uppercase characters, numbers and symbols to gain unauthorised access to a computer system.

Question 23

IP address spoofing

Answer 23

Changing the IP address of a real host so that a visitor who types in the URL of a real site is taken to a spoofed web page in order to steal personal details.

Question 24

Social Engineering

Answer 24

Involves tricking a user into giving out sensitive information such as a password e.g. phishing (an attempt to get users’ details using fake emails).