LAB2 - Prevention and management of threats to data Flashcards
5 user access restrictions
Physical security measures, passwords, using correct settings and levels of permitted access, biometrics, 2-factor authentication
1 advantage of physical security measures
Prevents attackers from gaining direct and physical access to locations where data is stored
2 disadvantages of physical security measures
Expensive, some methods (CCTV) do not stop data being stolen
3 security techniques for physical security measures
Electronic swipe lock, secured device (steel cable and lock), CCTV camera
2 advantages of passwords
Simple and easy, no costs involved - no specialist hardware required
3 disadvantages of passwords
Only effective if passwords are kept secret, strong or frequently changed passowords may be hard to remember, specialist software may be used to work out passwords
Advantage of using correct settings and levels of permitted access
No problems caused by unauthorised changes
2 disadvantages of using correct settings and levels of permitted access
Technical staff required to set up permissions, access levels need to be set at the right level
5 biometric examples
Voice recognition, retina scan, iris recognition, fingerprint scan, facial recognition
2 advantages of biometrics
Users do not need to remember passwords or update them regularly, cannot be guessed/lost/forgotten
2 disadvantages of biometrics
Expensive - specialist hardware required, some users may feel storing theiir biometric data is an invasion of privacy
3 factors of 2-factor authentication
What you know (PIN/password), what you have (swipe card/mobile phone), who you are (biometric example)
Advantage of 2-factor authentication
Provides a higher level of security
3 disadvantages of 2-factor authentication
Some factors may get lost, take longer to gain access, requires hardware/software
6 data level protection techniques
Firewall, software/interface design, anti-virus software, device hardening, procedures for backing up and recovering data, encryption
Define software firewall
runs on an individual PC or laptop to reject unwanted internet traffic.
Define hardware firewall
a dedicated computer set up to run firewall software that monitors all traffic flowing between the internet and organisation’s network.
3 software/interface design techniques
Obscuring data entry (protects against shoulder surfing), autocomplete (avoids remembering, display other user’s inputs), “stay logged in” (speeds up process, security risk if different user gains access)
Advantage of anti-virus software
Protects computers from known malware
Disadvantage of anti-virus software
Virus signatures must be updated regularly as new malware appears all the time
8 device hardening techniques
Install firewall, install anti-virus software, Uninstall programs/services that are no longer required, remove old user accounts, use strong passwords, ensure default passwords are changed, restrict user access, ensure security patches are up to date
Advantage of device hardening
Protects a system from a range of attacks
Disadvantage of device hardening
Requires technical staff to stay up to date with the latest security threats and apply measures correctly
4 procedures for backing up and recovering data
Backup done daily or weekly (outside working hours), carried out automatically or manually, physical backups stored in a fireproof box on site or off site, restoring data on the backup into the repaired/new computer
2 disadvantages of encrypting stored data
If the encryption key is lost, data may be unrecoverable, encrypting a large amount of data can take time
Disadvantage of encrypting transmitted data
Encrypted data can still be stolen and is possible to crack if a weak encryption technique is used
3 ways to find weaknesses and improve system security
Ethical hacking, penetration testing, analyse system data/behaviours
Define ethical hacking
When an attack is stimulated on an organisation’s IT systems to highlight weaknesses and vulnerabilities.
Define white/grey hat hacker
White - authorised by an organisation to test systems. Grey - discover vulnerabilities without an invitation, may alert organisation and break laws but do not hack for personal gain.
Advantage of ethical hacking
Helps to find insecure areas (loopholes) in network security
3 disadvantages of ethical hacking
Expensive, trustworthiness of ethical hacker, may view as an invasion of privacy
What are the 5 stages of penetration testing?
- Discuss and agree. 2. Studies organisation on public domain. 3. Carries out pen test (social engineering and cyberattack techniques). 4. Results and data is collected and analysed. 5. Reports back with results and recommendations.
