Network Security

Question 1

Forms of attack on a computer

Answer 1

Computers face a variety of forms of attack and they can cause a large number of issues for a network
The main threats posed to a network are
Malware
Social engineering
Brute-force attacks
Denial of service attacks
Data interception & theft
SQL injection

Question 2

Malware

Answer 2

Malware (malicious software) is the term used for any software that has been created with malicious intent to cause harm to a computer system.
Examples of issues caused by malware include
Files being deleted, corrupted or encrypted.
Internet connection becoming slow or unusable.
Computer crashing or shutting down
There are various types of malware and each has slightly different issues which they cause.

Question 3

Virus

Answer 3

A program which can replicate itself on a user’s computer. It contains code that will cause unwanted and unexpected events to occur.
Examples of issues a user may experience are:
Corrupt files
Delete data
Prevent applications from running correctly

Question 4

Worms

Answer 4

Worms are very similar to viruses, with the main difference being that they will spread to other drives and computers on the network.
Worms can infect other computers from
Infected websites, Instant message, services, Email, Network connection

Question 5

Trojan

Answer 5

Sometimes also called a Trojan Horse
Trojans disguise themselves as legitimate software but contain malicious code in the background.

Question 6

Spyware

Answer 6

Software which will allow a person to spy on the users’ activities on their devices.
This form of software will be embedded into other software such as games or programs that have been downloaded from illegitimate sources.
Spyware can record your screen, log your keystrokes to gain access to passwords and more.

Question 7

Ransomware

Answer 7

A form of malware that locks your computer or device and encrypts your documents and other important files.
Often a demand is made for money to receive the password that will allow the user to decrypt the files.
There is no guarantee paying the ransom will result in the user getting their data back.

Question 8

Social engineering

Answer 8

Social engineering is exploiting weaknesses in a computer system by targeting the people that use or have access to them.
There are many forms of social engineering, some examples include:
Fraudulent phone calls, phishing, pretexting.

Question 9

Phishing

Answer 9

Sending fraudulent emails to a large number of email addresses, claiming to be from a reputable company or trusted source to try and gain access to your details, often by coaxing the user to click on a login button.

Question 10

Pretexting

Answer 10

A scammer will send a fake text message, pretending to be from the government or human resources of a company, this scam is used to trick an individual into giving out confidential data.

Question 11

Fraudulent phone calls

Answer 11

Pretending to be someone else to gain access to their account or their details.

Question 12

Causes of social engineering

Answer 12

People are seen as the weak point in a system because human errors can lead to significant issues, some of which include:
Not locking doors to computer/server rooms
Not locking their device when they’re not using it
Sharing passwords
Not encrypting data
Not keeping operating systems or anti-malware software up to date

Question 13

Brute force attack

Answer 13

A brute force attack works by an attacker repeatedly trying multiple combinations of a user’s password to try and gain unauthorised access to their accounts or devices.
An example of this attack would be an attacker finding out the length of a PIN code, for example, 4-digits
They would then try each possible combination until the pin was cracked, for example:
0000
0001
0002

Question 14

Dictionary attack

Answer 14

A second form of brute force attack, commonly used for passwords is a dictionary attack.
This method tries popular words or phrases for passwords to guess the password as quickly as possible
Popular words and phrases such as ‘password’, ‘1234’ and ‘qwerty’ will be checked extremely quickly.

Question 15

Denial of service attack

Answer 15

A Denial of Service Attack (DoS attack) occurs when an attacker repeatedly sends requests to a server to flood the server with traffic, causing it to overload the system.
The server will slow down to the point of becoming unusable.

Question 16

Distributed denial of service attack

Answer 16

There is also a larger-scale version of DoS known as a Distributed Denial of Service (DDoS) attack.
This works in a similar way to a DoS attack, with the main difference being that the traffic comes from multiple distributed devices in a coordinated attack on a single server/network.
A network of compromised devices, called a botnet can be used to facilitate a DDoS attack.
A botnet consists of numerous internet-connected devices, that have been infected with malware and can be controlled remotely by an attacker.

Question 17

Purpose of a DoS attack

Answer 17

A DoS attack will prevent customers from accessing or using a service.
This will result in companies losing money and not being able to carry out their daily duties.
A DoS attack can cause damage to a company’s reputation.

Question 18

Data interception and theft

Answer 18

Data interception and theft is when thieves or hackers can compromise usernames and passwords as well as other sensitive data.
This is done by using devices such as a packet sniffer.
A packet sniffer will be able to collect the data that is being transferred on a network.
A thief can use this data to gain unauthorised access to websites, companies and more.

Question 19

SQL

Answer 19

Structured Query Language (SQL) is a language used to create, access and manipulate a database.

Question 20

SQL injection

Answer 20

SQL injection is entering an SQL command into a web text field to manipulate the SQL query.
The goal is to insert, modify or delete data from the database.

Question 21

Penetrating testing

Answer 21

Penetration testing is a method of preventing vulnerabilities whereby a company employ people to try and hack their network and databases.
This allows the ‘hackers’ to point out the parts of the system that are vulnerable
The companies then use this information to fix the issues that are found.

Question 22

Anti malware software

Answer 22

Anti-malware software is a term used to describe a combination of different software to prevent computers from being susceptible to viruses and other malicious software.
The different software anti-malware includes are:
Anti-virus
Anti-spam
Anti-spyware

Question 23

How does anti malware software work?

Answer 23

Anti-malware scans through email attachments, websites and downloaded files to search for issues.
Anti-malware software has a list of known malware signatures to block immediately if they try to access your device in any way.
Anti-malware will also perform checks for updates to ensure the database of known issues is up to date.

Question 24

Firewalls

Answer 24

A firewall is a barrier between a network and the internet.
A firewall prevents unwanted traffic from entering a network by filtering requests to ensure they are legitimate.
It can be both hardware and software and they are often used together to provide stronger security to a network.
Hardware firewalls will protect the whole network and prevent unauthorised traffic.
software firewalls will protect the individual devices on the network, monitoring the data going to and from each computer.

Question 25

User access levels

Answer 25

User access levels ensure users of a network have designated roles on a network.
Some examples of different levels of access to a school network include.
Administrators: Unrestricted - Can access all areas of the network.
Teaching Staff: Partially restricted - Can access all student data but cannot access other staff members’ data.
Students: Restricted - Can only access their own data and files.

Question 26

Passwords

Answer 26

Passwords are a digital lock to prevent unauthorised access to an account.
They are often stored as an encrypted/ciphered text entry in a database, ensuring that even with unauthorised access to a database, a hacker would not be able to gain access to the individual passwords of users.
Passwords are only effective if they remain secret.
The password is strong against brute force attacks.
Stronger authentication systems can be created by implementing features such as two-factor authentication.

Question 27

Encryption

Answer 27

Encryption is a method of converting plain text into ciphered text to be stored.
Encryption uses complex mathematical algorithms to scramble the text.
Asymmetric encryption, also known as private key, public key encryption is often used for web pages and other communication.

Question 28

Physical security

Answer 28

Physical security is a method of physically preventing access to any part of a network.
There are a range of physical security measures that can be implemented on a network.
Locked doors: Preventing access to server rooms and cabinets of switches.
Biometrics: Fingerprint scanners, facial recognition and retinal scans.
Surveillance Cameras: Monitoring the activity around the site where crucial networking hardware is located.

Question 29

3 types of attacks

Answer 29

Insider attack - When someone in an organisation gives away access details or sensitive information.
Passive attack - When a hacker eavesdrops on a network by ‘sniffing’ the data packets.
Active attack - When someone uses malware or other technical methods to compromise a network’s security.

Question 30

Rootkits

Answer 30

Modifies the computer’s operating system to avoid detection by antivirus software.

Question 31

Backdoors

Answer 31

Opens up an access channel to a computer that other malware can use to take over the machine.

Question 32

How malware spreads

Answer 32

Installations - Users often willingly install malware if they are tricked into thinking that they are installing a different piece of software.
Common ‘disguises’ for malware include: Security updates, Software drivers.

Attachment - Opening attachments in emails such as Word and Excel documents can include ‘macros’.
A macro is a small program that is given permission to run on the computer. The macros can be set up to install malware.

Replication - Once one device on a network has been infected with a worm or a virus, then it becomes very easy for it to spread to other devices on the network.
The process of spreading to other computers is called self-replication.

Question 33

Protecting against phishing

Answer 33

Never click a link in an email that asks you to update or enter your account details.
Check that the sender’s email address is correct.
Look for clues that the email is not legitimate such as spelling mistakes or generic greetings.

Question 34

Cracking passwords

Answer 34

Authentication is the name for any methods which allow users to prove that an account is theirs.
The most common authentication method is using a password.
Many hackers want to find people’s passwords, so that they can gain access to accounts:
Finding people’s passwords is called cracking the password.

Question 35

Protection against cracking

Answer 35

Writing a network policy which enforces strong passwords can protect against dictionary attacks.
Using two-factor authentication can prevent the hacker from logging in, even if they have the password.
Restricting the number of failed password attempts before an account is ‘locked’ for a fixed period of time can deter hackers.

Question 36

Protection against DoS attacks

Answer 36

To protect against DoS attacks, a server’s firewall can blacklist (ban) any traffic from an IP address which is known to perform DoS attacks.
Firewalls can also monitor traffic in real time. So if a new IP address starts to send too much traffic then traffic limits can be set.

Question 37

Packet sniffing

Answer 37

Packet sniffing is where a hacker will intercept data as it is being transmitted across a network.
Sniffing software reads and displays the content of all packets being sent on a network.
Packet sniffing is a form of passive attack.
One of the best ways to protect against packet sniffing is to use encryption so that packets cannot be decoded.

Question 38

Man-in-the-middle attacks

Answer 38

A man-in-the-middle (MITM) attack is where an attacker will intercept a device’s connection to the Internet.
This is often done by tricking users into signing into a fake WiFi hotspot.
The man-in-the-middle can then see all of the victim’s traffic, such as personal information.
This is one of the reasons why users should be very careful if they join a public WiFi network.

Question 39

Protection from data theft

Answer 39

Data interception and theft is best prevented by employing a range of preventative measures such as:
Encrypting data.
User access levels.
Network policies.
Educating users.

Question 40

Protection against SQL injections

Answer 40

Input validation sets username and password rules that don’t permit the character needed to write SQL code.
Input sanitation inspects the user’s input and removes SQL command words from the input before it is processed.
User access levels can be set up to prevent the web server from altering the contents of the database.

Question 41

Network policy

Answer 41

A network policy is a written document written by a company that sets out details about how their network is to be set up and maintained.
The purpose of a network policy is to make sure that all users of the network are aware of the ‘rules’ of the system.
It specifies what users need to do to make sure that their account is secure.

A good network policy will include details such as:
How secure passwords must be.
What software is allowed or banned.
How often users should make backups.
Who should be contacted in the case of an attack.

Question 42

Network forensics

Answer 42

Some users of a network may intentionally or unintentionally break the network policy. The network administrator must look for times when this happens.
Network administrators must capture, store, and analyse network data to discover the source of security attacks and vulnerabilities.
Network forensics makes use of a lot of automated software which can alert administrators to suspicious activity on the network.
For example, an administrator might be alerted if:
A password has been entered incorrectly 5 times.
A user has tried to install software themselves.

Question 43

Firewall protection

Answer 43

Packet filtering - One role of the firewall is packet filtering.
The firewall inspects each packet and drops those which do not meet certain criteria.

IP-address filtering - The firewall only allows traffic from certain known sources.
This can be used to prevent denial of service attacks.

Port blocking - Firewalls can block access to certain ports.
One important port is port 22, which allows remote access via the Internet. By blocking this port, we can prevent hackers trying to take over the server.

Question 44

Advantages of user access levels

Answer 44

We can limit the access rights of ‘normal’ users on the network. For example:
Not allowing them to install software.
Not allowing them to create new user accounts.
Not allowing them access to confidential information.
These rights can be limited to the administrators only.