Network Security And System Software

Question 1

Name three types of malware

Answer 1

Viruses, Trojans, Ransomware

Question 2

Name 4 prevention methods

Answer 2

Anti-malware, Anti-virus, Encryption, Acceptable Use Policies

Question 3

Define Malware

Answer 3

Malicious Software; Executable programs run on a computer

Question 4

What do viruses do?

Answer 4

Infect computers; Replicate their code in other programs, infect other computers, delete, corrupt and modify files

Question 5

What does a worm do?

Answer 5

Replicates itself in order to spread to other computers; Cause damage, slow down network

Question 6

What is a computer Trojan?

Answer 6

They have a program, game or cracked file which is something the user wants; they have a negative program code which causes damage, takes control or provides access to the computer

Question 7

What is ransomware?

Answer 7

Software that holds a computer hostage by locking or encrypting access; once a random is paid, access is restored

Question 8

Name two ways that hackers can exploit technical vulnerabilities

Answer 8

Unpatched software; if updates are not downloaded the software can become vulnerable
Out of date Anti-Malware; won’t be able to detect the latest viruses

Question 9

What is social engineering?

Answer 9

The ability to obtain confidential information by asking people for it

Question 10

What is shoulder surfing?

Answer 10

The ability to get information or passwords by observing as someone types them in; Looking over someone’s shoulder, using a CCTV camera

Question 11

What is phishing?

Answer 11

Social engineering, normally an email but can be a text or call, pretending to be a bank or website; trying to get usernames, passwords, credit card details

Question 12

How can you find a phishing email?

Answer 12

• Greetings; the phishes don’t know your name so the greeting isn’t personalised
• Senders address; normally a variation of a genuine address
• Forged link; the link looks genuine but may not link to the website given
• Request for personal information; genuine organisations never do this
• Sense of urgency; criminals try to persuade you that something bad will happen if you don’t act fast
• Poor spelling and grammar

Question 13

What is a Denial of Service (DoS) attack?

Answer 13

A hacker will use or infect a computer so that:
It sends as many requests to the server as possible (known as a flood)
The server can’t respond fast enough so slows down or goes offline

In a Distributed Denial of Service (DDoS) attack many computers are used to send requests

Question 14

What is a Man In The Middle (MITM) attack?

Answer 14

Allows the attacker to intercept communications between the user and server. The attacker can then:
Eavesdrop to find passwords and personal information
Add different information to a web page or other communications such as emails

Connecting to an unencrypted Wi-Fi makes it easy to perform a MITM attack

Question 15

How can a USB be used to infect a computer?

Answer 15

An unsuspecting employee may pick up a USB from a company car park and insert it into their computer. The malware can now install onto the computer.

Question 16

Give a real life example of data theft

Answer 16

• 2014
• The details of 125,000 students from Staffordshire University were stolen from a laptop left in a car

Question 17

Name three ways to protect your mobile phone

Answer 17

• Use password features
• Do not follow suspicious links
• Research apps before downloading them

Question 18

What is a Brute Force attack?

Answer 18

A hacker will try every combination of password until the correct password is found; a computer is usually used to do this as it can try millions of passwords per second

Question 19

What is an SQL injection?

Answer 19

Takes advantage of web input forms to access or destroy data

Question 20

Name five ways to prevent vulnerabilities

Answer 20

• Penetration testing
• Anti- malware
• Firewalls
• User access levels
• Physical security

Question 21

What is penetration testing?

Answer 21

The practice of deliberately trying to find security holes in your own systems

Question 22

What does anti-malware do?

Answer 22

Will detect malware such as viruses, worms, trojans and spyware

Question 23

What happens when a new virus is detected?

Answer 23

It is entirely to the anti-virus company. They verify it is malware then create a signature of the virus. They then add it to the virus database and tell computers to run an update.

Question 24

Why is it hard to create a signature for a virus?

Answer 24

They can morph to avoid detection

Question 25

What is encryption?

Answer 25

A way of securing data so that it can only be read with a key

Question 26

How are individual files encrypted?

Answer 26

Files are encrypted individually using a password. Only people with the password can read the file