Network security threats

Question 1

Why do we need network security?

Answer 1

Connecting computing devices together via a network, allows them to share data and subsequently connect them to the internet, they become vulnerable to attack or misuse

All networks need protection from unwanted intrusion and hacking

Question 2

What is the aim of network security?

Answer 2

• Only allow authorised users to access what they need
• Prevent unauthorised access
• Minimise the potential damage caused by unauthorised access

Question 3

What is a hacker?

Answer 3

Someone who attempts to gain access to a computer system with the intent of damaging data or somehow harming that system

Question 4

What type of hackers are there?

Answer 4

Black-hat hackers

White-hat hackers

Grey hat hackers

Question 5

What is a Black-hat hacker?

Answer 5

Traditional hackers who attempt to gain access via nefarious means, typically to steal company secrets or cause damage

Question 6

What is a White-hat hacker?

Answer 6

Security experts (often ex-hackers) employed by a company
- known as ethical hackers and use their skills to try to find vulnerabilities and fix them

Question 7

What is a Grey hat hacker?

Answer 7

Sit in-between the other 2
They are not employed by a company, but still attempt to locate flaws in company-wide computer systems as a hobby
- this is technically illegal, but they then inform the company the flaw, so it can be fixed.

Question 8

What is meant by the term malware?

Answer 8

Malicious software that is designed to hack a system

Code written with intent to frustrate or harm

Question 9

What kind of effects can malware cause?

Answer 9

Depending on the type:
- deleting, corrupting or encrypting files
- causing computers to crash, reboot or slow down
- reducing network speeds
- logging keyboard inputs and sending them to hackers

Question 10

Name a type of malware

hint V

Answer 10

Virus

Question 11

What is a virus?

Answer 11

Pieces of code capable of copying themselves and spreading throughout a system

• typically designed to have a detrimental effect like corrupting a file system or destroying data

Question 12

Name a type of malware

hint S

Answer 12

Spyware

Question 13

What is spyware?

Answer 13

Form of malware that covertly obtains information about a user’s computer activities by transmitting data from their device

Question 14

How can spyware be used?

Answer 14

Can be used to harvest sensitive and personal data from a device:
- internet surfing habits
- email addressed
- visited web pages
- Downloads/download habits
- passwords
- credit card numbers
- keystrokes
- cookies

Question 15

What is a DoS?

Answer 15

Denial of Service attack:
when an attacker floods a server with useless traffic, causing the server to become overloaded
- many past DoS attacks exploited limitations of the TCP/IP stack

Question 16

Who do DoS attackers typically target?

Answer 16

Web servers or high-profile organisations such as banks and the government

• this attack typically doesn’t result in theft or loss of data or other assets, they can cost a great deal of time and money to handle

Question 17

What is a DDoS attack?

Answer 17

Distributed denial-of-service

Question 18

When does a DDoS attack occur?

Answer 18

When multiple systems orchestrate a synchronised DoS attack against a single target

• instead of being attacked from one location, the target is attacked from many locations at once

Question 19

What is SQL injection?

Answer 19

Code injection technique used to attack data-driven applications
- designed to exploit vulnerabilities in poorly coded database applications
- code is entered into input text boxes and is executed by the server

Question 20

What is social engineering?

Answer 20

Umbrella term covering several different manipulation techniques that exploit human error, with a view to obtaining private information, access to a restricted system or money

Social Engineering scammers lure users into exposing data, spreading malware or providing access to a system, including:
- Baiting
- Scareware
- Phishing
- Pharming etc

Question 21

Name and explain a type of social engineering

Hint: P

Answer 21

Phishing:
Online fraud technique used by cybercriminals to trick users into giving out personal information

• Perpetrators disguise themselves as trustworthy source in electronic communication e.g. email or fake website