Network Threats, Attacks and Preventions

Question 1

What two words does malware consist of

Answer 1

Malicious
Software

Malicious software

Question 2

What is malware

Answer 2

Harmful computer programs

Question 3

What are four types of malware

Answer 3

Computer Virus
Ransomware
Trojan Horse
Worm

Question 4

What is a Computer Virus

Answer 4

These infect computers by replicating the code in other programs, along with infecting other computers.

They also deal harm to the computer by deleting, modifying and accessing files

Question 5

What is a Worm

Answer 5

A virus that replicates itself to cause damage to other computers.

These type of malware don’t deal damage to harmed computers and instead slows them down, and slows down the network

Question 6

What is a Trojan Horse

Answer 6

These type of viruses have programs, games or cracked files that users may commonly want. In reality, it is a negative program code causing damage, take controls or provides unlimited access to the computer

Question 7

What is ransomware

Answer 7

A malware type which holds a computer hostage by locking or encrypting access to it. Due to encrypted data, no one can access it, not even a cyber security professional is able to unlock the data unless there’s available backups. To be granted access, we may be forced to pay the ransom a high price

Question 8

What is exploiting

Answer 8

Taking advantage of a vulnerability

Question 9

What are the two types of exploiting technical vulnerabilities

Answer 9

Unpatched software
Out of data anti malware

Question 10

What is unpatched software

Answer 10

If software updates and security updates aren’t installed, software will be vulnerable to malicious activity

Question 11

What is out of data anti malware

Answer 11

When software such as antivirus isn’t regularly updated, it is unable to detect the latest viruses

Question 12

What is confidential

Answer 12

A set of rules

Question 13

What is social engineering

Answer 13

Ability to obtain confidential information by asking for it.

This is a type of confidence trick that con artists specialise in

Question 14

What is shoulder surfing

Answer 14

Ability to get information or passwords by observing as someone types them in

Question 15

What is phishing

Answer 15

A type of messaging scam done by many con artists.

This type of fraud scheme is when emails, texts or phone calls are sent back to users, pretending to be from a bank or website. Phishing scammers will go to extreme lengths to get what they want.

Question 16

What are six things you need to identify before going through an action sent in an email

Answer 16

Greetings: Phishing emails won’t specify your name, just an email address, so not a friendly greeting

The sender’s address: Variation on a genuine request

Forged links: Links may look genuine, but it won’t look like the website given

Personal information requests: Normally, emails never do this. If they ask for this, a con artist has written this

Sense of urgency: Con artists often reply with comments saying that if you don’t do a specific action, a bad thing is going to happen

Poor spelling and grammar: Con artists worry so much about what they get from you, they forget about what they give to you

Question 17

What is a D DoS attack

Answer 17

A type of attack where hackers will use or infect a computer, so it sends as many requests as it can to the server, if it has a poor connection and is offline

Question 18

What is an MITM attack

Answer 18

Man in the middle attack

In this attack, MITM allows the attacker to intercept communications between the user and the server. Attacks can eavesdrop to find passwords and personal information, so they can add new information to web pages or other communication used

If a hacker connects to an unencrypted WiFi connection, it makes it easier to from an MITM attack

Question 19

What is a Brute Force Attack

Answer 19

This is a common type of attack done where hackers will enter every single possible password combination, and will not stop until they get in.

Question 20

What is an SQL attack

Answer 20

Structured Query Language Injection

This is a database query language. SQL injection takes advantages of web inject forms for data access to then destroy the data.

SQL commands can be input into web forms instead of expecting “real data”. This is interpreted by vulnerable web applications and ends up causing damage or releasing personal information

Question 21

What is data interception and theft

Answer 21

Steals data or intercepts it with an MITM attack

Question 22

What are ways we can use to prevent vulnerabilities and network threats

Answer 22

Penetration testing
Physical security
Firewalls
User Access Levels
Anti malware software
Antivirus software
Passwords
Encryption

Question 23

What is encryption

Answer 23

A unique way of decoding data so it cannot be read or unencrypted unless unlocked by a key

Question 24

How do we encrypt individual files

Answer 24

Files are encrypted individually on a computer and can only be viewed by users who have the password

Question 25

How do we encrypt drives

Answer 25

We encrypt ordinary computer drives so that a mandatory password is required for accessing the information.

If we use removable media, special hardware can be purchased, which encrypts the data on the hard disk

Question 26

How do we encrypt transmitted data

Answer 26

If a website uses HTTPS, it encrypts the connection to the server.

Your web browser will send its key and form data, encrypting it with the server key.

The sever encrypts the web page you request using your web browser’s key.

Question 27

What is a password

Answer 27

A special key that locks the data and can only be accessed if we unlock the key.

Question 28

What is antivirus software/ antimalware software

Answer 28

These type of software detect malware, viruses, trojan horses, worms, spyware and ransomware.

Question 29

How does an antivirus/ antimalware software do its job

Answer 29

When a virus or malware is detected, it is sent to the antivirus company.

They then verify it is a malware and creates a signature of the virus.

It is then added to the virus database and tell computers to run an update. Viruses can also morph to avoid detection.
This makes it harder to create a signature

Question 30

What is penetration testing

Answer 30

The practice of deliberately trying to identify security holes in your own systems. What hackers want is attempting to break in, identify targets of potential attacks, identify possible entry points and report back findings

Question 31

What is a firewall

Answer 31

Separates a trusted network from a non trusted network

Question 32

What is the process of a firewall

Answer 32

Data is sent around the network in small packets of information.

Packets are checked to know where they are coming from, who it is coming from and who it is going to be sent to.

Packets that don’t match filtering rules are dropped. This is a packet filter

Firewalls are applicable on dedicated hardware or as a software.

In short, the function of a firewall is to detect packets from malicious computers

Question 33

What are the benefits of firewalls

Answer 33

Prevents attackers from gaining access to the computer

Blocks certain malicious computers by filtering packets from a certain IP address

Prevents access to certain ports on the network. This is port blocking

Malicious or inappropriate websites are blocked

Question 34

What are drawbacks of firewalls

Answer 34

Dedicated hardware firewalls are expensive

Software firewalls slow down a computer

Question 35

What are User Access Levels

Answer 35

Access rights which are set on disks, files and folders

Question 36

What are password policies

Answer 36

A process that many organisations and computer systems use. This makes sure your chosen password has features like

Minimum character length
At least 1 lowercase letter
At least 1 uppercase letter
At least 1 symbol
At least 1 number
Change password per month

Question 37

What is physical security

Answer 37

When software, hardware and networks are protected by real life methods

Question 38

What are examples of physical security methods

Answer 38

Electric fences
Barbed wires
Thick walls
Turnstiles and gates
ID cards and signs
Locked doors
Locked cabinets
Security lighting
Numerous security guards
CCTV cameras
Intruder alarms