Paper 1 Systems security Flashcards
A local council employee opened an email attachment without knowing who it was from. The attachment was a program which encrypted data on the council’s computers and would not allow users to utilize their computers until a payment was made. Identify the type of program that was downloaded.
Ransomware - a type of malicious software designed to block access to a computer system until a sum of money is paid
A local council employee opened an email attachment without knowing who it was from. The attachment was a program which encrypted data on the council’s computers and would not allow users to utilize their computers until a payment was made.
Describe three safety precautions that would help to prevent this type of program being downloaded.
- Install antivirus software
- Be careful with email attachments
- Always update your operating system and applications
- Avoid questionable websites
- Avoid pirated software
- Backup your computer
Describe three common signs that an email is probably fraudulent.
- Recipient Did Not Initiate the Conversation
- An Unfamiliar Tone or Greeting
- Grammar and Spelling Errors
- Inconsistencies in Email Addresses, Links & Domain Names
- Threats or a Sense of Urgency
- Suspicious Attachments
- Unusual Request
- Short and Sweet
- Request for Credentials, Payment Information or Other Personal Details
- See Something, Say Something
Explain what is meant by a ‘brute force’ attack on a password.
A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly.
These attacks are done by ‘brute force’ meaning they use excessive forceful attempts to try and ‘force’ their way into your private account(s).
This is an old attack method, but it’s still effective and popular with hackers. Because depending on the length and complexity of the password, cracking it can take anywhere from a few seconds to many years.
Identify four possible technical vulnerabilities within an IT infrastructure.
- penetration testing
- network forensics
- network policies
- user access levels
- secure passwords
- encryption
- anti-malware software
- firewalls
Hackers might come across some information that consists of a ‘UserID’. This will then enable them to develop and execute an SQL statement that returns some results. They can also send a spoof request such as ‘1=1’ which is true to try and retrieve some other results. For example:
SELECT * FROM Users WHERE UserId = 108 or 1=1
Identify the name of this process.
SQL injection attack. This is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.
A Denial of Service (DoS) attack is a process that tries to stop a computer system from functioning. An example is when a script floods an e-commerce website.
Discuss the effects of a DoS attack
- Genuine users are not able to access resources, so may not be able to find the information or carry out the actions they need.
- Businesses may not be able to carry out time critical actions.
- They may suffer reputational damage.
- Customers may choose to use a competitor.
A poor network policy has meant that a network has no strategy to defend itself against malware.
Identify and some changes that could be added to a network policy to help it better defend itself.
Anti-virus software Firewalls Secure passwords Access levels Encryption
What do we mean by the term “Access levels”?
In a large company or school, many people will be using computers on the same network. A network manager will normally control the level of access people have to the network. General users will not have the ability to download any software they want or to make changes to any part of the system, as that could affect other users.
The more people have access to sensitive parts of the network, the more likely it is that a hacker or a virus might be able to cause damage.
You can set user access levels on your home computer. For example, a parent may prevent a child from being able to install software.
Explain what is meant by a ‘Dictionary’ attack on a password.
A type of brute force attack where an intruder attempts to crack a password-protected security system with a “dictionary list” of common words and phrases used by businesses and individuals.
