Preventing Vulnerabilities Flashcards
What are user access rights?
They are set up by the network manager who will define groups and allocate specific permissions to those groups. People using the network will then be assigned to a group and all permissions related to that group will apply to them when they log in
What are the 3 common access rights?
‘Read’, which is the ability to view and open the file or folder
‘Write’, which allows the file or folder to be modified
‘Execute’ which gives the user the right to execute or run an executable application
How does having access rights improve security?
If there is virus or malware, it is limited to the areas that this user has access to
What is the most common way of protecting a network?
Username and Password
What is a password manager?
A software application designed to handle your passwords by automatically creating long, random passwords for your favourite sites and password protected files
What is a network policy?
A document that sets out the rules and procedures to help protect the network
What are the 3 typical policies in a network policy?
Acceptable use policy
Back-up policy
Recovery policy
What is an ‘acceptable use policy’ document?
A ‘contract’ that each person signs before they are given access to the network
What 6 things should the acceptable use policy contain?
Choosing secure passwords
Changing passwords regularly and not using the same one twice
Keeping passwords safe and not sharing them with anyone
Logging off a workstation when they are going to be absent
Not installing any software or downloading files
Not using USB sticks unless authorised
What are 4 advantages with a full backup?
It is a complete copy of all the data that needs to be backed up
Can be fast to recover from backup as everything is there in one place
Multiple full backups can be stored so as to be able to ‘roll back’ fairly quickly
It is simple to recover only certain folders and files if need be
What are 4 disadvantages with full backups?
Can take a long time
A full backup is at least as large as the original data storage used
Multiple full backups can require a large amount of storage and this is inefficient if only a small part of the data ever changes
The user may have changed their system configurations since the last backup - these altered settings may be lost after the backup
What are 4 advantages with incremental backups?
Fast compared to full backup as only changed files are backed up
Efficient in terms of the storage needs
Every version of a file is stored - very handy if you want to see what changes were made to it over time
Good backup software will allow the easy recovery of any stored version of the file and folders
What are 4 disadvantages with incremental backups?
There needs to be at least one full backup made to start from
There should not be too many incremental backups before the next full one as this can make it difficult to get a complete restore done
May be inefficient storage
Need to be much more careful in matching the backup schedule with how people are using the system
What is a disaster policy?
A policy in place to get back the network and data as quickly as possible, should a fire or flood occur
What are 5 things stated in the disaster policy?
Who has responsibility for performing backups
The location of the backups - which are preferably stored off site
How often the Disaster Recovery Plan (DRP) needs to be tested to ensure that it is still valid
A list of the main suppliers of the hardware are so the network can be re-built
Any international standards that have been used in the current network setup