Section 5 - Networks and Section 6 - Cyber Security

Question 1

What is a computer network?

Answer 1

Computer network:

— A group of computers connected together

Question 2

What are the three main types of network?

Answer 2

PAN (personal area network):
— Within the range of a person and have a range of 10m e.g. Bluetooth

LAN (local area network):

• – Connects devices close to each other
• – They cover small geographical areas e.g school or home
• – They are owned and managed by one person or organisation

WAN (wide area network):

• – Connectes devices over a much wider geograhical area (possibly several locations)
• – The internet is the biggest example of a WAN
• – Usually managed by more than one person collectively
• – Internet is made of several LANs connected

Question 3

Compare wireless and wired networks.

Answer 3

Wired:

• – Generally, data transfer is faster
• – Less likely to suffer from interference
• – Less susceptible to hackers
• – Expensive to install or reconfigure
• – Might not be able to connect to the network from other locations

Wireless:

• – Can access the network from multiple locations
• – Nodes can easily be added without interruption to the network
• – Signals have a limited range
• – Signals can be blocked by walls for example
• – Signals with roughly the same frequency causes interference
• – Each node has a limited bandwidth so more connections = slower bandwidth for each device
• – More prone to hacking

Question 4

When would fibre optic cables and copper cables be appropriate to use?

Answer 4

Fibre optic cabling is made from glass. Appropriate when wanting to send signals across long distances

Question 5

What are the purposes and uses of Ethernet and WIFI?

Answer 5

Ethernet:

• – A family of related protocols
• – Ethernet cables are twisted copper cables

Wifi:

• – A family of related protocols
• – Wifi is a trademark, the generic term is WLAN (wireless local area network)

Question 6

What are the purposes and uses of TCP, UDP and IP?

Answer 6

TCP (Transmission Control Protocol):

• – Operates at the transport layer
• – Deals with the connection between devices
• – When going outbound, it receives data from the application layer and splits it into packets
• – When going inbound, it receives packets from the network layer and reassembles them to the original data
• – It provides error checking and connection

IP (Internet layer):

• – Operates at the network layer
• – Protocol addresses packets with the source and destination IP address
• – When sending back to the transport layer, the protocol removes the IP addresses as they are no longer needed

UDP (User Datagram Protocol):

• – Alternative to TCP, operates at the transport layer
• – TCP sets up a two-way connection whereas UDP sends the data one way
• – Suitable when error checking and connection is not required
• – Faster due to less delay but less reliable than TCP

Question 7

What are the purposes and uses of HTTP, HTTPS and FTP?

Answer 7

HTTP/S (Hypertext Transfer Protocol/Secure):

• – Operates at the application layer
• – Used to access a webpage from web server
• – HTTPS provides a more encrypted version of a webpage as data is secured

FTP (File Transfer Protocol):

• – Operates at the application layer
• – Used with file uploads and downloads
• – Transfers data and programs

Question 8

What are the purposes and uses of the email protocols?

Answer 8

SMTP (Simple Mail Transfer Protocol):

• – Operates at the application layer
• – Handles outbound emails from the client to the internet via the mail server

IMAP (Internet Mail Access Protocol):

• – Operates at the application layer
• – Handles inbound email from the internet to the client via a mail server
• – Keeps mail server and client in sync

Question 9

Describe the four layer TCP/IP model

Answer 9

Application layer:
— this is where the network applications, such as web browsers or email programs operate

Transport layer:
— this layer sets up the communication between the two hosts and they agree on settings such as ‘language’ and size of packets

Internet/Network layer:
— addresses and packages data for transmission, routes the packets across the network

Link layer:
— this is where the network hardware such as the NIC (network interface card) is located. OS device drivers also sit here

Question 10

Define cyber security.

Answer 10

Cyber security:

— The processes designed to protect networks from attack or unauthorised access

Question 11

What is malware?

Answer 11

Malware stands for malicious software. It is an umbrella term that refers to variety of forms of intrusive or hostile software.

Question 12

Describe four different forms of malware.

Answer 12

Viruses:
— implanted inside normal programs themselves so that when the host program is executed then so does the virus

Trojan:
— disguises itself as something else to trick people into thinking of it as desirable software

Adware:
— displays unwanted adverts to generate revenue as people will be intrigued to press on the advert (sometimes these adverts refuse to close unless pressed on)

Spyware:
— collects data by tracking activity on the computer and then sending this information back to the attack instigator e.g. recording passwords entered

Question 13

How can malware be protected against?

Answer 13

Protection:

— Using up to date anti-malware software

Question 14

Explain other cyber security threats apart from malware.

Answer 14

• – Unpatched software - security holes have been fixed in a newer version of the software but the user themselves need to install this newer version
• – Outdated software - constant updates are required to ensure security breaches are fixed properly
• – Misconfigured access rights - when a person has permissions they shouldn’t have
• – Weak and default passwords - makes it easy for people to gain access to things they shouldn’t be able to access
• – Removable media - easily transfers malicious code onto other devices

Question 15

What is social engineering?

Answer 15

Social engineering:

— Manipulating people into giving up their confidential information

Question 16

Explain four forms of social engineering.

Answer 16

Blagging:
— Inventing a scenario to engage a victim and gain their trust. This encourages them to give away confidential information or even send money.

Phishing:
— Gaining confidential information through an external link e.g. emails or links in emails. Phishing emails are often disguised as emails from reliable sources e.g. school or Netflix

Pharming:
— Cyber attack where website’s traffic is redirected to a fake website

Shouldering:
— Viewing personal information over a person’s shoulder e.g. PIN numbers or passwords

Question 17

How is encryption used to prevent cyber security threats?

Answer 17

Encryption: this is making data secret so that it is not understood by third party viewers and only authorised viewers can decrypt and read the data

• – Data is written in plaintext text so humans can read it
• – Encrypted into ciphertext using an algorithm
• – Message is sent
• – Message is received
• – Message is decrypted back into plaintext using the encryption key

Question 18

How do firewalls prevent cyber security attacks?

Answer 18

Firewalls:

• – Monitor network traffic and filter packets under certain rules
• – Can block packets from random regions
• – Either software or hardware
• – They filter based on the addresses or the contents in the packets

Question 19

How does MAC address filtering help prevent against cyber security attacks?

Answer 19

MAC address filtering:

• – MAC stands for Media Access Control
• – MAC addresses are unique worldwide and can’t be changed
• – MAC address filtering is blocking (or allowing) devices trying to access a network based on their MAC address
• – Relatively weak because switching devices can easily bypass the block and it is possible to fake MAC addresses by eavesdropping if it is not encrypted

Question 20

How do biometric measures help prevent cyber security attacks?

Answer 20

Biometric measures:

• – Used as identifications and access control
• –e.g fingerprint, eye, facial and voice recognition

Question 21

How does CAPTCHA help prevent cyber security attacks?

Answer 21

CAPTCHA:

• – Stands for Computer Automated Public Turing test to tell Computers and Humans Apart
• – Determines whether a user is a human or robot
• – Prevents spam
• – Used in websites

Question 22

How do these following measures prevent against cyber security attacks:

• – Passwords systems
• – Email confirmations
• – Automatic software updates

Answer 22

Passwords:
— Ensure passwords are strong to prevent unauthorised users from gaining access. Weak or default passwords are easily guessable.

Email confirmations:
— Confirms identity to ensure that it is the right person trying to gain access to something which prevents unauthorised users from gaining access.

Automatic software updates:
— This links to unpatched/outdated software. Automatic updates ensure that any security breaches are fixed without a user going through the stress of having to constantly check for updates.

Question 23

Define penetration testing and go into detail on the two types.

Answer 23

Penetration testing:
— The process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access.

Black box testing:
— Simulating an external hacking or cyber warfare attack where the attacker has no knowledge of any credentials for the target system.

White box testing:
— Simulating a malicious insider who has knowledge of and possibly basic credentials for the target system.