Section Two and a Bit: Network Security Threats

Question 1

What is a passive attack?

Answer 1

Where someone monitors data travelling on a network and intercepts any sensitive information they find.
They use network-monitoring hardware and software such as packet sniffers.
Passive attacks are hard to detect as the hacker is quietly listening

Question 2

How do you defend against passive attacks?

Answer 2

Data encryption

Question 3

What is an active attack?

Answer 3

When someone attacks a network using malware or other planned attacks.
They are more easily detected than passive attacks

Question 4

How do you defend against active attacks?

Answer 4

A firewall

Question 5

What is an insider attack?

Answer 5

When someone within an organisation exploits their network access to steal information.

Question 6

What is a brute force attack?

Answer 6

• A type of active attack used to gain information by cracking passwords through trial and error.
• They use automated software to produce hundreds of likely passwords combinations
• Hackers may try lots of passwords against one username or vice versa

Question 7

How do you defend against brute force attacks?

Answer 7

Simple measures like locking accounts after a certain number of failed attempts and using strong passwords will reduce the risk of a brute force attack

Question 8

What is a Denial of Service (DoS) attack?

Answer 8

Where a hacker tries to stop users from accessing a part of a network or website
Most DoS attacks involve flooding the network with useless traffic, making the network extremely slow or completely inaccessible

Question 9

What is malware?

Answer 9

Malicious Software

Installed on someone’s device without their knowledge or consent that can harm their device

Question 10

What are some of the typical actions of malware?

Answer 10

• Deleting or modifying files
• Scareware
• Locking files
• Spyware
• Rootkits
• Opening backdoors

Question 11

What is scareware?

Answer 11

E.g. It tells the user that their computer is infected with lots of viruses to scare them into following malicious links or paying for problems to be fixed.

Question 12

What happens when a hacker locks files?

Answer 12

Ransomware encrypts all the files on a computer. The user receives a message demanding a large sum of money to be paid in exchange for a decryption key

Question 13

What is spyware?

Answer 13

It secretly monitors user actions, e.g. key presses, and sends info to the hacker

Question 14

What are rootkits?

Answer 14

Rootkits alter permissions, giving malware and hackers administrator-level access to devices

Question 15

What does it mean to open backdoors?

Answer 15

Making holes in someone’s security which can be used for future attacks

Question 16

How can malware access a device?

Answer 16

Viruses
Worms
Trojans

Question 17

Viruses

Answer 17

Attach to certain files, e.g. .exe files and autorun scripts. Users spread them by copying infected files and activate them by opening infected files

Question 18

Worms

Answer 18

Like viruses but they self-replicate without any user help, meaning they can spread very quickly. They exploit weaknesses in network security

Question 19

Trojans

Answer 19

Malware disguised as legitimate software. Unlike viruses and worms, Trojans don’t replicate themselves - users install them not realising they have a hidden purpose.

Question 20

What is a network policy?

Answer 20

A set of rules and procedures the organisation will follow to ensure their network is protected against attacks and unauthorised access

Question 21

A good network policy will…

Answer 21

• Regularly test the network to find and fix security weaknesses and investigate any problems
• Use passwords to prevent unauthorised people from accessing the network
• Enforce user access levels to limit the number of people with access to sensitive information
• Install anti-malware and firewall software to prevent and destroy malicious software attacks.
• Encrypt sensitive data

Question 22

What is penetration testing?

Answer 22

When organisations employ specialists to simulate potential attacks on their network
Pentesting is used to identify possible weaknesses in a network’s security by trying to exploit them. The results of the pentest are then reported back

Question 23

What are network forensics?

Answer 23

• Network forensics are investigations undertaken to find the cause of attacks on a network. To conduct network forensics, an organisation needs to have a system of capturing data packets as they enter their network.
• After the network is attacked, these packets can be analysed to discover how the network was attacked and decide how to prevent future attacks

Question 24

Passwords

Answer 24

• Passwords help prevent unauthorised users accessing the network
• Passwords should be strong - they should be many characters long, use a combination of letters, numbers and symbols - and be changed regularly

Question 25

What are user access levels?

Answer 25

• They control which parts of the network different groups of users can access
• User access levels help limit the number of people with access to important data, so help prevent insider attacks on the network

Question 26

An example of using UALs

Answer 26

Business managers are likely to have a higher access level allowing them to access more sensitive data, like pay information.
They may also have to write access to files that others can only read and the ability to change employees’ access levels.

Question 27

Anti-malware software

Answer 27

Designed to find and stop malware from damaging a network and the devices on it. There are lots of different types of anti-malware software, including antivirus programs which isolate and destroy computer viruses.
Companies use firewalls to block unauthorised access. Firewalls examine all data entering and leaving the network and block any potential threats

Question 28

Encryption

Answer 28

• When data is translated into a code which only someone with the correct key can access, meaning unauthorised users cannot read it
• Encrypted text = cipher text
• Unencrypted text = plain text
• Encryption is essential for sending data over a network securely

Question 29

What is social engineering?

Answer 29

A way of gaining sensitive information or illegal access to networks by influencing people, usually the employees of large companies

Question 30

What is phishing?

Answer 30

A type of social engineering where a criminal sends emails or texts to people claiming to be from a well-known business.
The email often contains links to spoof versions of the companies website.
They then request that the user updates their personal information, which the criminals then gain access to in order to use on their genuine account.

Question 31

How can a user be defended against phishing?

Answer 31

Email programs, browsers and firewalls have anti-phishing features that will reduce the number of phishing emails received.

Question 32

What is SQL?

Answer 32

Structured Query Language

One of the main coding languages used to access information in databases

Question 33

What is a SQL injection?

Answer 33

• Pieces of SQL typed into a website’s input box which then reveal sensitive information.
• If a website does not have secure input validation, then someone can enter a piece of SQL code which allows them to access other people’s account information as well as their own.