Security #9.5

Question 1

What is cybersecurity?

Answer 1

• Range of measures taken to
• protect computer systems, networks
• and data from unauthorised access/cyberattack

Lets say:
Ways of protecting PC, networks or data from unauthorised access (cyberattack)

Question 2

How are cyberattacks carried out?

Answer 2

Malware

Question 3

What is malware?

Answer 3

Malicious software

Question 4

4 types of malware?

Answer 4

• Viruses
• Worms
  *Spyware
• Trojans

Question 5

What are viruses?

(malware)

Answer 5

• Programs that can replicate themselves
  and be spread from one system to another
• By attaching themselves to host files

Question 6

Use of virus?

(malware)

Answer 6

Modify/corrupt info of targeted computer system

Question 7

What are worms?

(malware)

Answer 7

• Self-replicating programs
• Can identify vulnerabilities in OS

Question 8

Use of worm?

(malware)

Answer 8

Enable remote control of infected computer

Question 9

What is spyware?

(malware)

Answer 9

• Installed by opening attachments/downloading infected software

Question 10

Use of spyware?

(malware)

Answer 10

Collect stored data without user’s knowledge

Question 11

1 type of spyware?

(malware)

Answer 11

Keyloggers

Question 12

What does a keylogger do?

(spyware)

Answer 12

• Track keystrokes
• Can capture passwords of accounts

Parents use these ig to monitor children online activity O_o

Question 13

What are trojans?
+ use

(malware)

Answer 13

• Program appearing to perform useful function
• But provides a back door

+ Enables data to be stolen

Question 14

What are the 6 ways of protection against malware

(imo just think of 3 but whatever ya think of first)

Answer 14

• Install virus protection software
• Use firewall
• Keep OS up-to-date
• Use latest ver. of web browser
• Be aware if phishing emails
• Malicious software removal tool

Question 15

Describe virus protection software

Answer 15

AKA anti-virus software

• Program loaded into mem whilst pc running
• Monitors activity on pc for signs of virus infection
• Also always upd these regularly

Question 16

How does anti-virus recognise viruses?

Answer 16

• Virus has its unique ‘signature’
• Antivirus stores that in database
  *PC scanned if signature in database exist

Question 17

Describe firewall

Answer 17

• Software/hardware security system
• Controls incoming & outgoing network traffic
• Packets of data analysed, decides if they allowed or not

Question 18

Basic function of firewall?

Answer 18

• Monitors:
  where data has come from,
  where it’s going,
  decides if communication is allowed

Question 19

How does the firewall do the basic function?

Answer 19

By checkin g a list of pre-defined rules

Question 20

Explain ‘keep your operating system up to date’

Answer 20

New way to bypass OS = install security patches issued

Question 21

Explain ‘use latest ver. of web browser’

Answer 21

Same as ‘keep your operating system up to date’

Update installed after restarting browser

Question 22

Explain ‘look out for phishing emails’

Answer 22

• Emails ask you to confirm personal details

FAKE AF

Question 23

Describe malicious software removal tool

When should u use it?

Answer 23

• literally just removes the malware
• use it if you got malware in computer

Question 24

List 6 forms of cyberattacks

(although u could think of 3, u probably might want to know these all)

Answer 24

• Shoulder surfing
  *SQL injection
• DoS attacks
• Password-based attacks
  *IP spoofing
  *Social engineering

Question 25

Explain shoulder surfing

(cyberattack)

Answer 25

• Using direct observation to get info
  e.g. guy using ATM machine

Question 26

Explain SQL injection

(cyberattack)

Answer 26

• Technique of malicious users,
  injecting SQL commands into SQL statement,
  via web page input
• Injected SQL commands alter SQL statements
• Compromises security of info held in database

( seems a lot to remember )

Question 27

DoS attacks short for?

(cyberattack)

Answer 27

Denial of service attacks

Question 28

Explain DoS attacks?

(cyberattack)

Answer 28

• Technique used to make website/server unavailable to legitimate users
• By swamping system with fake requests
• Involves a single internet connection

Question 29

DDoS short for?

(cyberattack)

Answer 29

Distributed Denial of Service

Question 30

Explain DDoS attacks?

(cyberattack)

Answer 30

• Same as DoS however
  *Involves multiple connected devices
• Distributed across the internet
• Causes huge volumes of traffic

Question 31

Explain password-based attacks

(cyberattack)

Answer 31

Cyber criminals using ways of finding out ur password

Question 32

What are the 3 types of password-based attacks?

(cyberattack)

Answer 32

• Dictionary attack
  *Brute force attack
• Guess

Question 33

Explain dictionary attack

(password-based attacks)

Answer 33

• Uses simple file containing words found in dictionary
• Uses common words people use as their password

Question 34

Explain brute force attack

(password-based attacks)

Answer 34

*Similar to dictionary attack
* But able to detect non-dictionary works
* Through all possible alphanumeric combinations

e.g. aaa1 to zzz10

• Not quick, tho eventually uncovered

Question 35

Explain guess

(password-based attacks)

Answer 35

• Passwords aren’t random
• Likely based upon
• interests
• hobbies
• pet names
• family names
• A well educated guess often works

Question 36

Explain IP spoofing

(cyberattack)

Answer 36

• spoof = hoax = trick
• Attacker changes IP address of legitimate host
• Visitor who types URL of site
• Sent to spoofed web page
• Can steal sensitive data/install malware

Question 37

Explain social engineering

(cyberattack)

Answer 37

• Involves tricking user to give out sensitive information

a good example is tech supporters
I mean phishing.

Question 38

3 ways of identifying vulnerabilities in PC?

Answer 38

• Footprinting
• Ethical hackings
• Penetration testing

Question 39

Explain footprinting

(identifying vulnerabilities)

Answer 39

• Involves gathering all info about PC/network/devices attached to it
• Enables penetration tester to discover
• How much detail at tacker could find out
• Allows organisations to limit technical info publicly available

Question 40

Explain ethical hackings

(identifying vulnerabilities)

Answer 40

• Needs perms from system owner to do this
• Ethical hacker attempts to bypass system security
• In search for any weak points
  to be exploited by malicious hackers
• The info used by owner to improve system security

Question 41

Explain penetration testing

(identifying vulnerabilities)

Answer 41

• Subset of ethical hacking
• Process of testing PC/network
  to find vulnerabilities
• Tests can be automated with software applications/manually

Question 42

What are the 4 penetration testing strategies?

(identifying vulnerabilities)

Answer 42

• Targeted testing
• External testing
• Internal testing
• Blind testing

Question 43

Explain targeted testing

(penetration testing)

Answer 43

• Carried out by organisations ICT team
• Work together ig

Question 44

Explain external testing

(penetration testing)

Answer 44

• Find out if an outside attacker
• can get in and how far
• they can get in once gained access

Question 45

Explain internal testing

(penetration testing)

Answer 45

• Estimate how much dmg
• dissatisfied employee could cause

Question 46

Explain blind testing

(penetration testing)

Answer 46

• Simulate actions and procedures of a real attacker
• By severely limiting info given to team performing test