Security Risks And Precautions

Question 1

What is a digital certificate?

Answer 1

An electronic document used to confirm the identity of a person or organisation

Question 2

In symmetric encryption…

Answer 2

Both the key for encrypting and the key for decrypting are the same and are agreed before information is transmitted

Question 3

What is data encryption?

Answer 3

When information is jumbled to make it unreadable

Question 4

How does encryption help against hacking?

Answer 4

Any sensitive data intercepted by a hacker will be useless as it will be unreadable.
Any data on a stolen laptop/backing storage device is protected

Question 5

What is symmetric key encryption?

Answer 5

A type of key based encryption which uses the same key agreed by both parties before transfer of information can begin

Question 6

What is the drawback of symmetric key encryption?

Answer 6

The encryption key must be transmitted between two parties without it being intercepted.

Question 7

Public Key Encryption: What is involved?

Answer 7

Both public and private key are generated to work as a pair. The private key can encrypt data which can only be decrypted by the linked public key and vice versa.

Question 8

How SSL uses public key encryption on a secure website

Answer 8

Users browser receives websites public key
Private key remains on the server secured
Public key is used to encrypt sent data
Private key can then decrypt the message once data arrives in the server

Question 9

What is a digital signature?

Answer 9

An electronic signature contained within a digital certificate used to prove the identity of a sender of data or the signer of a document whilst making sure that the original data remains untampered with

Question 10

Who uses digital signatures in the real world?

Answer 10

Supported by a wide variety of software packages - helpful to those who wish to send legally important messages

Question 11

Public Key infrastructure purpose

Answer 11

To allow companies and individuals to state that the identity information and the public key confirmed by digital signature belong together

Question 12

Digital certificate contents

Answer 12

Digital signature
Name
Serial number
Expiration date

Question 13

Digital Certificate purpose

Answer 13

To make use of a public key in order to bind the digital signature and identity together.

Question 14

What is validation?

Answer 14

The process of checking data to be appropriate before processing starts

Question 15

What is involved in Client-Side validation checks?

Answer 15

Checks are made by the users browser using a scripting language such as JavaScript

Question 16

What is used in checks made in server-side validation?

Answer 16

All info is checked (and verified) by the server

Question 17

What are the advantages of client-side validation?

Answer 17

Faster than server side validation - processing takes place on users computer
Saves time for info which doesn’t need to be sent between the client and the server

Question 18

What are the disadvantages of client-side validation?

Answer 18

More prone to data interception

Question 19

What are the advantages of server-side validation?

Answer 19

Users cannot interfere with data transfer - it is more secure, data validation cannot be disabled and centrally held data may be updated

Question 20

What are the disadvantages of server-side validation?

Answer 20

Slower process than client-side validation

Question 21

What are the advantages of using biometrics for security?

Answer 21

Harder to forge
Cannot lose them, unlike passwords
Cannot use them without authorisation like ID cards

Question 22

Using biometrics for security purpose - Disadvantages/Concerns

Answer 22

Invasion of privacy, too intrusive on the public by security

Question 23

How does a public key solve the problems which occur in symmetric key encryption during data transmission?

Answer 23

As symmetric key encryption uses one key only and thus can be intercepted during transmission.
Essentially only encrypted data is passed between users for a public key style encryption.

Question 24

What is the purpose of a firewall?

Answer 24

To form an internal barrier between a secure network and any other network

Question 25

Which act makes hacking illegal?

Answer 25

The computer misuse act

Question 26

What is a virus?

Answer 26

A self replicating program which must be attached to a program

Question 27

What are the differences between a virus, worm and Trojan?

Answer 27

A virus copies itself into other executable programs
A worm does not need to be attached to another program and does not always cause damage. It replicates itself.
A Trojan does not replicate itself.

Question 28

Why might an employer use a key logger?

Answer 28

To check up on what their employees are doing online and keep track of their usage, Internet browsing history, how they make use of company resources

Question 29

How might you identify a possible phishing email?

Answer 29

Spelling mistakes
Sent to someone without addressing them by name
Sender address
Request sensitive information

Question 30

Describe what spyware is

Answer 30

Spyware is a type of malware used to gather information about a group or individual using methods such as monitoring keystrokes

Question 31

Describe what phishing is?

Answer 31

A form of fraud in which the attacker tries to gain sensitive information such as login credentials, usually acting as a known contact and sending a scam email requesting the information

Question 32

Describe what is meant by key logging?

Answer 32

Considered to be a type of spyware as well as software. Is capable of recording every keystroke made on a keyboard to a log file.

Question 33

What is online fraud and identity theft?

Answer 33

Online fraud is a fraud committed online. Identity theft is when someone else uses or steals your identity, often with the aim of committing online fraud.

Question 34

What is spam?

Answer 34

Usually refers to junk email and is often used in identity theft

Question 35

What is credit card fraud?

Answer 35

Any kind of theft and fraud committed involving a payment card in which the attacker does not own and in which the attacker usually aims to make use of to gain funds or obtain goods without paying.

Question 36

Name a type of definitely malicious software

Answer 36

Spyware - Installed without the users permission

Question 37

What is spyware?

Answer 37

Monitors user activity and transmits that information in the background to someone else

Question 38

Phishing

Answer 38

Emails or websites which trick users into entering personal details, which are then used illegally

Question 39

Adware

Answer 39

Software product where you will be viewing sponsored advertisements until a commercial fee is paid

Question 40

Type of malicious activity which is equally as dangerous to large corporations as it is to an individual user

Answer 40

Keylogging

Question 41

Identity Theft

Answer 41

The crime of obtaining the personal or financial information of another person for the purpose of making purchases or transactions under their name or identity

Question 42

A zombie

Answer 42

A computer compromised by a hacker

Question 43

What is sent from the compromised computer to the attacker in a DDoS attack?

Answer 43

The IP address

Question 44

Botnet

Answer 44

A group of compromised computers in a DDoS attack

Question 45

Symmetric Key Encryption

Answer 45

Same key is used to encrypt and decrypt a message

Question 46

Public Key use

Answer 46

Used by all people - sent to a particular individual

Question 47

Less secure form or validation

Answer 47

Client side

Question 48

More secure form of validation

Answer 48

Server side

Question 49

Three steps involved in biometric analysis

Answer 49

Observation or collection of the data
Conversion and Description of the observed data using a digital representation called a template
Comparison of new data with one or more previous templates stored in a database

Question 50

Technique designed to deal with spoof attacks on biometrics

Answer 50

Liveness detection algorithms

Question 51

When a biometric scan take place a match is achieved by

Answer 51

The live scan being similar to the stored scan data

Degree of similarity is adjusted by system to increase or decrease strictness of the system

Question 52

Denial of Service Attacks

Answer 52

Designed to prevent a user from accessing a computer system, server or website
Aim to create a situation where the resources of the attacked system are flooded with so many processing requests that the system can no longer carry out its intended purpose

Question 53

Biometric Data Examples

Answer 53

Fingerprints and Retina Patterns

Used instead of passwords to gain access to systems and data