System Security

Question 1

Networking of computers brings many advantages. Why might networking of computers also have some disadvantages?

Answer 1

Networking is when two or more computers are connected together. It means that if someone is able to access one computer on the network, they could also be able to access all the data on all the computers on the entire network.

Question 2

What is System Security about?

Answer 2

System Security looks at the measures that can be put in place to reduce the risk of criminals gaining entry to a network to steal data from or compromise data on computers in a network.

Question 3

What is malware?

Answer 3

Any software that can harm a computer or a user.

Question 4

Name four types of malware

Answer 4

Viruses
Spyware
Adware
Pharming

Question 5

What is a virus?

Answer 5

Viruses is a small program who main purpose is to cause physical harm to a computer.

Question 6

What is Spyware?

Answer 6

Spyware is a small program that is designed to harm the user by trying to record data about them. The aim is to spy on the user and send back things like username, common passwords, sites visited by the user.

Question 7

Name three different types of viruses.

Answer 7

Standard Virus
Worms
Trojan

Question 8

Describe what Standard viruses do.

Answer 8

These are programs which hide in files. Copying themselves (replicate) in order to spread into other programs and files. Their aim is usually to delete and damage data

Question 9

How does a Worm virus operate?

Answer 9

These programs replicate themselves using more and more of the computer resources, slowing the computer down until it basically cant function anymore.

Question 10

What is a Trojan virus?

Answer 10

These programs come in as programs that you think are useful, but in the background they add another small program that may be deleting programs or opening ports for other destructive programs to use to get into your computer and network.

Question 11

Name one common spyware program and explain what it does

Answer 11

A key logger. It is the software that will record all the keys that are pressed on a keyboard. It does this to record information about such as your password, so that it can steal more information about you.

Question 12

What is Adware?

Answer 12

Adware is a spyware. This malware aims to download and display unwanted adverts. It also may collect information about what you regular do online for marketing purposes. They may also redirect you to unwanted pages by changing your homepage.

Question 13

What is pharming?

Answer 13

Pharming is when you type in a web address, a url of a genuine site but instead of being taken to the correct site you are taken to a fake version of the site because the numbers point to the website (IP address) have been changed to the wrong ones in the DNS records.

Question 14

Describe what Scareware does?

Answer 14

Scareware is a pop up malware that scares you with a message to carry out a purchase or action. It might show a pop up that says your computer is infected with a virus. Then provide a button that says purchase now to clean it.

Question 15

What is ransomware?

Answer 15

Ransomware is a program that uses encryption to lock the data on your computer so that you cannot use it. They will then send a message asking you to pay a certain amount of money to unlock it. An example of this is what happened to the NHS a few years back.

Question 16

What are Rootkits

Answer 16

A set of software programs or hacking tools that allow unauthorized users (criminals) to take complete control of your computer.

Question 17

What is phishing? Describe it.

Answer 17

An email or phone call or website that tries to get certain sensitive information about you. This is a method of identity theft. You may get a message pretending to be from your bank asking you to re-enter your username and password. Once these have been entered, the hacker now uses it to access your bank account or impersonate (pretend ) to be you at your online bank.

Question 18

What do you call the act of manipulating people to give away personal information or making mistakes when it comes to doing the right things when working on a network.

Answer 18

Social engineering

Question 19

How can you reduce the effect of social engineering tactics on your users.

Answer 19

People are the main problem when trying to protect a network as they fall foul to social engineering tricks. This can be reduced by educating the users on different social engineering tricks and what they should and should not do.

Question 20

What do your call the process used when a criminal uses trial and error to try thousands and thousands of passwords to hack an account’s password?

Answer 20

Brute Force Attack

Question 21

What does DoS stand for?

Answer 21

Denial of Service Attack

Question 22

Put the website server resources under so much pressure by bombarding it with intensive traffic that it cannot cope and the website crashes. What kind of attack is this?

Answer 22

Denial of Service Attack.

Question 23

Name two reasons why criminals carry out Denial of Service attacks.

Answer 23

Criminals do it to ask for money to stop the attack

Do it for political or social reasons as a form of punishment for the website.

Question 24

What does encryption do to data?

Answer 24

It puts data into a format that humans cannot easily read (unreadable, scrambled), thereby protecting the data

Question 25

What can criminals use to monitor network traffic and intercept data which they feel contains sensitive data and read it?

Answer 25

Packet sniffers

Question 26

What protects data from being read by Packet sniffers?

Answer 26

Encryption

Question 27

What is SQL?

Answer 27

Structured Query Language that is used to look up, write, add, modify etc. data on a database using a set of statements.

Question 28

What is SQL Injections

Answer 28

When you modify the SQL statements to change what it should do to what the criminal wants it to do. This may be to change the database password, return more records, add, delete or or become destructive.

Question 29

What does a network policy do?

Answer 29

It sets out the rules telling users what they should do and how they should do it.. The rules may include that they will need to use a password to log on and off of their computer, the type of password they should set etc

Question 30

What do you think happens if people do not follow the network policy?

Answer 30

If people do not follow the network policy then the network can become more vulnerable. Hackers can then easily gain access to steal data and destroy the computers on the network.. The system security becomes weak.

Question 31

What is penetration testing

Answer 31

This is when a company invites experts to pretend to attack different malware attacks to understand where the system or network is weak, so that companies can try and make them better and stronger.

Question 32

Explain what Network Forensics does

Answer 32

Network Forensics does not stop the attack but monitors network traffic so that if an attack occurs, it can be tracked. The information is reviewed to learn how to stop attacks in future.

Question 33

Name two policies that should be written for networks to improve security

Answer 33

Acceptable Use Policy (AUP)
Backup Policy
Disaster Recovery Policy

Question 34

What might /an Acceptable Use include

Answer 34

Use complex passwords
Have different levels of access for users
Locking the computer after certain time when users are inactive or away
No use of USB
No downloading and installing of software from the internet without authorisation

Question 35

What might a Backup Policy include?

Answer 35

The person who should do the backup
The timetable or schedule for the backup
The media the backup will be made on 
Where the back up will be stored
The data to be backed up and the changes since the last backup
the period of verification

Question 36

What might a Disaster Recovery Policy include?

Answer 36

Who the responsible people are in the event of a disaster
Where the backups are
How the system can be recovered

Question 37

Which software can find and delete or quarantine malware or viruses?

Answer 37

Anti-virus or anti-malware software.

Question 38

How do you keep an anti-virus working well?

Answer 38

By ensuring you update it regularly

Question 39

What do you use to find and quarantine spyware?

Answer 39

Use an anti-spyware

Question 40

What is a firewall?

Answer 40

A firewall is a piece of hardware or software that will monitor data through ports on your computer and only allow information through on the allowed ports and in allowed formats. It blocks data coming through unexpected ports or in formats that are not allowed.

Question 41

Explain how having user access levels keeps a computer more secure?

Answer 41

You can give different users in a company more or less access to computers and networks.Some may be able to access all parts because they are highly trusted and high up in the company and others only the parts they need. This means certain sensitive data can only be seen by people who need it. It also prevents the wrong people from deleting data.

Question 42

Why do we need passwords?

Answer 42

Passwords stop people who should not be on a computer or network from getting into the computer or network. It prevents unauthorised access.

Question 43

What makes a strong password

Answer 43

A strong password should
be 8 or more characters
include letters and numbers
include special characters
include letters that are uppercase as well as those that are lowercase
be changed regularly

Question 44

What is an encryption key?

Answer 44

It is an algorithm. A series of steps that help you change the data within a file, from being readable (plain text) to un-readable (cipher text)