Systems Security (Ch14) (M1)

Question 1

Give two risks of computer networks

Answer 1

-Username/passwords can be cracked or stolen
-Viruses/malware can be spread to devices, computer systems and other systems you interact with physically and digitally
-Data can be accessed, changed or stolen
-Email scams can be used to trick people, for purposes such as identity theft

Question 2

Define a cyber attack

Answer 2

A cyber-attack is an attempt to gain unauthorised access to a network with the intention of accessing, changing, or destroying information.

Question 3

What are people who perform cyber attacks often called?

Answer 3

Individuals who perform cyber attacks are often referred to as hackers or cybercriminals

Question 4

Give four reasons for cyber attacks

Answer 4

1) For a challenge – to see if they can succeed
2) For fun – it might be a hobby
3) For financial gain – stealing and selling data
4) Idealism – trying to expose an injustice
5) Revenge – a disgruntled employee or ex friend
6) To take out a competitor – by bringing down their website
7) Political motives – to raise awareness of a political issue
8) Security reasons – trying to find flaws in a system, before someone else finds them

Question 5

Define cyber security

Answer 5

Cyber security is the set of measures taken to protect networks and computer systems from cyber-attacks.

Question 6

Name five things a business might do, to improve their cyber security

Answer 6

Things a business might do, to improve their cyber security:

1) Get a VPN
2) Install reliable Antivirus software
3) Use complex passwords
4) Use password managers
5) Protect with a firewall
6) Install encryption software
7) Ignore suspicious emails
8) Limit access to critical data
9) Back up data often
10) Secure your Wi-Fi Network
11) Secure laptops and smartphones
12) Communicate cyber security measures to employees

Question 7

Why might cyber criminals target businesses?

Answer 7

Cyber criminals may target businesses because:

-Businesses have a lot of money, they may want to gain some for themselves
-They may disagree with what the business does
-It may be an old employee from a business, trying to get revenge

Question 8

What is the most valuable thing that a business owns? Why?

Answer 8

The most valuable thing that a business owns is data.
Physical things can all be replaced. But if data is lost, the organisation would no longer have a business.

Question 9

Why do cyber attacks often focus on trying to steal company data?

Answer 9

Cyber-attacks often focus on trying to steal company data because:

-The criminals can sell this valuable data to a competitor.
-Or, they might try to extort (blackmail) money, for the safe return of the data.
-It could also be to damage the reputation of a business, showing people that the business doesn’t take enough precautions to keep user’s confidential data safe

Question 10

Give two consequences to a business, following a data breach

Answer 10

Consequences to a business, following a data breach:

-They lose important information about employees, like allergies, phone numbers
-Personal information about everyone who works at the company would be accessed by a third party
-The business could be sued for weak cyber security
-The business is breaching the Data Protection Act (2018) by not keeping employee data safe

Question 11

Give one example of personal data that may be stored by a business

Answer 11

Much of the data stored by businesses is classed as personal data. For example: customer names, addresses, bank details, etc

Question 12

What condition do businesses have to follow, if they are storing customer data?

Answer 12

Businesses are allowed to store customer data, as long as they have adequate security measures in place, following the Data Protection Act (2018) / GDPR

Question 13

Why would a business face a fine and be prosecuted if data is stolen in a cyber attack?

Answer 13

If data is stolen during a cyber-attack, it shows that the business did not do enough to protect that data.
They have broken the law and are likely to be prosecuted and face a very large fine.

Question 14

What is confidentiality?

Answer 14

Confidentiality is where data is kept private from users and third parties.

Question 15

Why is confidentiality important for companies?

Answer 15

Confidentiality is where data is kept private from users and third parties.
This is incredibly important because companies can be prosecuted for not following the Data Protection Act if there is a data breach or leak of data.
It would also damage their reputation and many people would not trust the company to store their personal data.

Question 16

Give four forms of attack on a network

Answer 16

Forms of Attack:

Malware
Phishing
Brute Force Attacks
Denial of Service Attacks
Data Interception and Theft of Data
SQL Injection
Rootkit
Backdoors

Question 17

What are the three types of attack?

Answer 17

Three types of Attack:

Passive attack
Active attack
Insider attack

Question 18

What is a passive attack? What is used?

Answer 18

A passive attack is where someone monitors data travelling on a network and intercepts any sensitive information they find.
They use network monitoring hardware and software, such as packet sniffers. Passive attacks are hard to detect as the hacker is quietly listening.
Encryption is the best way to be protected from passive attacks.

Question 19

What is an active attack? What is the main defence?

Answer 19

An active attack is where someone attacks a network with malware or other planned attacks. They are more easily detected. The main defence is a firewall.

Question 20

What is an insider attack?

Answer 20

An insider attack is where someone within an organisation exploits their network access to steal information.

Question 21

What is malware?

Answer 21

Malware is software designed to disrupt, damage or gain unauthorised access to a computer system.
Malware is short for ‘malicious software’

Question 22

Give three different forms of malware

Answer 22

Different forms of malware:

Viruses
Worms
Trojans
Spyware and Keyloggers
Ransomware

Question 23

Give three things that malware can typically do to a computer system

Answer 23

Typical things Malware can do:

-Delete or modify files
-Scareware - for example, telling the user their computer is infected with lots of viruses to scare them into following malicious links or paying or problems to be fixed
-Ransomware - encrypting all files on a computer. The user recieves a message demanding a large sum of money in exchange for the decryption key.
-Spyware - secretly monitoring a user’s actions., For example: key presses, and it sends this information to the hacker.
-Rootkits - these alter permissions, giving malware hackers administrator-level access to devices.
-Backdoors - holes in someone’s security which can be used for future attacks.

Question 24

Give two ways that malware can access a device

Answer 24

Ways Malware can access a device:

-Viruses attach - by copying themselves - to certain files. Users spread them by copying infected files, and activate them by opening infected files.
-Worms are like viruses but they self-replicate, this means that they can spread very quickly. Worms exploit weaknesses in network security.
-Trojans are malware disguised as legitimate software. They don’t replicate themselves - users install them, not realising they have a hidden purpose.

Question 25

What is a virus?

Answer 25

A computer virus is a piece of code designed to copy itself (replicate) into other programs and files.

Question 26

Once a program infected with a virus has been opened, what will happen?

Answer 26

Once an infected program has been opened, the virus will be placed into system memory.
It will then begin to replicate, trying to infect other files and network devices.

Question 27

What will many viruses attempt to do to a computer?

Answer 27

Many viruses will attempt to corrupt, modify or delete data on your computer.

Question 28

Give three ways that viruses can be spread

Answer 28

Viruses can be spread in a number of different ways:

-Email - via attachments in email messages
-Infected websites
-Removable media - e.g. memory sticks
-Social media - links or images in posts

Question 29

What is a worm?

Answer 29

A worm is also a malware program that tries to replicate itself.

Question 30

In terms of being run and activated, what is the difference between a virus and a worm?

Answer 30

Viruses are normally attached to an executable (.exe) file and need that file to be run, before they are activated.
But, worms do not need a host program to run and replicate.

Question 31

Once a worm is on a system, what will it do?

Answer 31

Once a worm is on your system, it will continue to make copies and spread around the network, regardless of what your computer is doing.

Question 32

Give one effect of a worm

Answer 32

Effects of a worm:

-Worms are so effective at copying themselves that they can cause the system to run out of memory and crash.
-They can also slow down network connections as they search for other devices to infect.

Question 33

Give two ways that worms can be spread

Answer 33

Worms can be spread in a number of ways:

-Files sent as email attachments
-Peer-to-peer file sharing networks
-Links to a resource on the internet

Question 34

What is a trojan?

Answer 34

Trojan malware is malware that hides inside a legitimate software application.

Question 35

Do trojans replicate? What is their aim?

Answer 35

Trojans do not replicate themselves. Their aim is to sit on your computer system, completely unnoticed.

Question 36

What can trojans create on your system? What does this allow?

Answer 36

Trojans can create backdoors by making changes to your security, allowing other malware or hackers access to your system.

Question 37

What kind of malware can a trojan act as? How does it behave like this?

Answer 37

Trojans can act as spyware, waiting to collect your online account and credit card details. Once collected, they are sent back to a criminal entity.

Question 38

What network can a trojan make your computer part of? What attack is this used in?

Answer 38

Trojans can make your computer into part of a botnet to be used in a DDoS attack.

Question 39

What is spyware?

Answer 39

Spyware is malware that gathers data about your activities on the computer.
It then relays that information (secretly) to a third party.

Question 40

Give three things that spyware may gather about a user

Answer 40

Spyware may gather data such as:

-Websites that you visit
-Social media that you use
-Your personal information, e.g. login details, credit card data
-It may redirect your browser to advertising site or sites containing other malware
-It can also alter your browser settings such as changing your default home page

Question 41

Give two ways you can download spyware

Answer 41

You may download spyware by:

-Clicking on a pop-up advert, e.g. ‘free prize draw’
-Downloading free software, e.g. a video sharing program
-Emails and social media messages can contain links to spyware

Question 42

What is a keylogger?

Answer 42

A keylogger is a type of malware that records every key that you press on your keyboard.

Question 43

What does a keylogger do?

Answer 43

A keylogger is a type of malware that records every key that you press on your keyboard.
It can also record every mouse click, every item you download or anything else that you do on your computer.
The data collected is sent, without your knowledge, to a third-party

Question 44

What is ransomware?

Answer 44

Ransomware is a type of malware that encrypts or locks files on the system so that the user cannot access them.

Question 45

What is accompanied by ransomware?

Answer 45

A demand for payment is received after downloading ransomware. It is often accompanied by a threat that the files will be destroyed if the ransom is not paid.

Question 46

With ransomware, what is the problem with paying the ransom to unlock your files again?

Answer 46

Even if the ransom is paid, there is no guarantee that the files will be unlocked

Question 47

What is social engineering?

Answer 47

Social engineering is a technique used by criminals to manipulate or trick people into revealing confidential information.

Question 48

What is the data obtained from social engineering used for?

Answer 48

The data obtained from social engineering is used to gain access to a computer system.

Question 49

Social engineering is one of the most common methods used by cyber criminals. Why?

Answer 49

Social engineering is one of the most common methods used by cyber criminals.
This is because people are generally trusting of others and this makes them a weak link where network security is concerned.

Question 50

What is the best way for companies to prevent social engineering attacks?

Answer 50

The best way for companies to prevent social engineering attacks is by educating employees on the risks and what to look out for.

Question 51

Give one way that social engineering takes place

Answer 51

Ways that social engineering takes place:

-A phone call out of the blue may tell you that a problem has been noticed with your computer. You are told that you need to download some software to fix the issue.
-Or, the call may be from ‘your bank’ who have noticed some unusual activity on your account. You are told you need to provide your login details or security answers so that they can ‘verify’ you.

Question 52

What is phishing a type of?

Answer 52

Phishing is a type of social engineering.

Question 53

Describe the process of a phishing attack

Answer 53

Phishing attacks often send an email pretending it is from a trusted organisation such as a bank, the tax office, a parcel delivery company, etc.
They try to trick people into giving away account information.
They do this by pretending there is a problem, e.g. missed parcel delivery, rejected bank payment, etc.
Within the email is usually a ‘call-to-action’, telling the user to ‘click here’ to solve the problem.
Clicking on the link often takes you to a fake, but very convincing looking website

Question 54

Who might a phishing attacker pretend to be?

Answer 54

Phishing attacks often send an email pretending it is from a trusted organisation such as a bank, the tax office, a parcel delivery company, etc.

Question 55

How many people are phishing emails often sent to?

Answer 55

Phishing emails are often sent to thousands of people, in hope that someone will read the email and believe its content is legitimate.

Question 56

What feature do many email programs, browsers and firewalls have to attempt to stop phishing?

Answer 56

Many email programs, browsers and firewalls have anti-phishing features that will reduce the number of phishing emails received.

Question 57

What is a brute force attack?

Answer 57

A brute force attack is where software is used to try every possible combination of words, numbers and symbols to try to crack a password.

Question 58

Why can brute force attacks be very effective?

Answer 58

Brute force attacks can be very effective because so many people use short, simple and easy to guess passwords.

Question 59

Give one way that brute force attacks can be stopped

Answer 59

-Brute force attacks can be stopped by limiting the number of failed login attempts. Many systems will lock the account after three failed logins.
-CAPTCHAs can also help to block brute force attacks.
-Using strong passwords (capital letters, numbers, symbols, a length of over eight characters) can make it harder to an automated algorithm to guess your password

Question 60

What is a Denial of Service (DoS) attack?

Answer 60

A denial of service attack (DoS) is where a criminal uses software to bombard a web server with fake requests.

Question 61

Describe the process of a Denial of Service (DoS) attack

Answer 61

-A denial of service attack (DoS) is where a criminal uses software to bombard a web server with fake requests.
-This is done to use up the server memory and CPU cycles in the hope of making the server crash.
-A DoS typically uses one computer and one internet connection.
-Servers are usually built to withstand an attack from a single source. -So the DoS may not be successful.

Question 62

Give two reasons for Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks

Answer 62

Reasons for DoS and DDoS attacks:

-To extort money
-To punish the company for unethical behaviour
-To get revenge on the company

Question 63

What is a Distributed Denial of Service (DDoS) attack?

Answer 63

A DDoS (distributed denial of service attack) is where a criminal uses many computers and many internet connections to bombard a web server with fake requests.

Question 64

Describe the process of a Distributed Denial of Service (DDoS) attack

Answer 64

-A DDoS (distributed denial of service attack) is where a criminal uses many computers and many internet connections to bombard a web server with fake requests.
-Multiple computers are infected with botnet malware.
-The main computer communicates with the infected computers, commanding them to send simultaneous fake requests to the server.
-This overwhelms the server using up CPU time, memory and network bandwidth so that it is unable to deal with legitimate users.

Question 65

What is data interception often referred to as?

Answer 65

Data interception is often called a ‘man in the middle attack’ (MITM)

Question 66

What is a data interception attack?

Answer 66

A Data Interception attack is where someone gets in between you and what you are doing online. It is a bit like eavesdropping and the victim has no idea this is happening.

Question 67

Describe the process of a data interception/man in the middle (MITM) attack

Answer 67

-A Data Interception attack is where someone gets in between you and what you are doing online. It is a bit like eavesdropping and the victim has no idea this is happening.
-There are many different techniques for this.
-They commonly occur where there is a public Wi-Fi hotspot. -Attackers scan the router looking for a vulnerability such as a weak password. Sometimes they set up their own rogue Wi-Fi network, to entice users to connect.
-The victim connects to the Wi-Fi network and sends their message.
-What they don’t realise is that the criminal is intercepting it. The message can be read, copied or even changed before it is finally transmitted on to its destination.
-And the victim has no idea this has happened.

Question 68

Give one clue that suggests a data interception/man in the middle (MITM) attack is happening

Answer 68

Data interception attacks are hard to detect while they are happening. Clues include:

-Sudden, long page load delays
-URLs switching from HTTPS to HTTP

Question 69

Give two ways you can prevent a data interception/man in the middle (MITM) attack

Answer 69

Ways to prevent a data interception/man in the middle (MITM) attack:

-Using a Virtual Private Network (VPN)
-Using up-to-date antivirus software
-Being alert to phishing scams

Question 70

What is SQL short for?

Answer 70

SQL is short for Structured Query Language.

Question 71

What is SQL?

Answer 71

SQL is short for Structured Query Language. It is the programming language used to communicate with a database.

Question 72

What is an SQL injection?

Answer 72

An SQL injection is where an attacker enters malicious code into a web form.

Question 73

Describe the process of an SQL injection

Answer 73

-An SQL injection is where an attacker enters malicious code into a web form.
-If there are any vulnerabilities present, the SQL injection can bypass the authentication and verification process.
-The attacker now has access to the backend database and can copy all of the data. It can also add, modify or delete records.

Question 74

Give two methods to prevent an SQL injection attack

Answer 74

Methods to prevent an SQL injection attack:

-Update and patch software regularly
-Firewall - to filter out malicious data
-Data validation - check input data, e.g. that email addresses are in the correct format

Question 75

Give five ways that people are a weak point in a network

Answer 75

Many system vulnerabilities are caused by people being careless.
Ways people are a weak point in a network:

-Not installing operating system updates
-Not keeping anti-malware up to date
-Not locking doors to computer rooms
-Not logging off or locking their computer
-Leaving printouts on desks
-Writing passwords down on sticky notes attached to computers
-Sharing passwords
-Losing memory sticks/laptops
-Not applying security to wireless networks
-Not encrypting data

Question 76

Give four methods that can be used to protect a network

Answer 76

Methods that can be used to protect a network:

-Physical security
-Access control
-User security
-Firewalls
-Encryption
-Penetration testing
-Passwords

Question 77

What is a network policy?

Answer 77

A network policy is a formal document containing the rules and procedures that people must follow if they wish to use the network.

Question 78

What is a network policy designed to ensure?

Answer 78

It is designed to ensure that the network is protected from misuse and security breaches.

Question 79

Give one problem of not having a network policy

Answer 79

Problems of not having a network policy:

-Not having a policy increases the likelihood of network vulnerabilities, making an organisation more susceptible to an attack.
-It also increases the risk of non-recovery from an attack or disaster.

Question 80

What is physical security?

Answer 80

Physical security is preventing unauthorised persons from entering a building that contains network equipment, for example servers.

Question 81

Give three examples of physical security

Answer 81

Examples of physical security:

-Use of locked doors with keypad or biometric measures (fingerprint/iris scanners)
-Use of electronic swipe cards programmed with authorised user details
-CCTV
-Alarms
-Radio Frequency Identification (RFID) Chips
-Chains and locks on equipment

Question 82

What is user security?

Answer 82

User security is minimising the risk posed by people to the network, in an organisation.

Question 83

What is permissioning? What is it used for?

Answer 83

Permissioning assigns different levels of access to different groups of users.
Permissioning is used to control the files and folders a user can see and set files to be read only, etc.

Question 84

Give two ways to increase user security

Answer 84

Ways to increase user security:

-Prompt the use of secure login names and passwords
(Greater than 8 characters, contains a mixture of letters and numbers, contains a capital letter, contains a symbol)
-Regular changing of passwords
-Prevent re-use of the same passwords
-Not sharing passwords

Question 85

What is a firewall?

Answer 85

A firewall is software that protects against unauthorised access to a network, particularly the internet. It prevents internal and external unauthorised access.

Question 86

Describe the process of a firewall. What does it do?

Answer 86

A firewall isolates your computer from the internet using a “wall of code” that inspects each individual packet of data as it arrives at either side of the firewall – inbound to or outbound from your computer – to determine whether it should be allowed to pass or be blocked.
It compares the traffic to a criteria that has been set, and it blocks unauthorised traffic that doesn’t meet the requirements set.

Question 87

Give one problem with firewalls

Answer 87

Problems with firewalls:

-However, firewalls do not provide enough visibility into threats and risks on the network.
-Moreover, if it is not configured correctly then it can be oversensitive. It can block innocent or necessary websites from being used.

Question 88

What is encryption?

Answer 88

Encryption is the scrambling of data into a form that cannot be read by unauthorised personnel through the use of a key.

Question 89

What two things are used to encrypt data?

Answer 89

Data is encrypted using a cipher and a public key

Question 90

What is data decrypted with?

Answer 90

The data is decrypted using a private key

Question 91

Describe the process of encryption

Answer 91

-Encryption is the scrambling of data into a form that cannot be read by unauthorised personnel through the use of a key.
-Data is encrypted using a cipher and a public key
-The data is then decrypted using a private key

Question 92

What is encrypted text called?

Answer 92

Encrypted text is called cipher text

Question 93

What is unencrypted text called?

Answer 93

Unencrypted text is called plain text

Question 94

What is essential for sending data over a network securely?

Answer 94

Encryption is essential for sending data over a network securely.

Question 95

What is penetration testing?

Answer 95

Penetration testing is where a company hires someone to simulate an attack on a computer network or system to find vulnerabilities that an attacker could exploit

Question 96

Name two things that can be penetration tested

Answer 96

Penetration testing can be used on a computer system, network or web application to find vulnerabilities.

Question 97

What are the results of a penetration test used for?

Answer 97

The results of a penetration test are used to inform future network policies

Question 98

What can penetration testing be used to check:

Answer 98

Penetration testing can be used to check:

-The security awareness of employees
-The response to a security threat
-Vulnerabilities that an attacker could exploit.

Question 99

Give three things organisations should do, to keep networks secure

Answer 99

To keep networks secure, organisations should:

-Regularly test the network to find and fix security weaknesses and investigate problems if they happen.
-Use passwords to prevent unauthorised people from accessing the network.
-Enforce user access levels to limit the number of people with access to sensitive information.
-Install anti-malware and firewall software to prevent and destroy malicious software attacks.
-Encrypt sensitive data.

Question 100

What is shoulder surfing?

Answer 100

Shoulder surfing is where an attacker watches a person enter a password and uses it to access their account

Question 101

Summarise what malware can do

Answer 101

Malware can corrupt data on a computer system, such as files. It can replicate across the computer system, spreading when a user copies an infected file. Moreover, it can record keypresses and transmit it to a third party.

Question 102

What is anti-malware software?

Answer 102

Anti-malware software scans for viruses, spyware or malware.
The software compares data to a database of malware and alerts the user and requests action.
It quarantines viruses, spyware and malware and stops the download of them.

Question 103

What is anti-virus software?

Answer 103

Anti-virus software scans for viruses, spyware or malware.
The software compares data to a database of malware and alerts the user and requests action.
It quarantines viruses, spyware and malware and stops the download of them.

Question 104

What is anti-spyware software?

Answer 104

Anti-spyware software scans for spyware or keyloggers.
The software compares data to a database of spyware and alerts the user and requests action.
It quarantines or deletes spyware and stops the download of spyware or malware.