Systems - Security Risks Flashcards
What are the key aspects that The Computer Misuse Act (1990) recognises as offences.
Unauthorised access to computer material.
Unauthorised access with the intent to commit or facilitate crime.
Unauthorised modification of computer material
Making, supplying or obtaining anything which can be used in computer misuse offences.
What is tracking cookie and why does it present a risk?
Acookieis a small data file created when you access a website.
These can be used to store your personal preferences or log in details, so you don’t need to re-enter these details.
Tracking cookiestake this one step further. Your details are recorded and then transmitted back to the cookie’s author.
Explain the difference between a public key and a private key when securing the transmission of data
A public key is used to encrypt the personal data.
A private key is used to decrypt the personal data.
OR
Public key is known to all systems.
Private key to one system only.
SecureBell stores customer videos on a public cloud.
(i) State two reasons why SecureBell chooses to use a public cloud rather than a private cloud to store the videos.
Public cloud services can be easily increased or decreased to match current needs.
Can set up or easily expand capacity of public cloud storage without (Securebell) purchasing hardware.
Public cloud removes need forbackup/maintenance/
administration strategies (for SecureBell).
Public cloud has lower initial costs than private cloud.
(ii) Customers may have concerns about the security of video being stored on the public cloud.
State two precautions used to ensure security of data on public cloud storage.
Username and passwords to access public cloud.
Use of encryption.
Firewall.
Require use of digital certificate.
Describe a suitable backup schedule for a company. Your answer should include a description of the type of backup
Back up all data/(full back up) weekly/daily
Save changes since last full backup (differential)
daily/hourly
Saving changes since last back up of any type (incremental) daily/hourly
What are the strategies other than back up that could be used to protect against a loss of data.
Cloud Offline Off-site repository Distributed storage Mirror disk Full/incremental/differential Back up
Catherine runs CraftyBella, an online business promoting arts and crafts.
(a) Catherine is concerned that the business data stored on the public cloud is not secure.
Explain why this is not the case.
Public cloud does not mean open access
Password protected space is rented to public
Data may be encrypted
Data protected by firewall
What are the Symptoms of DOS attacks?
Slow performance
Inability to access
What are the effects of a DOS attack?
Genuine users can’t access resources
Business may not be able to operate
Reputational damage
Customers may choose competitor
What are the costs associated with a DOS attack?
LOST REVENUE: Each time a service or online shop cannot be contacted by users or customers they are losing a sale! Many businesses carry out most — or sometimes all — of their business activity via the web, so this can have a huge impact on income.
STAFF COSTS / COST OF REPAIRS: The labour costs of dealing with a DoS attack can be large. Specialist network engineers may be needed to recover crashed systems, put defences in place and try to stop an ongoing attack. The company may already employ these people, but will often rely on contracting in external help. This can be costly.
Users’ LOSS OF CONFIDENCE in the organisation
What are the 3 types of DOS attacks?
Bandwidth Consumption
Resources Starvation
Domain Name Service (DNS) Attacks
Describe Bandwidth Consumption
Flood of requests fills the connection up to their limit so no other requests can get through. The effect only lasts as long as the attack is maintained.
Describe Resources Starvation
Requests each use a little bit of other resources, like disk space, until the server runs out and is no longer able to function correctly.
Describe Domain Name Service (DNS) Attacks
Attacks-These attack the servers that route internet traffic so can impact on multiple websites. It can also lead to congestion and consumption of bandwidth\