Systems - Security Risks Flashcards

1
Q

What are the key aspects that The Computer Misuse Act (1990) recognises as offences.

A

Unauthorised access to computer material.

Unauthorised access with the intent to commit or facilitate crime.

Unauthorised modification of computer material

Making, supplying or obtaining anything which can be used in computer misuse offences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is tracking cookie and why does it present a risk?

A

Acookieis a small data file created when you access a website.

These can be used to store your personal preferences or log in details, so you don’t need to re-enter these details.

Tracking cookiestake this one step further. Your details are recorded and then transmitted back to the cookie’s author.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Explain the difference between a public key and a private key when securing the transmission of data

A

 A public key is used to encrypt the personal data.
 A private key is used to decrypt the personal data.
OR
 Public key is known to all systems.
 Private key to one system only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SecureBell stores customer videos on a public cloud.

(i) State two reasons why SecureBell chooses to use a public cloud rather than a private cloud to store the videos.

A

 Public cloud services can be easily increased or decreased to match current needs.
 Can set up or easily expand capacity of public cloud storage without (Securebell) purchasing hardware.
 Public cloud removes need forbackup/maintenance/
administration strategies (for SecureBell).
 Public cloud has lower initial costs than private cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

(ii) Customers may have concerns about the security of video being stored on the public cloud.
State two precautions used to ensure security of data on public cloud storage.

A

 Username and passwords to access public cloud.
 Use of encryption.
 Firewall.
 Require use of digital certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe a suitable backup schedule for a company. Your answer should include a description of the type of backup

A

 Back up all data/(full back up) weekly/daily
 Save changes since last full backup (differential)
daily/hourly
 Saving changes since last back up of any type (incremental) daily/hourly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the strategies other than back up that could be used to protect against a loss of data.

A
Cloud
Offline
Off-site repository
Distributed storage
Mirror disk
Full/incremental/differential Back up
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Catherine runs CraftyBella, an online business promoting arts and crafts.
(a) Catherine is concerned that the business data stored on the public cloud is not secure.
Explain why this is not the case.

A

 Public cloud does not mean open access
 Password protected space is rented to public
 Data may be encrypted
 Data protected by firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the Symptoms of DOS attacks?

A

Slow performance

Inability to access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the effects of a DOS attack?

A

Genuine users can’t access resources
Business may not be able to operate
Reputational damage
Customers may choose competitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the costs associated with a DOS attack?

A

LOST REVENUE: Each time a service or online shop cannot be contacted by users or customers they are losing a sale! Many businesses carry out most — or sometimes all — of their business activity via the web, so this can have a huge impact on income.

STAFF COSTS / COST OF REPAIRS: The labour costs of dealing with a DoS attack can be large. Specialist network engineers may be needed to recover crashed systems, put defences in place and try to stop an ongoing attack. The company may already employ these people, but will often rely on contracting in external help. This can be costly.

Users’ LOSS OF CONFIDENCE in the organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 3 types of DOS attacks?

A

Bandwidth Consumption
Resources Starvation
Domain Name Service (DNS) Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe Bandwidth Consumption

A

Flood of requests fills the connection up to their limit so no other requests can get through. The effect only lasts as long as the attack is maintained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe Resources Starvation

A

Requests each use a little bit of other resources, like disk space, until the server runs out and is no longer able to function correctly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe Domain Name Service (DNS) Attacks

A

Attacks-These attack the servers that route internet traffic so can impact on multiple websites. It can also lead to congestion and consumption of bandwidth\

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe the process of encryption

A

Encryption takes place in many situations where data is being transmitted over an internet connection.

Encryption is the process of encoding data, using encryption keys.

The encrypted data can only opened by someone who has the key.

17
Q

What’s a digital certificate?

A

Digital Certificates are the attachment to an electronic message used for security purposes

A certificate is used to verify that a user sending a message is who they claim to be and to bind their public key to them.

A digital certificate becomes the equivalent of an electronic passport. It allows individuals or companies to feel secure in exchanging information as they each know the identity of the other party. A digital certificate is exceptionally hard to forge and can be trusted as it will have been issued by a trusted agency.

18
Q

What’s a digital signature?

A

A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and to ensure that the original content of the message or document has not been tampered with.

Digital signatures are easily transportable, cannot be forged by someone else, and can be automatically time stamped.

19
Q

What are the 2 types of encryption?

A

Symmetric and asymmetric encryptions

20
Q

What’s symmetric encryption and how does it work?

A

The simplest form of encryption
Data is encrypted using a secret key and an encryption algorithm
Both sender and receiver need a copy of the secret key

Data is encrypted with the secret key to produce ciphertext
The ciphertext is transmitted over the insecure channel
The receiver applies the secret key using the decryption algorithm which retrieves the original data

21
Q

What are the main benefits of symmetric encryption? (2)

A

Simple and fast to implement

22
Q

What are the main drawbacks of symmetric encryption? (2)

A

Difficult to manage the exchange of the secret key over an insecure channel

23
Q

What are the 3 types of asymmetrical encryption?

A

Public and Private keys
Digital Certificates
Digital signatures