Topic D - Protecting Data and Information Flashcards
Describe the process used by the system to authenticate passwords and allow access to the system? (4 Mark)
The system would verify the user to ensure that the access is only granted when the user that log in the system is authorised. Firstly, the student would input their username, then input their password into the system after that, the system will ask the student to input their password again just to double check and then lastly grant access to the system.
Access to the server room is restricted by a keypad entry system. A four-digit code is issued to authorised users on a weekly basis.
The college is considering changing to an ID card entry system.
Explain two ways in which an ID card entry system makes access to the server room more secure than a keypad entry system?
Because keypad digit number is four, this make it easier for the attacker to guess the code and gain access unauthorised whereas a ID card is unique and is not guessable.
Since the ID card would have the picture of the student and lanyard that the student would have to wear on site, this allow the college to identify the authorised users so in this case this make it impossible for the attackers to gain access to the server room as they won’t have a ID card and they would need to use a ID to even access the server room.
Discuss systems and procedures that the college and students could use to keep data on the network secure, when students access the network using their personal laptops? (8 Mark)
Procedures to prevent threats to storage data
Acceptable use of IT policies eg network wifi login
Up to date antivirus/ antimalware on college network and laptops
Ban/ encrypt USBs/ portable media
Firewall on the network
Health check for laptops
Regular backups
Procedures for preventing unauthorised access to the personal laptops
Password protection / multi-factor authentication on the laptop prevents unauthorised access
Physical methods to protect data stored on personal laptops
Physical access to laptops. Students must take responsibility for looking after the laptops, locked away overnight, never left anywhere others can access them
Procedures for preventing unauthorised access to the network via personal laptop
Set up appropriate access levels on network for staff/students
File permissions on network for staff/students
VPN
Describe how keeping the antivirus software up to date reduces the risks of viruses on the computer? (4 Mark)
A lot of new viruses are created everyday, meaning that antivirus software need to be updated so that it can identify the patterns in the viruses and terminate them. Databases are updated, where previously identified malware is recorded, this ensure that any malware that easily been identified avoid getting on the computer.
Anderson uses a username and password to restrict access to his laptop.
Describe one other method Anderson could use to restrict access to his laptop? (3 Mark)
Anderson can use physical access control to restrict access to ensure that unauthorised access is prevented, he can do this by locking the laptop in a safe in his home while he is travelling.
Describe how the features of anti-virus software will protect Anderson’s laptop against this threat? (4 Mark)
Anti-virus software monitors activity then compares activity against a database of definitions and then
analyses the behaviour of the suspicious program and then determines the nature of the threat.
Explain why websites use digital certificates? (3 Mark)
To verify that a company owns a website and that the information is genuine so that it can be trusted by the internet users.
Describe how verification and validation would be used to ensure the password entered is suitable. (4 Mark)
Verification
The password will be asked to be re entered and it will be entered twice ensure that they match.
Validation
The password will be checked against pre-set rules
to ensure that there is a mix of characters.
Explain what is meant by the term phishing? (3 Mark)
Phishing is a unauthorised attempt to gain personal information, by impersonating as a organisation that is trustworthy with the intention of committing fraudulent activity to gain money.
Describe one way a customer can reduce the risk from phishing? (2 Mark)
Use filtering settings in email which will block
the spam.
What is definition of a an encryption?
The conversion of data into an unreadable code known as ciphertext.
What is the reason of using Encryption to protect data?
The most effective form of security, as encrypted data cannot be read without the encryption key.
What is the 2 thing that you need to be aware of using Encryption to protecting data?
Encryption keys must be maintained and kept secure.
A lost key means the data is irretrievable.
What is the 2 types of Encryption?
Symmetric Encryption
Asymmetric Encryption
How does Asymmetric Encryption work?
Asymmetric Encryption uses two distinct, yet related keys. one key, the public key.