U9 - NETWORK SECURITY

Question 1

RISKS TO DATA

Answer 1

HUMAN ERROR
HACKING
VIRUSES
TECHNICAL BREAKDOWNS
INTERCEPTION
OLD DEVICES
PHYSICAL THEFT

Question 2

INTERCEPTION

Answer 2

Data can be intercepted and altered when sent across a network
PACKET SNIFFING is when packets sent across a network are monitored

Question 3

DISCARDED COMPONENTS

Answer 3

Old devices can contain data unless FACTORY RESET or SIM REMOVED

Question 4

HACKING

Answer 4

Gaining unauthorised access to a computer system
White / Grey / Black Hat hacking

Question 5

THREE WAYS OF BEING SECURE BY DESIGN

Answer 5

Buffer Overflow
Too many permissions
Parameters in functions with no validation

Question 6

BUFFER OVERFLOW

Answer 6

When a program tries to store more data in a buffer than was intended.
Can occur intentionally in a buffer overflow attack
Can be combatted by BOUNDS TESTING, ensures data enteredis within acceptable limits

Question 7

TOO MANY PERMISSIONS

Answer 7

Too many users have access to sensitive files. Constantly reviewing permissions

Question 8

PARAMETERS IN FUNCTIONS WITH NO VALIDATION

Answer 8

Malicious code can be embedded within input bars on webpages.
This occurs when code is entered into functions with no validation.
Vaildation ensures data is as expected.

Question 9

NAME THE THREE WAYS OF PROTECTING DATA

Answer 9

ACCESS LEVELS
PASSWORDS
ENCRYPTION (XOR)

Question 10

ACCESS LEVELS

Answer 10

Not all users have access to all data
Only relevant parties have read/write access to files to minimise security risk

Question 11

PASSWORDS

Answer 11

Passwords should be strong
Containing various different character types
Weak passwords are easier to brute force
No birthdays or names

Question 12

ENCRYPTION

Answer 12

Data should be SCRAMBLED before being sent across a network
CYPHERTEXT cannot be understood without an ENCRYPTION KEY
XOR encryption - XOR the data with the data key to scramble

Question 13

TWO WAYS TO IDENTIFY VULNERABILITIES

Answer 13

FOOTPRINTING
PENETRATION TESTING

Question 14

FOOTPRINTING

Answer 14

Checking what information is available about a company and its servers online
Helps to remove and identify infromation that can aid hackers exploit there target

Question 15

PENETRATION TESTING

Answer 15

A form of ethical hacking
A system breach is attempted in order to highlight security flaws
This means the vulnerabilties can be removed before a hacker exploits them

Question 16

NAME 5 FORMS OF CYBER ATTACK

Answer 16

SQL INJECTION
DoS ATTACK
BRUTE FORCE ATTACK
IP SPOOFING
SOCIAL ENGINEERING

Question 17

SQL INJECTION

Answer 17

Structured Query Language
Malicious code is injected into search bars/ forms to compromise the security of information

Question 18

DoS ATTACK

Answer 18

Denial of Service Attack
Flooding the network with meaningless requests in order to make it crash

Question 19

BRUTE FORCE ATTACK

Answer 19

Working through all the possible combinations in order to crack a password

Question 20

IP SPOOFING

Answer 20

Changing the IP of a legitimate website so that if a user types in the address they are taken to a fake webpage where the hacker can steal sensitive information.

Question 21

SOCIAL ENGINEERING

Answer 21

Phishing is a form of social engineering
Using people as the vulnerability
Manipulating people into giving away sensitive information

Question 22

NAME 4 TYPES OF MALWARE

Answer 22

VIRUSES
WORMS
TROJANS
KEYLOGGERS & SPYWARE

Question 23

VIRUSES

Answer 23

Programs that can REPLICATE themselves abd spread across a system
Must attach itself to a HOST FILE

Question 24

WORMS

Answer 24

SELF-REPLICATING programs that identify vulnerabilities in the OS
Enable REMOTE CONTROL of the infected computer

Question 25

SPYWARE & KEYLOGGERS

Answer 25

Spyware is accidentally downloaded and then COLLECTS DATA without the user’s knowledge
Keyloggers record key strokes to log passwords and account numbers

Question 26

TROJANS

Answer 26

Programs that appear legitimate but provide a backdoor for hackers to steal data from

Question 27

NAME 4 WAYS OF KEEPING A NETWORK SECURE

Answer 27

TWO-FACTOR AUTHENTICATION
UP TO DATE SOFTWARE
ANTIVIRUS
FIREWALLS

Question 28

TWO-FACTOR AUTHENTICATION

Answer 28

An extra securtiy measure
The user is required to identify themselves twice
i.e. a code sent to an email address

Question 29

UP TO DATE SOFTWARE

Answer 29

Having the latest OS means the best security
Updates remove vulnerabilities

Question 30

FIREWALLS

Answer 30

A firewall is software that monitors outgoing and inbound network traffic. Data packets are analysed for malicious code before being allowed onto the network

Question 31

ANTIVIRUS SOFTWARE

Answer 31

Scans data on the network flagging potential threats
Anti-virus software automatically scans and deletes malicious software
Antivirus needs to be routinely updated against new security threats

Question 32

COOKIES

Answer 32

Small pieces of data given by a website and stored on the user’s device
Used to identify a user and give personalised webpages, targeted ads and automatic login
Used to track visitors to a webpage
Tracking cookies can reveal search history privacy breach

Question 33

ACCEPTABLE USE POLICY

Answer 33

Terms which an employee must adhere to when on a company computer system
i.e. no obscene material, no gambling, malicious activity

Question 34

DISASTER RECOVERY POLICY

Answer 34

Policies set out in the event of a catastrophic data loss
Details where backups can be found, how employees should work in the meantime, steps to recover data