Unit Revision

Question 1

What are 4 ways internal threats can happen?

Answer 1

Employee sabotage/theft (of data or machinery)

unauthorised access (into server rooms or other restricted areas)

weak cybersecurity measures (by the company)

accidental loss or disclosure of data (laptop lost on train, shoulder surfers etc)

Question 2

what are 4 ways external threats can happen?

Answer 2

Malicious software (malware)

Hackers

Sabotage

Social engineering (manipulation of people)

Question 3

what types of malware are there, and what do thy do?

Answer 3

Spyware/keyloggers: log inputs made by the user and sends it off, can be used to steal sensitive info.

Adware: displays unwanted adverts (often leading to more malware) (gives advertiser money)

Ransomware: encrypts everything on the hard drive and demand money for the decryption key, usually in bitcoin as it is harder to trace.

Viruses: infect files to delete, alter or corrupt them, spreads through manual intervention (user has to run the program)

worm: like a virus, but spreads via a network.
rootkits: provide unwanted admin access, often removing antivirus to allow more malware in.

Trojans: Malware that is hidden in a seemingly good program.

P.U.P: a Potentially Unwanted Program (it is a legitimate program, but some of it’s code is controversial.)

Question 4

what is a zero-day attack?

Answer 4

Often, companies roll out patches on certain days of the week. Hackers use this time to know what system vulnerabilities are and target them immediately, which is why you update programs as soon as the patch rolls out.

Question 5

what is social engineering?

Answer 5

Social engineering is when you deceive somebody into giving out information.

the most common form of Social engineering is Phishing, pretending to be someone you are not, E.G a bank asking you to “verify email and password”

Question 6

how can you spot phishing emails?

Answer 6

These emails are often very poorly crafted, with spelling mistakes here and there, and the URL is often very incorrect. ALWAYS HOVER OVER THE URL TO SEE WHAT IT IS.

Most banks have a special codeword that you and the bank agree on to show above the website or email, to verify it is them or tell you something about yourself that only you will know that is between you and the bank.

If in doubt, you can always ask the company if they sent out that email, and if they didn’t, report it as a phishing email.

Question 7

there are 4 types of loss after a cyber attack, what are they?

Answer 7

Operational loss: people can lose time whilst repairing the damage.

Financial loss: The company could lose money (there and then, and over time)

Reputation loss: The community will trust them less because they cant keep their credentials safe.

Intellectual property loss: original ideas could be lost or stolen by rival companies.

Question 8

which organisation posts weekly updates on a threat landscape?

Answer 8

national cyber security centre.

Question 9

ports are not naturally safe and secure, so what happens to prevent unwanted connections when a port isn’t in use?

Answer 9

The port is closed.

Question 10

what are ways malware can get into a system?

Answer 10

external storage devices may have malware on them. (and often run automatically)

if complete access is given to a user, they can cause massive damage.

illegal software may have malware with them, and don’t get updates, so patches are not rolled out, and more malware can get in.

Question 11

what year was the general data protection regulations act made and what is it?

Answer 11

1998 (updated in UK in 2018 to be DPA)

contains principles companies must follow when handling data, and issues fines if the are not met.

Question 12

what year was the computer misuse act made and what is it?

Answer 12

1990

protects users of the theft of and/or damage of info on IT systems, and issues fines and/or jail time.

Expanded upon with the “police and justice act”(2006) which includes DDOS attacks and making or supplying anything that is against the CMA.

Question 13

what year was the telecommunications regulation made and what is it?

Answer 13

2000

Allow companies to monitor what employees do on their network and systems.

Question 14

what year was the Fraud act made and what is it?

Answer 14

2006

means fraud by failure to disclose information, by false representation (lying who you are) or abuse of power can end in a 10 year sentence.

Question 15

what year was the health and safety at work act made and what is it?

Answer 15

1974

a set of rules both employers and employees follow to ensure a safe workplace.

Question 16

what is a way to prevent or audit physical access to a restricted room?

Answer 16

Security locks (biometric scanners, ID card scanners etc) a mantrap, CCTV, security staff, alarms, protected cabinets.

Question 17

why should we backup data?

Answer 17

In case of an emergency, we can get the data back.

Question 18

what is the “son, father, grandfather” method of backing up?

Answer 18

every day, you make a partial “son” backup, containing only what was changed last.

every week, you create a “father” backup, containing everything for the week (to be used in case a son backup fails)

every month, you create a “grandfather” backup containing everything. (in case a father backup fails)

the system uses FIFO (first in first out) when replacing backups of the same type (son, father, grandfather)

Question 19

where can you store backups?

Answer 19

you can store them off-site, on an external hard drive or on the cloud.

these are preferred over on-site backups, as the same attack used on the original data could harm the backups.

Question 20

what is the role of anti-virus?

Answer 20

anti-virus is there to remover pre-existing malware from the system, and to prevent any new malware from entering.

Question 21

what is signature based detection?

Answer 21

Signature base detection uses the hash (short version of a piece of code) of the program and checks it to the anti-virus’ database to see if it is suspected malware or not.

Question 22

what is heuristic analysis?

Answer 22

heuristic analysis monitors the behaviour of a suspected virus and flags the program up if it has any red flags.

Question 23

once a virus is seen, what 3 options does the user have?

Answer 23

clean: remove the harmful code from the program.
quarantine: move the program into a sandbox and let it run in a safe environment away from the network or system.
delete: remove it from the system.

Question 24

what does a firewall do?

Answer 24

monitors incoming and outgoing packets and prevents any suspicious communications.

Question 25

what is packet filtering?

Answer 25

where each packet is put through pre defined rules, and if a rule is broken, it isn’t allowed to enter the network or system.

Question 26

we can accept, deny and drop packets or requests, what do these mean?

Answer 26

accept: let the packet or connection in.
deny: do not let the packet or connection in and tell them why.
drop: do not let the packet or connection in, and don’t send a reason.

drop is arguably safer than deny, as it doesn’t tell hackers that the server is still active, however if someone legitimate tried to get in, they would also think the server is gone too.

Question 27

what is network address translation used for?

Answer 27

To hide our device’s address from the outside world.