Year 9 topic 1 - Cyber Security

Question 1

What is data/information

Answer 1

Data - facts and figures
Information - created when data is given context

Question 2

Uk Law - Data Protection Act (2018)

Answer 2

Organisations must use data fairly, openly and accordance with law
For specific/stated reason
Only in way that is necessary and sufficient for purpose it was collected for
Which is accurate and up to date
Only for as long as needed
Protect data from loss damage and unauthorized access

Question 3

UK law - Data Protection Act (part 2)

Answer 3

You have the right to find out how data is being used
Access data that organisation has about you
Update data
Have data deleted
Stop organisation from processing your data
Transfer data to other organisation

Question 4

Profiling of data

Answer 4

User data is collected by businesses for profiling (data that helps business earn more profit)

Question 5

Computer Misuse Act (1990)

Answer 5

Makes illegal to:
Gain unauthorized access to computer material with intent to commit or facilitate other offences (up to 5 years in prison and an unlimited fine)
Gain unauthorized access to computer material (up to 2 years in prison and £5000 fine)
Impair the operation of a computer without the authorisation to do so (up to 10 years in prison and unlimited fine or, if it endangers national security, a life sentence)

Question 6

Social Engineering - Shouldering

Answer 6

When hacker gains information by physically viewing victim’s screen. Obvious example is looking over someone’s shoulder while they enter PIN number at bank

Question 7

Social Engineering - Phishing

Answer 7

When hacker uses fake emails/messages to trick people into sharing confidential information. These usually seem like their from a trustworthy company and are unexpected, contain spelling errors, are generic (not addressed to name) and contain suspicious links.

Question 8

Cyber security - blagging

Answer 8

The act of obtaining sensitive information through the use of a made-up story to gain an individual’s interest e.g. a person may receive an email from a friend telling them that they’re in trouble and asking them to send money. They usually use urgency, fear (e.g. all of your data will be deleted if you don’t …) requests for help and worry (e.g. your friends are in trouble)

Question 9

Unethical hackers

Answer 9

Gain unauthorized access to or control of computer to steal data, disrupt services, gain financially, for political reasons or for fun.

Question 10

Denial of Service Attack (DoS)

Answer 10

Done to stop other computer users being able to access a service being provided by server, causing:
-damage to a company’s reputation
-Harm to individuals e.g. bank users being unable to access money

Question 11

Ethical Hackers

Answer 11

Gain access to a computer system with permission from owner to help identify faults in computer systems. Some companies pay penetration testers to hack into their computers and tell them how to improve their computer systems. These are ethical hackers.

Question 12

Distributed Denial of Service Attack (DDoS)

Answer 12

Harder to prevent than a normal DoS attack because requests are coming from multiple sources (Hackers do this by creating fake internet traffic, overwhelming the target’s network)
Since requests come from different sources it is difficult to identify who is behind the attack.

Question 13

Script Kiddies

Answer 13

Gain access to computer systems using tools they download from the internet (lack expertise to write their own). They’re usually doing this for unethical reasons so can be considered a type of unethical hacker.

Question 14

Brute Force Attacks

Answer 14

A hacking method that uses trial and error to hack into computer systems. Hackers usually use hand-made computer programs to do this. Can be prevented if IT administrators:
-Limit number of login attempts
-Put a time delay between access attempts
-The use of CAPTCHA (are you a robot?) / 2 factor authentication.

Question 15

Malware

Answer 15

Malware (software that is designed to disrupt, damage or gain access to computer material) can be used to:
-Disable hardware
-Steal data
-Send email spam with malicious links
-Steal money
-Force advertise/false advertise

Question 16

Ransomware

Answer 16

A specific kind of virus that blocks access to a computer system until a payment is made. Ransom payment is usually demanded in a cryptocurrency which makes it harder to identify the attacker.

Question 17

Trojans

Answer 17

A disguised file that can be disguised as a game or film but is a actually a virus or other form of malware that can infect and spread itself over a computer network.

Question 18

Spyware

Answer 18

Software that automatically displays or downloads advertising material e.g. banners/pop-ups when a user is online. However, some more dangerous adware contains keyloggers that can be used to steal info such as passwords

Question 19

Adware

Answer 19

Software that displays infected adverts repeatedly, making a hacker money. Some more dangerous adware can be used to spread malware onto a another users machine.

Question 20

Worms

Answer 20

Type of malware that is capable of self-replication without the user needing to do anything. They can also replicate themselves over a network.

Question 21

Good Bots

Answer 21

Not all bots are bad - some are essential for the internet to function e.g. Google uses bots to find new and updated websites for search results. Bots are also used by online businesses to help customers e.g. chatbots and AI assistants.

Question 22

Bad Bots

Answer 22

Bots can be used by cyber criminals for criminal purposes such as performing DDoS attacks or cheating in games.

Question 23

Firewalls

Answer 23

Can be physical or virtual and can be used to stop malware from entering a network or to enforce network policies e.g. schools use them to block games.

Question 24

Anti-malware software

Answer 24

Works by checking files on computer against a list of malware definitions (sequences of code that are malicious). It’s important to update anti-malware software so that it has latest list of ‘definitions’.
If a file contains one of the definitions it will be quarantined from the rest of the files so that it can’t do harm.

Question 25

Passwords

Answer 25

Most common method of authentication. Password rules are usually enforced to help users choose good, strong passwords.
Other method instead of passwords include fingerprint of iris scanners and 2 Factor Authentication (where the user has to pass some other challenging goals as well as entering a password such as entering a code from a text message).

IM FINALLY DONE WRITING THESE THINGS!!!! FUTURE HENRY APPRECIATE THE WORK THAT WENT INTO THESE AND DON’T SKIP PAST THIS PART !!!
Yours sincerely,
Henry Davies (9R)

PS: ‘DON’T SKIP PAST THIS!!!’ - Henry Davies 19.10.24