1.4 Network Security

Question 1

Virus -

Answer 1

A malicious piece of software that infects other files. It can only replicate if the file is opened and run. A virus will replicate and infect other susceptible files, but requires human computer users to spread them from computer to computer.

Question 2

Worm -

Answer 2

A complete standalone piece of malicious software that can spread by itself without any human interaction.

Question 3

Trojan -

Answer 3

A piece of malicious software that tricks users into downloading by making it look like it is something useful.

Question 4

Denial of Service (Dos) attack -

Answer 4

Any attack on a system that denies you (and others) of a service.

Question 5

Distributed Denial of Service (DDoS) attack -

Answer 5

Infecting hundreds or thousands of computers with Trojans that can all be triggered at once to send a flood of IP data packets to a server and overwhelm it and crash

Question 6

Brute Force attack -

Answer 6

Guessing thousands (or millions or even billions!) of password combinations until they crack the password. This is sometimes called a “dictionary attack” because it goes through all the words of the dictionary first.

Question 7

Phishing –

Answer 7

emails sent to numerous email addresses in the hope that some of the recipients will fool for the scam.

Question 8

Social Engineering -

Answer 8

Any method that hackers use to trick PEOPLE into either downloading malicious software or giving out personal information. Phishing is a form of social engineering.

Question 9

SQL Injection -

Answer 9

when a hacker types SQL code into the input box of a form and submits it. The SQL code could allow a hacker to view usernames and passwords stored in a database.

Question 10

Data interception and theft -

Answer 10

Cyber criminals (hackers) can intercept data as it is travelling across the Internet.

Question 11

Poor network policies -

Answer 11

Network policies are rules that users must stick to when using a network (e.g. password length and rules on email use). Poor network policies make a network more vulnerable

Question 12

Penetration testing -

Answer 12

when companies pay professional hackers to hack into their systems and find vulnerabilities. Any vulnerabilities (security weaknesses/holes) must be reported by the hacker.

Question 13

Network forensics -

Answer 13

monitoring a network and capturing network traffic (data packets) and alerting the administrator to any issues.

Question 14

Firewall

Answer 14

blocks unwanted access to the network from the Internet. Firewalls inspect incoming data packets to see if they are legitimate.

Question 15

Network Policies -

Answer 15

rules and guidelines on what users can and can’t do as well as the software to implement these rules.

Question 16

User Access Policy –

Answer 16

Making sure all users have accounts with usernames and passwords.

Question 17

Acceptable Use Policy

Answer 17

Making sure users use the network appropriately and for example don’t access personal email accounts that might result in viruses being downloaded.

Question 18

Backup and Recovery Policy –

Answer 18

What happens in the event of a disaster

Question 19

Anti-Malware software -

Answer 19

scans a computer system and alerts to any malware.

Question 20

Encryption -

Answer 20

scrambling data so that only the intended recipient can understand it. Anyone that tries to steal the data will not be able to read it unless they have a key.

Question 21

Physical Security Methods

Answer 21

CCTV, Security Guards