1.4 Network security

Question 1

What are the 4 forms of attack on networks?

Answer 1

insider attack
passive attack
active attack
social engineering

Question 2

What is an active attack?

Answer 2

When someone uses malware or other technical methods to compromise a network’s security

Question 3

What is a passive attack?

Answer 3

When an attacker eavesdrops on a network by ‘sniffing’ the data packets

Question 4

What is an insider attack?

Answer 4

When someone in an organisation gives away access details or sensitive information

Question 5

What is social engineering?

Answer 5

When a person is exploited into giving away critical information that gives access to the network or accounts

Question 6

What is penetration testing?

Answer 6

A controlled attack on a network used to find vulnerabilities in a network’s security

Question 7

What will a good penetration test check?

Answer 7

Likelihood of social engineering
Technical vulnerabilities
a test of damage recovery

Question 8

What is malware?

Answer 8

Any kind of malicious software that is installed without your knowledge or consent

Question 9

How does a worm differ from a virus

Answer 9

A virus has a host program whereas a worm spreads without a host program

Question 10

What are Trojan horses?

Answer 10

Any form of malware that tricks a user into installing it by pretending to be a different program

Question 11

What does ransomware do?

Answer 11

Encrypts files on an infected system and only decrypts files once a payment has been made to the hacker

Question 12

What does Spyware, Rootkits and Backdoors do?

Answer 12

Spyware: gathers information about a user by tracking their activity

Rootkits: modifies the computer’s operating system to avoid detection by antivirus software

Backdoors: Opens up an access channel to a computer that other malware can use to take control of the machine

Question 13

What are three ways that malware can spread?

Answer 13

(self) replication
installations
attachments

Question 14

What are ways we can defend social engineering?

Answer 14

Education and training

Company security policies

Public awareness campaigns

Question 15

1) what is phishing?

2) what are ways to protect against phishing?

Answer 15

1) common form of social engineering which uses fake emails and websites to trick uses into giving away sensitive details.

2) Confirming the sender’s email address, looking through the email’s SPAG, never clicking on links that ask you to enter details.

Question 16

What are 2 common active attacks?

Answer 16

Cracking passwords

Denial of service (DoS) attacks

Question 17

How does a Distributed Denial Of Service (DDoS) attack work?

Answer 17

lots of requests sent from a botnet to try and prevent a network from functioning

Question 18

What is a “botnet”?

Answer 18

An army of compromised machines