2.8 Data Security

Question 1

What are the key risks to files for most companies with an online presence?

Answer 1

Outside access and manipulation of files.
Unauthorised reading or copying of files.
Corruption of files.
Loss or deliberate deleting of files.

Question 2

What protection can be applied to files?

Answer 2

Levels of permitted access.
Passwords for access.
Write-protect mechanisms.

Question 3

What is Cryptography?

Answer 3

The act of scrambling a piece of plain text into cipher text so that it can’t be immediately understood. (Practically known as encryption)

Question 4

What is a Caesar Cypher?

Answer 4

The simplest and most well known form of encryption where each letter in the alphabet is shifted a certain number of places.

Question 5

What is Symmetric Encryption?

Answer 5

Where the process of decryption is the opposite process used to encrypt. These algorithms have one key which is needed at both ends of a transmission.

Question 6

What is an advantage and disadvantage of Symmetric Encryption?

Answer 6

Symmetric is best used for data on your own disks as its fast however, they are very easy for modern computers to crack.

Question 7

What is Asymmetric Encryption?

Answer 7

Algorithms which have two keys - a private and a public key. If someone knows the encryption key, they can encrypt information but they can’t decrypt it.

Question 8

What is an advantage and disadvantage of Asymmetric Encryption?

Answer 8

A shared secret key doesn’t have to be exchanged over an insecure medium such as the internet however, asymmetric keys are far slower to use and are not feasible for use in transmitting large amounts of data.

Question 9

What is a biometric device?

Answer 9

A device which adds security to a computer system which works with unique features of the human body.

Question 10

What are 5 examples of biometric security?

Answer 10

Fingerprint Recognition.
Iris Scanning.
Retina Scanning.
Facial Recognition.
Voiceprint Recognition.

Question 11

What are the key stages of deploying biometric security?

Answer 11

Captured.
Digitised.
Stored.
Compared.

Question 12

What are some examples of Facial Recognition being used?

Answer 12

Used by the police at football grounds to check for known trouble-makers.
City centre drunkenness patrols.
Shopping centre CCTV.
Airport Security.

Question 13

What are 4 examples of issues associated with the use of biometrics?

Answer 13

If innocent people’s faces are stored by the police that could cause privacy issues.
Physical/Eye damage from repeated flash photography.
Concerns around the use of personal data.
Criminals could gain access if original data capture was flawed.

Question 14

What 3 situations could prevent Voiceprint Recognition from working?

Answer 14

High background noise.
Cold/Sore Throat.
Recording and playing back of the original voice to gain unauthorised access.

Question 15

What are 3 advantages of the use of biometrics?

Answer 15

Biometrics are unique to a person.
Very difficult to copy, steal or imitate.
It is not possible to forget as you don’t have to remember a card or PIN.

Question 16

Why is disaster planning important for an organisation?

Answer 16

Many organisations could not survive if their system went down as their data is vital.
Planning is a must as all computer systems are liable to fail as you can’t always avoid fires/floods.

Question 17

What are 5 procedures that should be utilised for disaster planning?

Answer 17

Backups should be made.
Files should be archived off-site.
There should be an alternative system that can quickly replace the existing one.
Should be back-up power supplies.
Staff should be trained in recovery procedures.

Question 18

What are Black hat hackers?

Answer 18

Hackers which break into systems for their own purposes.
This could be for financial gain, testing their skills or for fun.

Question 19

What are White hat hackers?

Answer 19

Hackers which use their skills to break into a system to expose flaws and then advise on how they will be fixed.
They will work directly for a company, or hired by a company to perform penetration testing.

Question 20

What are Grey hat hackers?

Answer 20

White hat hackers who are not directly hired by a company but perform penetration testing anyway to expose flaws.
This is in hope to be hired by the company but more often than not they are prosecuted under the computer misuse act.

Question 21

What is Penetration Testing?

Answer 21

Done by all three types of hackers which involves breaking into a system and exploring vulnerabilities in the Operating System, application flaws, poorly configured systems and user behaviour.

Question 22

What are the 5 phases of Penetration Testing?

Answer 22

Reconnaissance.
Scanning.
Gaining Access.
Maintaining Access.
Clearing Tracks.

Question 23

What is Reconnaissance?

Answer 23

Collecting as much public data as possible. This could include the software in use, names of employees, IP addresses and other such data.

Question 24

What is the Scanning process in Penetration Testing?

Answer 24

The plan is to scan all available ports, find software versions, find out the addresses of all public computers and create a blueprint of the target.

Question 25

What do the final three stages of penetration testing involve?

Answer 25

The final stages involve changing passwords, creating back doors and changing logs.

Question 26

What is a Virus?

Answer 26

A software which will attempt to spread over the network by infecting emails, removable storage devices or known software vulnerabilities. The attack vector for a virus tends to be through emails or infected websites and once it is in play, other pieces of software are deployed which is known as the payload.

Question 27

What are Trojans?

Answer 27

Tricks users into downloading files which are hidden within programs. Once the Trojan is activated, the payload is delivered. The most common attack vector is getting users to download files or use illegal peer-to-peer networks.

Question 28

What is Spyware?

Answer 28

Spyware tracks key presses and software which is sent back to the hacker. Commonly used to commit identification fraud. The attack vector tends to be from other malicious software such as viruses.

Question 29

What is Scare-ware/Ransom-ware?

Answer 29

Software which tries to scare the user into buying fake or further malicious software. It will suggest that your system is compromised and only their software can fix it. The attack vector of Ransom-Ware is involved in the payload of a virus. Scare-Ware is used on compromised websites.

Question 30

What are Botnets?

Answer 30

They create a backdoor to your computer allowing a hacker to use it without your permission. The hacker then uses your computer as a part of a larger group of compromised users to launch further attacks, usually denial of service attacks. Tends to be in the payload of a virus.