6 - security, privacy and data integrity Flashcards

1
Q

how to prevent data loss / restrict access

A

user accounts
passwords
firewalls
antivirus software
antispyware software
encryption
biometrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

user accounts

A

authenticate a user - control access rights

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

passwords

A
  • should be hard to crack and changed frequently - run antispyware software - mix of cases, numbers, keyboard characters
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

firewalls

A

sits between the comp and a network and filters info in/ out - software or hardware or both
- Examines traffic
- Checks if data going in/out meets criteria
- Blocks traffic if it fails the criteria and warns of security issue
- Logs all incoming/ outgoing traffic
- Prevents access to undesirable sites (keeps a list of IPs)
- Helps prevent viruses/ hackers
- Warns the user if software is trying to access an external data source

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

antivirus software

A
  • Checks software before its opened on comp
  • Compares possible viruses against a database of known viruses
  • Carries out heuristic checking
  • Quarantines possible infected files
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

antispyware software

A
  • detects and removes spyware programs that have been illegally installed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

encryption

A
  • if a hacker accesses data without the encryption keys it cant decode the data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

biometrics

A
  • rely on unique human features eg fingerprints - compares ridges/valleys, retina scans - compare blood vessels in the retina
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

risks to data security

A

hacking
phishing
pharming
malware
- viruses
- worms
- logic bombs
- Trojan horses
- bots
- spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

malicious vs ethical hacking

A

Malicious hacking - illegal access to a comp system without users permission or knowledge - intent of deleting altering, corrupting files or to gain personal details
Ethical hacking - authorised by companies to check their security and how robust the system is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

virus

A
  • replicate themselves with the intent to delete or corrupt files causing malfunction
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

worm

A

can replicate themselves with the intent of spreading to other comps - use networks to find weak comps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

logic bomb

A

embedded in a program on a comp - when conditioned are met they are activated to delete files or send data to hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

trojan horses

A

disguised as legitimate software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

bots

A

Not always harmful- can search automatically for an item on the internet- can cause harm by taking control over a computer system and launching attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

spyware

A

gathers information by monitoring then sending it back to the hacker eg key presses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

phishing

A
  • Someone sends legitimate emails
  • May contain links
  • Take user to fake website
  • Trick user into entering personal data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

phishing - how to prevent

A

○ Make users aware of new scams
○ Don’t click unsafe links
○ Run anti-phishing toolbars on web browsers
○ Look for https in address
○ Check accounts and change passwords regularly
○ Keep browser security up to date
○ Block pop ups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

pharming

A
  • Malicious code on users comp / server - can be stored on HDD without the user knowing
  • Redirects the user to a fake website (without knowing- don’t take an action unlike phishing where they have to click)
  • The hacker can then gain personal data
  • Website appears to be trusted
20
Q

pharming - how to prevent

A

○ Antivirus software
○ Use browsers that alert to attacks
○ Check website URL spelling
○ Check for https

21
Q

data integrity

A

should be accurate consistent and up to data

22
Q

compromising data integrity

A

Can be compromised
- During data entry/ transmission
- By malicious attacks
- By accidental loss (hardware issues)
Mitigated by - validation and verification

23
Q

validation

A
  • check if data entered is reasonable and within a given criteria
    Eg type, range, format, length, presence, existence, limit check, consistency check, uniqueness check
24
Q

verification

A
  • way of preventing errors when data is entered manually
25
verification during entry
- Double entry - entered twice using 2 diff people + compared - Visual check - compared to original document - Check digits- additional digit added to a number eg barcodes/ VINs - ensures correct numbers have been entered
26
verification during transfer
- Checksums - Parity checks - ARQ - automatic repeat request
27
checksums
- Data is sent in blocks - An additional value (checksum) is sent at the end of the block
28
parity checks
- A byte of data is allocated a parity bit - Even parity - have an even no. 1s - Odd parity - have an odd no. 1s - Before transfer users agree on the type of parity (protocol) If the received data isn't the correct type an error has occurred - cant know which bit is the error but know there is one (can fix this by using parity blocks)
29
parity blocks
○ A block of data is sent and the no. 1s are totalled horizontally and vertically (a parity check is done in both directions) ○ So can identify there is an error and where the error is
30
AQR - automatic repeat request
- Uses acknowledgment (message to receiver to say its been sent) and timeout (interval to allow for acknowledgment) - When the receiving device detects an error- asks packet to be resent - If no error a positive acknowledgment will be sent - Sending device will resend ○ If receives a request to resend ○ A timeout occurred - Continuous until packet is correctly received or until the AQR limit is reached
31
data privacy
the privacy of personal info or other info stored on a comp that should not be accessed by unauthorised parites
32
data security
methods to prevent unauthorised access to data and to recover lost data
33
data protection laws
data must be - fairly and lawfully processed - can only be processed for stated purpose - adequate relevant and not excessive - accurate - not kept for longer than needed - processed in accordance with the data subjects rights - kept secure - not transferred to over countries without adequate protection
34
data recovery
- use back ups in case data is lost - save data regularly
35
type check
checks if non numeric data has been input into a numeric onyl field
36
range check
he is if data is in the right range
37
format check
checks if it’s in the agreed format eg dd/mm/yy
38
length check
checks where data has required number of characters
39
presence check
checks field is not empty
40
existence check
checks if data in a file/ a file name actually exists
41
limit check
checks one limit eg upper or lower
42
consistency check
checks whether data in 2 or more fields match
43
uniqueness check
checks that each value entered is unique
44
modulo-11
example of a check digit - each digit is giving a weighting 7-1 left to right - multiplied by weighting then added to make a total - total divided by 11 and remainder is subtracted from 11 - check digit in the value generated
45
how checksums work
- the sun of the bits / 256 - round down to nearest whole number - times by 256 - calc difference between this and the sum - this value is checksum