Chapter 10: Cybersecurity

Question 1

What is accurate data?

Answer 1

Data that is true to the source. How close the data is to its true or accepted value

Question 2

What is correct data?

Answer 2

If the data is free from error

Question 3

If data is precise, what does this mean?

Answer 3

How close the data is to other sets of data

Question 4

What is authentic data?

Answer 4

If the data is from a trusted source

Question 5

If data is reasonable, what does this mean?

Answer 5

The data meets the expected range, values

Question 6

What is data mining?

Answer 6

Process of extracting and discovering patterns in large sets of data, to come to conclusions

Question 7

Give examples of accidental threats

Answer 7

1) Deletion of files without having a backup
2) Files saved in the wrong format, causing it to be lost or corrupt
3) Physical loss of hardware

Question 8

What are Event-based threats, give examples

Answer 8

Particular events that occur where the user has NO CONTROL over them, such as:

1) Failure of hardware, power failure, Software freezing all cause a file to be corrupt
2) Natural disasters -> significant loss of data

Question 9

What are deliberate threats?

Answer 9

Where unauthorised people try to gain access to an organisations information, and can be both from the inside and outside of an organisation.

Question 10

What is internet security?

Answer 10

Application of security measures based on a cost/benefit analysis, for instance a company can have a large range of security measures placed on it, but the cost of it will be very large

Question 11

Define protection

Answer 11

What can be done to prevent malicious attacks on the data within the organisation, AKA “front door”

Question 12

Define User Authentication

Answer 12

Process where a person who wishes to gain access to an information system provides satisfactory credentials to allow them to be confirmed

Question 13

What are the 3 categories of user authentication?

Answer 13

1) Ownership factors (what the user has)
- ID Card
- Phone

2) Knowledge factors (something the user knows)
- Password
- PIN
- Answer to a specific question

3) Inherence factors
- fingerprint
- biometrics

Question 14

What is defined as a “complex” password?

Answer 14

Consisting of:

1) At least 8 characters
2) A mix of numbers, letters and special case characters
3) Upper and Lowercase

Question 15

What is password entropy?

Answer 15

How easily a password can be “cracked”, which is why the length of a password is important.

Question 16

What is a dictionary attack?

Answer 16

Trying all the strings in a pre-arranged list, think “Dictionary”

Question 17

How can you prevent a dictionary attack?

Answer 17

By choosing a password that is not simple and common and isn’t found in any dictionary

Question 18

How do you encrypt data using hashing?

Answer 18

When a user enters their username and password, both are hashed using a key to produce a hashed value of each that is SIGNIFICANTLY different from the original.
This hashed value can be compared to the hashed valuethat is stored in the database

Question 19

What is the benefit of encrypting data using hashing, and how can hashing be bypassed?

Answer 19

The main benefit is the database only contains hashed values, however, if a hacker obtains the hashed database, they can take their time and brute force all the different hash table keys, or by using a rainbow table.

Question 20

What are rainbow tables?

Answer 20

List of all possible permutations of encrypted passwords, which are specific to a given hash table

Question 21

How do rainbow tables work?

Answer 21

Once a hacker gains access the password database, they can compare the rainbow table’s PRECOMPILED list of potential hashes to the hashed passwordsin the database

(Reverse engineering of the hash is applied to the username and password basically)

Question 22

What is salt and how does it prevent the use of rainbow tables?

Answer 22

Process of adding random data to each username and password before it is hashed, for instance making them longer means that they have a larger hashed value.

Rainbow tables have difficulties with salted hashes as they first need to figure out what was used + what salt was added

Question 23

What is honeypot intrusion detection?

Answer 23

A form of trap that is used to detect hacking attacks or collect information on malware that can be used to protect the information system against future attacks.

It can also collect evidence that can be used in any potential prosecution if the intruder is caught.

A honeypot is a server on the network which often doesn’t have much protection to lure the intruder to the network, thus a (trap)

Question 24

What are firewalls?

Answer 24

They are either software or hardware security devices that filter traffic (both incoming and outgoing) within a network based off a specific configuration (or a set of rules)

Question 25

How do firewalls work?

Answer 25

When the traffic passes through a firewall, it is inspected to see if it meets certain criteria.

1) if it does -> it is allowed through
2) if it doesn’t-> it is blocked

How is traffic filtered?

1) the type of network traffic
2) source address
3) attributes of the address

Question 26

Difference between client and network firewalls

Answer 26

Client firewalls are softwares that run on an end user’s computer, and only protect the computer on which it is running

Whereas network firewalls are installed ont he boundary between 2 networks and protect the whole organisation

Question 27

What is Malware?

Answer 27

Malicious Software. Basically desinged to steal data and cause damage to computers and computer systems, eg networks and servers.

Question 28

What are computer viruses?

Answer 28

A program which is designed to replicate itself and is often transmitted via unremovable secondary storage devices such as USB Thumb drives, and portable hard drives

Question 29

How do computer viruses operate?

Answer 29

When a file is executed, they will find other files to attach themselves on and infect before passing control to the original file

Some computer viruses attach themselves into RAM, so when the files are loaded, they get infected

Question 30

How do computer viruses avoid detection?

Answer 30

Some of the viruses include code that encrypts the virus so that the “signature” of the virus is different

Question 31

What are worms?

Answer 31

Unlike computer viruses, worms are programs that replicate itself for the sole purpose of consuming bandwith, which is the rate of transfer of data

Question 32

What are trojans?

Answer 32

They are viruses that are disguised as another software package that performs a different purpose

Question 33

What are the functions of a trojan?, and what does it not do well?

Answer 33

• It can install a “spambot”
• it can install software that allows the user of the trojan to get access to the infected computer
• install pop-up advertisements
• can turn computer into a zombie
• can delete files the same way a virus does

A trojan does not replicate itself well, as it relies on the user to download or distribute the program.

Question 34

What is a Distributed Denial of Service (DDOS) Attack?

Answer 34

A malicious attempt to disrupt the normal traffic of a targeted server/network by flooding it with an overload of traffic.

Question 35

How does a DDOS attack work?

Answer 35

Malware can establish zombies which can be used to send spam and are apart of a ‘botnet’. These zombies are instructed to send Internet protocol (IP) requests to a targeted web server. The sheer amount of requests is too much to handle.

Question 36

How can organisations stop a DDOS attack?

Answer 36

The only way is by changing your IP, which takes time. However, When you change ur IP, the hacker can just redirect the attack to the new IP Address.

Question 37

What is Spyware?

Answer 37

Type of malware which is concerned witht eh collection of information, often delivered as a payload, alongside a worm or a trojan

Question 38

What is Adware?

Answer 38

Subset of spyware, will display popup ads frequently, and these ads are a source of income for the owner

Question 39

What is a SQL?

Answer 39

Structured Query Language, designed to extract, add, delete or edit records in a database

Question 40

How does an SQL Injection work?

Answer 40

In a login system taking direct input from the user and placing it in a SQL command can be a concern, as the user has the ability to INJECT their own code into the query.

They can simply add an “or” statement, which makes the whole statement ALWAYS TRUE, such as fkrmgkmgrkw, “or” 1=1”.

This gives the user access to the entire database

Question 41

How do you protect from an SQL Injection?

Answer 41

Simply by validating the user input prior to inserting them into the SQL string as parameters, which prevents the users to directly write code into the input

Question 42

What is a Man in the middle attack?

Answer 42

Gaining access to a user’s data by inserting themselves in the middle of the communication that the user is having with the information system they are connected with (EAVESDROPPING)

Question 43

What is packet sniffing?

Answer 43

Gathering or collecting data that passes through a network by intercepting and reading it.

Question 44

How are unsecured public wireless connections a threat?

Answer 44

Public unsecured “open” connections may be sourced via a router which is protected by a firewall, you are not protected from the people closeby to you. Because data sent over an unsecured network is NOT ENCRYPTED, any data that you send or receive can be packet sniffed, or intercepted.

Question 45

How can you protect yourself from a Man in the middle attack?

Answer 45

1) Network discovery, by turning network discovery off, meaning that your computer will not be seen on the network

2) Disabling all means of sharing files and resources which are usually open by default

3) Using https instead of http when entering sensitive informationin sites, as https use an established encrypted connection to protect the data

4) Using ur own personal firewall

5) Connecting to a Virtual Private Network (VPN), as it is encrypted.

Question 46

Define Encryption?

Answer 46

Decoding information so that it is unreadable

Question 47

What is Symmetric Key Encryption?

Answer 47

The “plaintext” version of the data is encrypted using a “secret” key and then sent to the recipient who then needs to decrypt it using the same key. The problem with this is sending the secret key to the recipient without it being intercepted easily (securely)

Question 48

What is the benefit of using symmetric key encryption?

Answer 48

Good for sending a large amount of information

Question 49

What is Asymmetric key encryption?

Answer 49

Uses 2 keys, 1 public and 1 private key.

The public key can only be used to encrypt information

The private key can only be used to decrypt the information

Question 50

How does Asymmetric key encryption work?

Answer 50

1) If someone wants to send information to someone else, they must first request a copy of the public key

2) This enables them to encrypt the information and send it

3) When the information is received, the owner of the both the public and private key is able to decrypt the info using the private key

keep in mind that public keys can be sent to anyone who wishes to send information to you

But only you should have access to your private key

Question 51

What is the disadvantage of Asymmetric key encryption?

Answer 51

Works well but is not good for large amounts of information and is slow.

Question 52

What is Security Sockets Layer (SSL)?

Answer 52

Technology that keeps an internet connection secure, using encryption to protect the data being sent between 2 systems

Is a common application of ASYMMETRIC key encryption, which establishes a “handshake” between a web server and a web browser, by making sure that any data that is transferred impossible to read. TSL is just the more advanced version of SSL.