Forms of Attack

Question 1

What is Malware?

Answer 1

• It is malicious software that can harm devices
• Deleting/modifying files, scareware, locking files, spyware, Rootkits, opening backdoors

Question 2

How to stop Malware?

Answer 2

• Firewall
• Anti-virus
• Spam filter

Question 3

What is Phishing?

Answer 3

• Social engineering where criminals send emails or texts to people claiming to be from a well-known business (eg a bank or an online retailer)
• The email often contains links to spoof versions of a company’s website
• They then request the user to update their personal information
• When the user inputs this data, they hand it over to the criminal who can then access their genuine account

These emails are sent to thousands of people

Question 4

How can you stop Phishing?

Answer 4

• Many email programs, browsers and firewalls have anti-phishing features that will reduce the number of phishing emails recieved
• Poor grammar can also be spotted
• Staff training
• Disabling browser pop-ups

Question 5

What is a Brute Force Attack?

Answer 5

• A type of attack used to gain information by cracking passwords through trial and error
• It uses automatd softwre to produce hundreds of likely password combinations
• Hackers may try loads od passwords against one username

Question 6

How to prevent a Brute force Attack?

Answer 6

• Two-factor authentication
• Locking accounts after a number of password attempts
• Use strong passwords with a combination of numbers and symbols
• Progressive delays

Question 7

What is a Denial-Of-Service attack?

Answer 7

• Where a hacker tries to stop users from accessing a part of a network or a website
• This involves flooding the network with useless traffic making the network extremely slow or completely inaccessible

Question 8

How to prevent a Denial-Of-Service attack?

Answer 8

• Strong firewall
• Packet filters on routers
• Configuring the web server

Question 8

What is a Distributed Denial of Service?

Answer 8

A distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.

Question 9

What is Data Interception and Theft?

Answer 9

• Where hackers try to get access to sensitive information
• This could be done through a passive or active attack

Question 10

What is a SQL Injection?

Answer 10

Pieces of SQL typed into a website’s input box which then reveal sensetive information

Question 11

How to prevent Data interception and Theft?

Answer 11

• Encryption
• Firewall
• Staff training : Use of passwords, locking computers, logging off, physically locking areas with computers
• Investigating your own network for vunerabilities
• Antivirus, Anti-malware

Question 12

How to prevent SQL attacks?

Answer 12

• Validation on input boxes
• Penetration testing
• Setting database permissions

Question 13

Way of Preventing Attacks/Mitigating Risks

Answer 13

• Penetration testing
• Physical security
• Passwords
• User access levels (Controls which parts of a network different users can access)
• Anti-Malware
• Encryption

Question 14

What is Penetration testing?

Answer 14

• Employing specialists to stimulate potential attacks on the network
• Used to indentify possible weaknesses in a network’s security by trying to exploit them
• The results on the pentest are then reported back

Question 15

How can people be a weak point in a network?

Answer 15

• Not instaling OS updates
• Not installing anti-malware updates
• Not locking doors in computer rooms
• Not logging off or locking computers
• Leaving printouts on desk
• Writing passwords down
• Sharing passwords
• Not encrypting data
• Not applying security to wireless networks

Question 16

Physical Security on networks

Answer 16

• Locks and passcodes
• Surveillance equipment (cameras)

Question 17

What do firewalls do?

Answer 17

• Examines all data that enters or leaves a network and block any potential threats