more chp 5

Question 1

HTTP or HTTPS

Answer 1

a set of rules that must be obeyed while transferring anything over the internet. The S stands for secure (using TLS or SSL eg)

Question 2

web browsers

Answer 2

software that let people access and display web pages on their device screens. Translate the HTML and show the result

Question 3

what features do web browsers have

Answer 3

1) home page
2) bookmarks (store fav websites)
3) user history
4) user can navigate forwards and backward
5) many pages can be opened at the same time
6) make use of cookies
7) hyperlinks - points to another location
8) data is stored as a cache (temporary store)
9) Javascript
10) address bar

Question 4

retrieval and location of web pages

Answer 4

1) to retrieve pages from a website –> you need IP address
2) DNS (domain name server, actually more than one server) is a system for finding IP addresses from a domain name in a URL (user doesn’t need to memorise)
3) converts domain name into IP address so comp can understand (202380 20384 blah blah blah)

Question 5

cookies basic

Answer 5

small files or code stored on a users computer, sent by a web server to a browser. Small look-up table containing (key, data) pairs. Every time a user visits a website, checks if it already has cookies. Allow user tracking and maintain user preferences

Question 6

Session cookies

Answer 6

no expiry date, stored on the computer’s temporary memory. It doesn’t collect personal data, so they cease to exist once the browser is closed or the website session is terminated. (eg virtual shopping basket)

Question 7

Persistent cookies

Answer 7

They remember a user’s personal data, stored on the hard drive until it expires or is deleted. user has to agree to terms - removes the need to log in every time. some countries have laws to deactivate after 6 months. very efficient, don’t need to store a lot of data on the web browser. (targets users specific preferences)

Question 8

what is digital currency?

Answer 8

purely digital, it has no physical form. it can be transferred between accounts. Eg paypal or apple pay, exists digitally but can be made into a physical format when needed.

Question 9

central banking system

Answer 9

digital currency relies on a central banking system
eg nick –> bank x –> central bank –> bank y –> alex

Question 10

problem with centralisation

Answer 10

confidentiality and security

Question 11

cryptocurrency

Answer 11

uses cryptography to track transactions (decentralization)
most digital currencies are regulated by central banks and governments, but crypto has no state control, and all the rules are set by the community itself)
everything is publicly available, so all transactions can be tracked and the amount of money in the system is monitored
within a blockchain network

Question 12

explain blockchaining to me love

Answer 12

decentralised database –> interconnected network of computers, but they arent all connected to a central server. All the transaction data is stored on ALL the computers. whenever a new transaction takes place, a copy is sent to all computers, so a change can’t be made without EVERYOEN saying yes maam

Question 13

where is blockchain used? name 5

Answer 13

crypto, smart contracts, research, politics, education

Question 14

how does it work babe?

Answer 14

whenever a new transaction takes place, a new block and a new hash value is created. the hash value is unique and contains a timestamp. genesis block = (block 1).
Now, all the blocks are connected as they store their hash, and the hash of the next block. This way, if they change their hash, the next block will become invalid.

Question 15

why is this whole block chaining thing good

Answer 15

it prevents tampering, also uses proof-of work

Question 16

whats proof of work

Answer 16

takes 10 min to determine necessary proof before adding a new block

Question 17

miners

Answer 17

special network users who get a commission for every block created

Question 18

8 cyber security threats

Answer 18

pharming, phishing, brute force, data interception, ddos, hacking, malware, social engineering

Question 19

brute force attacks

Answer 19

if a hacker wants to crack ur password, they can try every possible combination. one way to reduce steps –> go through it logically. most common first, then use a word list

Question 20

data interception

Answer 20

stealing data by ‘tapping’ into a communication link
packet sniffer –> examines data being sent over a network.

wireless - access point mapping or wardriving, data is intercepted using a laptop/smartphone, antenna and GPS device, outside somones home

wired equivalency privacy WEP encryption with a firewall

Question 21

DDoS

Answer 21

disributed denial of service - prevent users from accessing a part of a network.

usually temporary but can be a very big breach of security
one method is flooding with spam emails etc, cant properly service a legitimate request.

Question 22

hacking

Answer 22

gaining illegal access to a computer system, identity theft, gain of personal information
data can be deleted, corrupted, passed on
can be controlled by firewalls, usernames, strong passwords that are often changed
ethical hacking –> companies pay hackers to check hwo strong their security is

Question 23

phishing

Answer 23

criminal sends out legitimate-looking emails to users, can bring to a different link or enter personal information.

Question 24

spear fishing

Answer 24

targets specific individuals for financial information or industrial espionage

Question 25

DNS cache poisoning

Answer 25

changes legit IP address to fake ones

Question 26

social engineering (explain 5 types)

Answer 26

creates a social situation where victim drops their guard instant messaging - malicious links embedded into instant messages (eg software update!!!!) scareware - claims user is infected w virus email/phishing scams - tricks users into thinking it is a genuine email baiting - leaves infected stick somewhere phonecall - claims user is infected, follow these steps to download anTi-MalWaRe uses fear, curiosity, empathy and trust

Question 27

access levels

Answer 27

different people have different levels of access - whos allowed to read, write, delete even social media (close friends, public etc)

Question 28

anti-spyware

Answer 28

detects and removes spyware, prevents user from downloading, encrypt information, encrypt key strokes, scans for signs that information has been stolen, blocks access to camera and mic uses RULES --> looks for typical features FILE STRUCTURES --> there are certain file structures associated with spyware

Question 29

Authentication

Answer 29

three factors - something you know, something you have, something that is unique to u

Question 30

Passwords and usernames

Answer 30

something you know should be strong and changed frequently how to protect --> run anti-spyware software so the passwords arent being relayed back usually only allowed to be typed in a finite number of times username needs to math up --> more security

Question 31

biometrics

Answer 31

rely on certain unique characteristics of a human fingerprint, voice, retina, face

Question 32

fingerprint scans

Answer 32

compared to previously stored prints on a database compares patterns of ridges and valleys cant be stolen or lost, unique but expensive, injuries

Question 33

retina scans

Answer 33

scans pattern of blood vessels in the retina uncomfortable

Question 34

two step verification

Answer 34

two methods of verification needed, usually used for online purchases PIN (one -time passcode) sent to user in another device/email

Question 35

Automatic software updates

Answer 35

make sure software is kept up to date vital --> they contain patches (protect against malware) or updates (fix bugs and other issues) they can disrupt your device

Question 36

checking spelling and tone of communication and URL links

Answer 36

check spelling, tone, email address, wrongly spelled domain names (typo squatting), whatever floats your boat

Question 37

firewall

Answer 37

software or hardware sits between the user and the external network filters info in and out of the computer (checks whether it meets the criteria), logs data user can decide whether to allow communication, and can warn users primary defence but, cant stop a user using hardware to overcome, or employee carelessness or misconduct

Question 38

proxy server

Answer 38

intermediate between user and web server filters information, keeps IP secret, can block requests from certain IPs, attack hits proxy server instead, has a cache, which improves speed (proxy cache can store web page or something), can also be a firewall

Question 39

privacy settings

Answer 39

controls available on web browsers, limit who can access a users personal profile eg. do not track settingg, need to reenter info while tracking a purchase, privacy options, sharing location switched off