questions on paper 1 Flashcards
Boolean algebra - Order of precidence
Brackets
Not
And, Nand
Or, Nor, Xor
Defence against malware
High code quality Code reviews Patching Penetration testing Network forensics Network policies and user access levels Anti-malware software Firewalls Passwords Encryption Educating users in best practices
Code quality
Poorly written code
- might leave data in memory to be stolen later
- or contain debugging code that exposes sensitive info
- might contain faulty memory handling e.g. buffer overflow
Code reviews
Test thoroughly
Explore all possible code branches and input values
- Not all bugs can be found via routine testing
Programmers review each others code
Patching
Needs to be done regularly
Open source communities release updates or patches to fix bugs all the time
Penetration testing
aka ethical hacking
Hackers who work with good intent, attempt to break into a network to identify possible security breaches
- Flaws found can then be fixed
Network forensics
Analysing the packets being transmitted on a network to find out:
- where the hack came from
- how they achieved it
- what data they may have stolen
During or after attack
Can also be used to try to identify any unusual patterns that might indicate that the network is being hacked
Network policies and user access levels
NPs = rules/settings that are controlled by the network administrator
Control:
- who can access network
- which files/services they can access
- what type of access they have
Prevents unauthorised access
Staff should have agreed to network access policy
Anti-malware software
Detects and removes malware
- can have a real time checker that scans the files before they are used
- can have schedules scans to perform checks on a regular basis
Must be kept up to date via software updates
Firewalls
Monitors traffic in and out of a network
- can allow or block data entering or leaving the network
Passwords
- complex passwords are harder to guess
- dont use a password for more than one account
Authenication
Proving a user is who they say they are
Encryption
Data scrambled using an encryption algorithm and a key
- makes data unreadable
- complex keys prevent brute force attacks
- prevents eavesdropping
Phishing
attempting to fraudulently gain info from someone
Malware
Malicious software aims: - damage computer systems - corrupt or change files - steal data - disrupt services
Viruses
designed to delete or corrupt or steal data
Spreads when someone transfers an infected file from one computer to another
Attaches itself to a legitimate host file and activates when the host program runs
good practices
dont open emails from unknown sneders
dont visit unkown links
dont plug in untrusted devices
Worms
replicates and damages system
- doesn’t require a host to spread
Spreads more quickly than viruses
Once it has exploited a vulnerability, it takes advantage of shared storage e.g. email
Trojans
uses deception to attack a system
looks like a legitimate program
Opens backdoor for further malware and remote control of computer
Computer may become a bot under control of a hacker
Dont replicate like viruses - require human interaction
Spyware
installed on device without users knowledge
leaks data from computer back to creator of software
Keylogger - keeps record of keys pressed
Easily removed with a spyware removal tool
SQL injection
user adds additional sql statements within the inputs for these to be executed on the database
Can be avoided by good coding practices
Ransomware
Locks you out of your computer until you pay a ransome
Encrypts files so they are unusable
Make sure you back up data regularly
Denial of service attacks
purposely bombarding a server with thousands of ‘legitimate’ requests
Overwhelms the system
Database def
an organised collection of data
Entity def
an object in the real world that can be differentiated from other objects
Record
Row - each row stores the data for a specific entity
Attributes
Columns
a property of the entity
aka field
Each one has a specific data type
Primary key
an attribute or set of attributes that makes an entity uniquely identifiable
- allows the entity to be identified unambiguously
Composite primary key = primary key made up of more than one attribute
Foreign key
the primary key of one filed that is stored in another table for the purpose of creating a link between the tables
Data integrity
the accuracy and reliability of data
Achieved via validation and verification
Referential integrity
the system will ensure that, when a record is added to a table and a value is entered into a foreign key field, the value exists in the primary key field of the related table
- can be extended
- if a primary key value is changed, matching foreign keys values are automatically updated
- if a record is deleted, any records with matching foreign keys are also deleted
Database management system
hides complexity of the physical implementation
Normalisation def
technique used to help reduce data duplication when designing data structures
- improves data integrity
If adding new data post normalisation
make sure the table remains in normalised form
Databases advantages
- reduced duplicated data
- improve data integrity
- eliminates insertion anomalies
- eliminates update anomalies
- eliminates deletion anomalies
Database disadvantages
- require more data (for indexing and metadata)
- time consuming to set up
- understanding of normalisation needed (expertise)
- spreadsheets create a quick and easy solution and allows graphs to be produced easily
1NF
- each record has a primary key
- data is atomic
- no repeating groups of attributes