System Security

Question 1

Threats / Attack Methods

Answer 1

Malware
Phishing
People as a ‘weak point’
Brute Force Attacks
Denial of Service Attacks
Data Interception
SQL Interjections
Poor network policies

Question 2

Different types of Malware

Answer 2

Viruses
Spyware
Adware
Pharming

Question 3

Viruses

Answer 3

Viruses are small programs which aim to cause physical harm to a computer system. ​

They often get confused with spyware (which simply spy’s on users, recording key strokes etc. but do not aim to harm the system – just the user).

Question 4

Standard Virus

Answer 4

These hide in files / programs and replicate themselves in order to spread into other programs / files. Their aim is usually to delete or damage data.

Question 5

Worms Virus

Answer 5

These don’t necessarily damage data, instead they simply try to replicate themselves, using more and more of the computer’s resources, slowing down your computer and making it useless.

Question 6

Trojan Virus

Answer 6

Trojan Virus​

These are often programs (such as a game) which you can use. But in the background they will cause harm, like deleting your files, making annoying changes to your computer setup or creating a portal for other users to use in order to gain access to your system

Question 7

Spyware

Answer 7

Spyware’s aim is to spy on the user and send back as much information about them as possible (passwords, usernames, websites they visit, purchases they have made).​

The reason for collecting this data is so that ‘senders’ of the spyware can use this information to steal your identification or sell your information to third parties who will then target you with advertisements.

Question 8

Adware

Answer 8

Like spyware, this type of malware doesn’t physically deleted or corrupt a systems data.​

​

Instead its aim is to download and display unwanted adverts and collect marketing information about your online habits.​

​

It will often also try to direct you to unwanted websites by changing your default homepage.

Question 9

Pharming

Answer 9

Pharming malware seeks to change the IP address stored in the DNS (or cached on our computer) to another IP address so that the user is sent to a phoney website instead of the one they intended.​

Question 10

Scareware

Answer 10

This kind of malware often comes in the form of a pop up telling you that you have a virus. The pop up will them advertise purchasable software hoping that you will pass over your money.​

Question 11

Ransomware

Answer 11

This malware will seek to lock your computer making it useless. It will then demand that you pay a sum of money in order for you to get your computer working again. ​

​

Question 12

Rootkits

Answer 12

These pieces of malware contain a set of tools, which once installed, allow a criminal to access your computer at an administrator level, allowing them to do pretty much what they like.​

Question 13

Phishing

Answer 13

Phishing seeks to acquire sensitive information about a user such as their usernames, passwords, bank details etc.​

​

The way in which this is done is usually through the form of direct electronic communications (emails / phone calls).​

​

These emails or phone calls try to impersonate legitimate companies (such as banks) and ask you to give away sensitive information.​

​

Question 14

Social Engineering

Answer 14

Social engineering is the act of manipulating people and is often used by criminals to force people to make mistakes which can compromise a network’s security.​

Question 15

Brute Force Attacks

Answer 15

A Brute Force Attack is were criminals will use trial and error to hack an account by trying thousands of different possible passwords against a particular username.​

​

They will repeatedly try to ‘login’ with one password after another.​

​

This threat can be easily reduced by ensuring that a system locks an account if more than three unsuccessful password attempts have been made.​

Question 16

Denial of Service Attack

Answer 16

This method seeks to bring down websites by using up the web server’s resources.​

​

This is done by acquiring multiply computers (often through malware) to repeatedly try to access (or log into) a website.​

Question 17

Data Interception and Theft

Answer 17

Hackers can use specialist hardware and software to secretly monitor network traffic and can intercept any packets that they believe may contain sensitive data.​

They use ‘packet sniffers’ to sniff out these data packets, decode them and steal the information inside, such as passwords and bank numbers.​

Question 18

SQL Injections

Answer 18

SQL stands for Structured Query Language and is used to lookup data in a database.​

When you log in to an account, you will add your username and password into a couple of input boxes.​

With SQL injections, you can ‘bolt on’ some SQL to the end of your password. This will then alter the SQL statement and allow you to access the accounts of other users.​

Question 19

Network Policy

Answer 19

A network policy is simply a set of rules and procedures that network users must follow.​

They may include rules / procedures such as:​

Use complex passwords​

Have different levels of access (only certain people in a company can access sensitive data)​

Lock computers if the user leaves their desk​

a network policy is poor, or if it is not followed properly, then the risk of a breach in system security increases.​

Question 20

Identification and Prevention

Answer 20

Penetration Testing
Network Forensics
Network Policies
Anti - Malware Software
Firewalls
User Access Levels
Passwords
Encryption

Question 21

Penetration Testing

Answer 21

‘Penetration Testing’ is where a company will invite / employ experts to try to simulate a range of network attacks such as Denial of Service attacks (DoS), SQL injections and Brute Force Attacks.​

​

They will attempt to discover any weaknesses in the system and will summarise their findings to the company who will then make improvements to their system security.​

​

Question 22

Network Forensics

Answer 22

Networks should have software which continually monitors network traffic.​

​

In the event of an attack, this monitoring can play an important part in finding out how the attack was carried out and also by whom.​

​

The monitoring software will monitor data packets and so after an attack, suspicious data packets can be analysed forensically.​

Question 23

Acceptable Use Policy

Answer 23

Use complex passwords​

Have different levels of access (only certain people in a company can access sensitive data)​

Locking computers if the user leaves their desk​

No installing of software and downloading files from the WWW​

No use of USB sticks​

Question 24

Backup Policy

Answer 24

The person responsible for backing up​

The time and frequency that data should be backed up​

The media on which back ups should be stored on​

The location of the storage of backups (offsite)​

The data to be backed up (all or changes since last backup etc.)​

Question 25

Disaster Recovery Policy

Answer 25

he person responsible for backing up​

The media on which back ups have been stored and its location​

The organisations who will help supply the resources / hardware to get the system back up and running.​

Question 26

Anti - Virus Software

Answer 26

Viruses are small programs which aim to cause active harm to a computer system. ​

​

They often get confused with spyware (which simply spy’s on users, recording key strokes etc. but do not aim to harm the system – just the user).​

​

Anti-virus software is dedicated to finding and destroying these files.​

​

Question 27

Firewalls

Answer 27

When files are sent across the internet, they are broken down into small packets of data. ​

​

The part of the computer which receives these packets is made up of 256 ports (you can think of these ports like a country’s ports, which manage people in and out of the country)​

​

A firewall monitors the data which flows through the ports.​

​

They also keep ports closed and open only those that they expect data to be sent to. For example, incoming emails are usually sent to port 110.​

​

Having ports closed protects the computer from hackers, plus its continual monitoring will help detect hacker activity.​

​

Question 28

User Access Levels

Answer 28

This is where users of a computer system will be given different access rights depending on their role in the company.​

​

What this means is that depending on their role in the company, some users will have access to certain parts of the system with other parts inaccessible.

Question 29

Passwords

Answer 29

Passwords are in place to ensure that a network has no unauthorised access.​

​

Question 30

Encryption

Answer 30

Encryption is where data is scrambled before being sent across a network so that it is unreadable if intercepted.​

​

To encrypt data, an encryption key is used which will convert ‘plain text’ into ‘cipher text’.​