Topic 8- security and ethics Flashcards
1
Q
What is hacking?
A
illegally gaining access to a computer system
2
Q
illegally gaining access to a computer system in known as
A
hacking
3
Q
Why do people hack (5)
A
- Curiosity
- Financial Gain
- Malicious
- Hacktivism
- Military
4
Q
Curiosity,Financial Gain,Malicious,Hacktivism,Military are all reasons to___?
A
Hack
5
Q
Cracking is
A
Changing a program’s source code to be used for another use (illegal)
6
Q
Changing a program’s source code to be used for another use illegally is known as
A
Cracking
7
Q
What is spyware
A
Software which tracks keylogs and through this can find out passwords.
8
Q
Software which tracks keylogs and through this can find out passwords. Is known as
A
Spyware
9
Q
How is Spyware prevented
A
Antispyware
10
Q
Antispyware prevents___?
A
Spyware
11
Q
Spyware (5)
A
- User clicks on a link from an email or website
- When clicked spyware is downloaded
- Monitors users activity and relays it back to author
- Keypresses can be analysed to find passwords
- Common key logs allow password to be found
12
Q
Viruses (3)
A
- Program that replicates itself
- Deletes or corrupts files
- Ransomware a new form of virus
13
Q
Phishing (5)
A
- Fake email sent that looks legitimate
- User clicks on link in the email
- User redirected to fake website
- Often used to try and steal financial details
- How to avoid – Don’t click on links from unknown emails
14
Q
Pharming (3)
A
- Malicious code stored on a computer
- Redirects user to fake website to steal users data
- How to avoid – check the URL is as expected
15
Q
Cookies (4)
A
- Message given to browser by webserver
- Stored in a text file
- Stores detail about users preferences on a website
- Message sent back to server each time that page is requested
16
Q
Cookies uses (5)
A
- Enable logon information to be kept
- Provide customized pages for the user
- Enable target adverts
- Enable one-click purchasing with shopping carts
- Be able to distinguish between new and repeat visitors
17
Q
Causes of data loss (5)
A
- Accidental Deletion
- Malicious – virus
- Hardware failure
- Software failure
- Natural disaster
18
Q
Data loss prevention (4)
A
- Set data to read only
- Use correct shut down procedures
- Use correct procedures when removing portable storage devices
- Backup
19
Q
Firewalls(5)
A
- Prevents unauthorized access
- Acts as a filter for incoming/outgoing data
- Checks data meets criteria
- Logs incoming and outgoing traffic
- Blocks access to specified IP addresses
20
Q
Antivirus (2)
A
- Compares virus signature against a database of known virus signatures
- Removes any viruses
21
Q
Proxy servers (3)
A
- Keeps user IP address secret
- Prevents direct access to a web server
- Filters traffic
22
Q
Biometrics examples (3)
A
- Voice recognition
- Facial Recognition
- Thumbprint
23
Q
Text v Biometric (2)
A
- Text passwords easier to hack than biometrics
- Biometric passwords are unique and can’t be shared
24
Q
Security methods (2)
A
- Encryption
- SSL
25
SSL (5)
- Uses encryption
- Uses SSL
- Uses digital certificates – contains public key
- Makes use of public and private keys
- Data is meaningless without the key
26
How can we tell a website is using SSL(3)
- Protocol end in s e.g. https
- Padlock on some browsers
- Colour of address bar changes
27
SSL process (5)
- Web browser connects to the website
- Web browser requests web server to identify itself
- Web server sends browser a copy of its SSL certificate
- Browser checks the certificate is trustworthy and sends message back to server
- Server acknowledges message and SSL session begins
28
TLS layers (2)
- Record
| - Handshake
29
Record layer (2)
- Contains the data being transferred
| - Can be used with or without encryption
30
Handshake layer (2)
- Website and client authenticate each other
| - Encryption algorithms used to establish secure session
31
Differences between TLS and SSL (3)
- Possible to extend TLS using new authentication methods
- TLS can make use of session caching
- TLS separates handshake and record protocol
32
How does encryption work on text (6)
- Before encryption it is plain text
- Text encrypted using an algorithm
- Text encrypted using a key
- Encrypted text called cypher text
- Key transmitted separately from text
- Key used to decrypt the cypher text
33
Assymetric(5)
- Private key and Public key needed
- Public key given to everyone
- Private key only known by the computer user
- Encryption keys generated using a hashing algorithm
- Different keys
34
Plain text & Cyper text
- Text encrypted using encryption algorithm
- Text encrypted using a key
- Key transmitted separately from the text
- Key used to decrypt the text
35
Authentication (1)
-Used to verify that data comes from trusted source
36
Symmetric Encryption (1)
-Uses the same key to encrypt and decrypt data
37
Hashing algorithm (4)
- Takes message or key and translates it into string of characters
- Usually shown in hex notation
- Length depends on algorithm used
- Same hashing algorithm needed to decrypt
38
DoS Attacks (4)
- Large number of requests sent to server at once
- Designed to flood a server with useless traffic
- Server will come to a stop trying to deal with the traffic
- Prevents users gaining access to the web server
39
Ethics (1)
-Set of laws that regulate computers
40
Misuse of ethics (5)
- Hacking/Malware
- Copyright
- Stealing personal Information
- Addiction or health issues
- E waste
41
Types of softaware(3)
- Free software
- Freeware
- Shareware
42
Free software (4)
- Can use for any legal purpose you wish
- Can study and change the source code
- Can pass on to other people
- Must not be used to infringe copyright laws by copying existing software
43
Freeware(2)
- Can download and use free of charge
| - Cannot view or modify the source code e.g. Skype
44
Shareware (5)
- Can use for a trial free of charge
- Need to pay once the trial is over
- Often trial version missing key features
- Protected fully by copyright laws
- Cannot modify code or distribute the software
