1.4 Network Security

Question 1

What is Malware

What are examples of malware

Answer 1

Malware is software written to infect computers and commit crimes. They exploit vulnerabilities in operating systems and browsers.

They do this for FRAUD or IDENTITY THEFT.
Malware is an umbrella term which covers:
-viruses
-trojans
-worms
-ransomware
-spyware
-adware

Question 2

Viruses

Answer 2

Viruses are Programs embedded (hidden) within other files. They replicate themselves and become part of other programs. Viruses often cause damage by deleting or modifying data.

Question 3

Trojans

Answer 3

Trojans are Programs which pretend to be legitimate but in reality are malware. They are often disguised as email attachments. Trojans cannot spread by themselves - instead they deceive a user into installing the program.

Question 4

Worms

Answer 4

Programs similar to viruses except that they are not hidden within other files. Worms often spread through emails.

Question 5

Ransomware

Answer 5

Ransomware are Programs that attempt to blackmail a user into making a payment to a hacker. Some types of ransomware do little but try to scare users into paying, while others go further - they encrypt documents and will not decrypt them until a ransom is paid.

Question 6

Spyware

Answer 6

Spyware are Programs that monitor user activities and send the information back to a hacker.

e.g. key logs

Question 7

Adware

Answer 7

advertising-supported malware AKA Adware is a term used to describe unwanted software that displays advertisements on your device

Question 8

Phishing

Answer 8

Phishing is an online fraud social engineering technique used by criminals used to entice consumers to disclose personal information by pretending to be a trusted entity. Used through email and websites.

Question 9

Brute Force Attack

Answer 9

A trial and error method used to decode encrypted data such as passwords and keys.

Question 10

Denial of Service

Answer 10

Overloading a server with useless traffic causing the server to crash. DDOS is a type of attack where multiple compromised systems(zombies) are infected with trojan horse which is then used to attack a single system.

Question 11

Data interception and theft

Answer 11

An attacker monitors a data stream to or from a target in order to gather sensistive information.

It uses a technique called “Sniffing” or “Evesdropping”

They can find out unencrypted passwords or Configure information

Question 12

SQL injection

Answer 12

SQL injection

This is a code injection technique used to attack data-driven applicaiton. It is able to view or change data in a data-base by inserting code into a text box.

Question 13

Why is malware a problem

Answer 13

• Files may be deleted, corrupt or are encrypted
• The computers may crash, reboot and slow down
• Internet connections may become slow
• Keyboard inputs are logged and sent to hackers
• If a client is infected then it can easily be passed to the server

Question 14

Phising - This poses a threat as:

Answer 14

Phising poses a threat as:

• Access to bank accounts and credit cards.
• access to high value data
• Damage to brand reputation

Question 15

Brute Force Attack - This poses a threat as:

Answer 15

• *- Theft of data
• Access to systems**

Question 16

Denial of Service attack - This poses a threat as:

Answer 16

• Loss of access for customers
• Loss of Revenue
• Lower Productivity
• Loss of Reputation

Question 17

Data interception and theft - This poses a threat as:

Answer 17

• Usernames and Password can be compromised
• Disclosre of corporate data
• Data theft

Question 18

SQL Injection - This poses a threat as:

Answer 18

• Private Data can be leaked personal or financial information
• Data can be altered or deleted
• New rogue records can be added to the data base

Question 19

How do people make their computer or network insecure?

Answer 19

• Not updating OS, anti-malware
• Not locking doors to physical locations
• Sharing & Writing passwords and sticking it to a computer
• Losing memory sticks
• Not applying security to wireless networks
• Not encrypting data
• Not logging off

Question 20

How do you prevent malware?

Answer 20

• Enabling OS and Security software updates
• Training Staff from Opening suspicious emails
• Regular data backup
• Strong security software:
• Firewall
• Spam filter
• Anti-virus
• Anti-spyware
• Anti-spam

Question 21

Preventing Phising

Answer 21

• Strong security softwaresss
• Staff training: awareness of fake emails and websites
• Staff training: Not disclosing personal or corporate information
• Staff training: Disabling popups

Question 22

PReventing Brute Force Attack

Answer 22

• Lockout Policy: Locks after 3 password attempts
• Using progressive delays
• Staff Training to use effective passowords

Question 23

Preventing Denial of Service

Answer 23

Preventing Denial of Service

• *- Strong firewall**
• Packet filters on firewall
• Configuring web servers
• Network should be monitored

Question 24

Preventing Data Interception

Answer 24

• Encryption
• Using Virtual Networks
• Staff training: use for passwords, locking computers, logging off and use of portable media
• Investigating own network for vulnerabilities

Question 25

Preventing SQL Injection VUSP

Answer 25

To prevent SQL: * **Input Validation** * Using **parameters queries** * Setting **database permissions** * **Penentration testing** VUSP

Question 26

Preventing malware

Answer 26

- Penetration Testing - Anti-Malware software - Firewalls - User access levels - Strong Passwords - Encryption - Physical Security - Validation on input boxes - Using parameters queries - Setting database permissions - Penentration testing

Question 27

How can networks be compromised?

Answer 27

**Networks** can be hacked using a variety of techniques. These include: * **malware** * **phishing** * brute force * **denial of service** * data interception and theft * **structured query language** injection * poor **network policy** * people

Question 28

What do poor network policies not have?

Answer 28

Poor network policies tend not to have: * **Access Levels** * Rules preventing the **connection of external devices** * regulation regarding **secure passwords** * **govern what websites can and cannot be visited** * **backup procedure** * A **regular maintenance programme** that is followed

Question 29

What are penetration testing and network forensics?

Answer 29

**Penetration testing** The purpose of penetration testing is to determine how **resilient** a network is against an attack. It involves authorised users (sometimes an external party or organisation) who probe the network for potential weaknesses and attempt to exploit them. **Software** that enables network managers to test the resilience of networks themselves is also available. **Network forensics** Network forensics involves monitoring the traffic on a network. At regular intervals transmitted **data** packets are copied. The copy and information about the packet are then stored for later analysis. This is usually processed in batches. The information gathered can help identify invasive traffic (from hackers) or to determine where data is being sent.

Question 30

What do network policies ensure?

Answer 30

Network policies A network manager should have an acceptable use policy which ensures: * **Secure passwords which are regularly changed** * Users **cannot connect unauthorised equipment** to the network * **Access Levels** * A regular **backup procedure** is in place * A disaster recovery procedure exists in case of data loss * Regular **penetration testing and forensic analysis** * Regular **maintenance including applying OS, Software & security updates** * **NO physical access to servers** * Maintaining a high level of security with up-to-date **anti-virus software** and **firewalls**

Question 31

What are User access levels?

Answer 31

User access levels Access levels **determine the facilities a user has access to, such as**: * **software** * **email** * **internet access** * **documents and data** * **the ability to install and/or remove software** * **the ability to maintain other users' accounts** **A network manager should make sure users can only access the facilities they need.** For example, an office worker might need access to productivity software, email and the internet, but not to install software or access other users' accounts. Restriction limits the actions a user can take, thereby reducing the potential of threats.

Question 32

What are firewalls?

Answer 32

**Firewalls** A firewall is a tool that **monitors traffic going into and out of a computer or network, and either allows the traffic to pass through or blocks it.** The decision to allow or block is based on rules, known as the firewall policy. For example, some programs, such as email clients and web browsers have legitimate cause to send a **transmission**. These programs are known and the firewall policy allows their communications. However, any transmissions that are not sent from or to known - and allowed - sources are blocked. Firewalls can be **hardware-based** or software-based. Hardware firewalls tend to be more expensive, but are more effective.

Question 33

What should organisations do to regularly stop security threats?

Answer 33

Question 34

How can phishing take place at a business

Answer 34

* Staff respond to fake email, link, website, popup or * Staff respond to spam * Staff respond to software fake instant messages Staff respond to social media messages, ‘likes’, etc.

Question 35

What are problems to a business if phishing takes place?

Answer 35

* Acquisition of user names and passwords * Acquisition of financial details/credit card details * Identity theft * Data theft * Staff disclose personal/confidential data * Financial data theft

Question 36

What are Reasons for people committing DDOS

Answer 36

* Protest/hacktivism * Cyber vandalism * Distraction technique * Espionage – commercial, industrial. political * Can lead to malware/data theft if part of a distraction technique * If a distributed denial of service attack can lead to computer/network control * Extortion * Competition between companies * Make a website unavailable * Interrupt an organisation’s work * Suspend an organisation’s work * Block user requests

Question 37

What are Advantages of using a firewall

Answer 37

* Controls network traffic/allows data from authorised source while blocking data from unauthorised sources * Protects against attackers * Offers different protection levels * Protects privacy * Provides warnings * Filters advertisements/popups * Filters web content

Question 38

What are physical ways of protecting a network?

Answer 38

* Door locks * Window locks or bars * Intruder alarm systems * CCTV systems * Laptop locks (e.g. Kensington locks) * Security guards