4.2 Network Security

Question 1

network security

Answer 1

protecting a network and its data from internal and external threates

Question 2

security threat

Answer 2

an incident - malicious or unintended - that causes disruption, damage, or data loss

Question 3

data integrity

Answer 3

reliability and trustworthiness of data

Question 4

denial of service

Answer 4

an attack on a network that attempts to prevent legitimate users from accessing its servers

Question 5

3 principles underpinning data security (i.e. importance of network security)

Answer 5

confidentiality - organisation’s networks are likely to hold sensitive data about people/products/performance
- if this data got damaged/stolen it could not run efficiently
so only the people authorised to do so should be able to access confidential data

correctness - incorrect data is useless
access to data should be strictly controlled so only those who need it can access it
- eg: error on health records or manufacturing control system

availability - a network is useless if data cannot be accessed when it is needed
- in case of a flood/fire, or a DoS attack
effective backup and recovery procedures are needed to plan for such eventualities

Question 6

ethical hacking

Answer 6

‘good’ hacking - looking for weaknesses in software and systems so that they can be addressed
- ethical hackers sometimes called white hat hackers

the ethical

Question 7

penetration testing

Answer 7

also called pen testing

a simulated hacking attack on a network to uncover any vulnerabilities that could be exploited by a criminal

once complete, the ethical hacker produces a report listing the vulnerabilities discovered and advising on methods to address them

Question 8

access control (+ 3 mechanisms)

Answer 8

controlling who can log in to a network and determining what authorised users can see and do on the network

using authentication, principle of least privilege, file permissions

Question 9

authentication (and multifactor authentication)

Answer 9

authentication is the process of checking the identity of an individual attempting to gain access to a network
- done by validating a username and password against details stored on a central server

multifactor authentication requires the user provide 3 things to provide an extra level of security:
- a piece of knowledge (ID/password/PIN)
- a physical artefact (id pass, swipe card, electronic key fob)
- physical attribute (fingerprint, voice)

Question 10

principle of least privilege

Answer 10

giving employees only the permissions and administrative rights they need to do their jobs

Question 11

physical security

Answer 11

ensuring only authorised individuals can enter critical areas
- includes protecting against theft of equipment and might involve installing a burglar alarm, security tagging, and physically locking down equipment

Question 12

encryption

Answer 12

keeping data secure by using a key to encode the data
- only someone in possession of the key is able to change the data back to its original form (decrpyt it)
- even if a hacker gains access to encrypted data, they will not be able to read it

Question 13

firewall (def)

Answer 13

a network security system that acts as a barrier between an organisation’s internal network and the internet

Question 14

how does a firewall work

Answer 14

inspects incoming and outgoing data traffic and uses a set of rules to decide what data to allow through from one side to the other

rules could be:
- stop certain protocols (eg FTP) from being used to prevent the organisation’s data being potentially copied to an external server
- block data coming from / going to certain network addresses
- disallowing data that matches the pattern an attacker would use

also flag up suspicious activity taking place on the internal network and prevent insiders from downloading viruses / emailing themselves sensitive data / visiting harmful websites / downloading files

Question 15

hardware and software firewalls

Answer 15

individual computers are likely to have a software firewall installed
hardware firewalls have much more flexibility in terms of the rules that can be applied and allow faster throughput of data

for maximum protection, an organisation should have a hardware firewall to protect its network, and should install a software firewall on each of its network devices
- it is especially important that any laptops taken offsite have a software firewall (because they will not be protected by the network firewall)