Unit 5.3 - cyber security

Question 1

What does it mean when a computer system has a vulnerability + consequences?

Answer 1

There is a weakness in the system that allows unauthorized individuals to access it.
This can have consequences such as loss of data, loss of availability to systems, identity theft, financial implications, loss of confidence among stakeholders.

Question 2

Name 6 different malware + definition

Answer 2

Hostile intrusive software written to infect computers and commit crimes.
1. Worms - automated, self-executing, self-replicating programs which spread quickly and exploit weaknesses in network security. Can spread to other computers through infected websites, e-mails, network connection, etc.
2. Virus - like worms but not self-executing; requires human assistance in spreading. Often hidden in other applications/files, can corrupt files, delete data & prevent applications from running correctly.
3. Trojan - disguised as legitimate software but contains malicious code in the background. Can install back doors, initiate attacks, install other malware, etc.
4. Ransomware - victims’s files on computer are encrypted, and hacker forces them to pay to access them
5. Spyware - secretly obtains sensitive/personal information such as passwords on victim’s computer and transmits it to a 3rd party by tracking their key strokes
6. Adware - displays unwanted ads on user’s system. Not always malicious but intrusive/slow down processes.

Question 3

What is a brute-force attack + how to prevent?

Answer 3

Automated, trial and error method used to guess passwords/ecryption keys by systematically trying all possible combinations until the correct one is found.
Prevent by having long password with mix of symbols; using 2 factor authentication; don’t reuse passwords

Question 4

What is data interception + how to prevent?

Answer 4

Monitoring data streams to and from target to obtain confidential information. Any data transmitted over a network can be intercepted. Typically uses software called packet sniffer.
Prevent by using end-to-end encryption when transmitting data over a network.

Question 5

What is a DDoS + how to prevent + how is it carried out?

Answer 5

A distributed denial of service attack is a large scale, coordinated attack where many computers send huge numbers of requests to a server/network at the same time, overwhelming its resources and slowing down the server until it becomes unusable.

It disrupt normal traffic of server/network and can knock it offline due to strain on bandwidth, CPU and other resources due to flood of useless traffic.

Not preventable but have systems and firewalls that detect DDos attacks which reduce its effects by directing traffic to other servers.

Users download malware sent by hacker. Each computer is turned into a bot to create a botnet. Third party initiates the attack. All the bots send a request at once to a web server, crashing the webserver.

Question 6

What is hacking?

Answer 6

Any unauthorized access to a system for criminal purposes by identifying & exploiting system weaknesses.

Question 7

What is social engineering?

Answer 7

The use of manipulation to get people to give up personal information. Exploiting and tricking people is often easier than finding weaknesses in computer systems.

Question 8

What are 6 types of social engineering?

Answer 8

1. Baiting - leaving malware infected device (USB drive) in place where it is likely to be found and used.
2. Pharming - sends/redirects user to fake website by hijacking the DNS by the malware that was installed previously. Don’t click suspect links, use anti-malware
3. Phishing - sending legitimate-looking emails in hopes of getting personal information.
4. Watering hole - compromising group of people by infecting a website they use regularly
5. Quid pro quo - call employees of a company pretending to be tech support offering to help fix an issue, and gather information in the mean time
6. Scareware - tricks user into believing they installed malware/illegal data, hackers offer to come fix it, download actual malware

Question 9

State 6 methods of protecting digital systems (excluding firewalls & proxy servers)

Answer 9

1. Controlling access levels - protects sensitive data and minimizes misuse by only giving people access to the systems they need for work
2. Anti-malware software - keeps computer & files safe from malware. Most operating systems have built-in anti-malware. Can detect spyware.
3. Authentication - 3 methods: username & password; biometrics (fingerprints, retina scan, etc); 2 step verification(2 separate authentication methods performed one and another)
4. Automatic software updates - popular software is often target of attacks. Applies patches & bug fixes; product is is kept up to date and security flaws are fixed ASAP without need for manual intervention
5. Privacy settings - designed to limit who can view & access your content; e.g. do not track, privacy browsing
6. SSL - secure socket layer is a security protocol provides secure communication channel between 2 devices by encrypting sent data. It also uses digital certificates hosted on the web server that contain the public key used for encryption for authentication of web server (proving that it’s truthworthy). Used to secure credit card transactions & data transfer.

Question 10

How to catch phishing e-mails?

Answer 10

• If they are unexpected or contain instructions to click link/download attachment
• poor spelling and urgent, pressuring tone
• generic greeting
• demanding taking action now
• check URLs of links attached as well as protocol
• links hidden behind text or images

Question 11

Firewalls vs proxy servers definitions & functions

Answer 11

Firewalls - piece of software/hardware or both that monitors incoming & outgoing traffic, and filters it based on rules/criteria that can be set by user (blacklist or whitelist). It blocks any traffic from entering LAN by closing network ports. Can protect from virus, worm, spyware, etc. & can be used to block access to certain website.

Proxy servers - separate intermediate device between user and remote web server that traffic must pass through; acts as a gateway between the browser & the Internet. Unlike a firewall, it can hide a user’s IP address & location, along with caching frequency used websites. It can still act as a firewall by filtering web traffic based on a certain criteria by directing it away from the server . Additionally, it can block malicious content & send warning messags to user. It also reduces impact of DDOS attack.