1.4.2 Identifying and preventing vulnerabilities

What does anti-malware software do?

Detects and removes malware such as viruses, worms, trojans and spyware

What happens when new malware is discovered?

It’s sent to the anti-malware company, verified, signature created, added to the database and updates are sent to computers

How is known malware handled?

It is automatically blocked or removed

Why are morphing viruses difficult to detect?

They change form to avoid signature-based detection

What is a firewall?

A system designed to prevent unauthorised access to or from a private network

What does a firewall separate?

A trusted network (like a LAN) from an untrusted network (usually the Internet)

How does a firewall check data?

It inspects data packets to see where they come from and where they’re going

What happens if a packet doesn’t match filtering rules?

It is dropped (called packet filtering)

What forms can firewalls come in?

Hardware (e.g. router) or software

How does a firewall detect malicious packets?

By monitoring OS access attempts, blocking known malicious IPs, and rejecting unrecognised or suspicious sources

What criteria does a firewall check?

Source address, type of traffic (e.g. .exe files) and specific website addresses

What are user access levels?

Permissions that control what data and different users can access in a system

Why are password policies used?

To ensure users create strong, secure passwords

What are common password policy requirements?

Minimum length, lowercase + uppercase symbols, regular password changes

What is encryption?

Turning data into unreadable form so it can only be understood with a key

What is an example of encryption use?

Websites store passwords in encrypted form, encrypted devices protect disk data

What is physical security?

Protecting hardware, software, and networks using physical measures

What are examples of physical security?

Security lighting, CCTV, intruder alarms

What is penetration testing?

Deliberately trying to find security weaknesses in your own systems

What are the goals of penetration testing?

Identify attack targets, find entry points, try to break in, and report findings

What does penetration testing not do?

It doesn’t fix or remove security threats