1.4.2 Identifying and preventing vulnerabilities

What is penetration testing?

• ethical hacking done to probe a network for any weaknesses so that they can be resolved

What are internal tests?

• a penetration test done from within the network to see the damage that could be done by someone employed there

What are external tests?

• white hat hackers try to infiltrate a compay network from the outside

What are blind tests?

• done with no inside information to simulate what a real hacker would have to do to infiltrate the system

What are targeted tests?

• conducted by the company’s IT department and the penetration team cooperating together to find faults in the system

What is the purpose of anti malware software?

• to scan through all files on a computer and check them against a database of known malware

• files with similar features to malware are detected

• user alerted

• can be deleted - virus cannot infect system

• should be updated regularly so that it can detect the lastest threats

• other roles of anti-malware software:

  • Checking all incoming and outgoing emails

  • Checking files as they are downloaded.

  • Scanning the hard drive for viruses and deleting them.

What is a firewall and its purpose?

• to prevent unauthorised access to computers on a network

• may run as software or be a dedicated unit built into the hardware

• incoming/outgoing traffic is scanned by examining the source and destination addresses of packets

• subject to filtering criteria which determine whether to allow or block packets. unauthorised packets are filtered out

• can filter packets from certain IP addresses

• can block access to certain ports

• also used to - block access to insecure or malicious sites, blocking certain programs from accessing the internet, blocking unauthorised downloads, preventing specific users on the network from accessing certain files

What are the features of secure passwords?

• minimise the chance of unauthorised users accessing a system

• should be changed regularly

should contain

• mix upper and lowercase letters

• numbers

• special characters

• 8 characters or more

What do user access levels do?

• determine the command / software a user has access to

• users have restricted access

• important to set access levels so that only authorised users can view and change data.

• The more users who have access to a file, the more likely it is to be compromised.

How is encryption used?

• scrambles data using an algorithm

• websites may use HTTPS

• individual file can be encrypted using a password

• harder for attackers to understand the data when they intercept - data rendered useless

• key needed to decrypt

What physical security can be implemented?

• lock to prevent access to server rooms or locations that store confidential data. Only authorised personnel are given the key - prevents people inserting harmful devices into ports

• Biometric entry to room

• passcode entry to room

• Other forms of physical security include keycards, security staff, CCTV cameras and alarms.

What are some acceptable use policies?

• users should have secure passwords

• users should not share passwords and change them regularly

• users should not connect with unauthorised devices (e.g unfamiliar USB drives)

• regular back up procedures