Topic 9 Security and data management

Describe the dangers that can arise from the use of computers to store personal data

Huge Volcanoes Throw Intense Purple Dust

- Hacking

- Viruses

- Technical breakdown

- Interception

- Physical theft

- Data theft

Describe methods that protect the security of data

• Access levels permitting user access to designated functions/areas

• Password design ('strong' vs 'weak' passwords)

• Encryption techniques (e.g. XOR encryption.

What is the need for file backups and generations of files?

Backups protect data following primary data loss.

Generations of files, e.g. the

grandfather-father-son regime, allows data to be

restored to a previous version following catastrophic data loss.

What is the need for archiving files?

Archiving is the process of storing data which is no longer in current or frequent use. It is held for security, legal or historical reasons

Difference between Lossy and Lossless compression

Lossy compression results in reduction of data quality following compression.

Lossless compression results in no loss of data quality following compression

Calculating compression ratios

Uncompressed file size/compressed file size

What are the types of network security?

AFTAP

• Antivirus software

• Firewalls

• Two-factor authentication

• Access levels

• Passwords

What is an Acceptable Use Policy?

A document written to outline the rules that users must follow when using a computer network

What type of disasters should we be prepared against for a computer network?

- Fire, flood and lightning

- Terrorist attacks

- Hardware failure

- Software failure

- Accidental and malicious damage

What are the 3 parts to a disaster recovery plan?

Before the disaster: risk analysis, preventative measures, and staff training.

During the disaster: staff response, implementing contingency plans.

After the disaster: recovery measures, purchasing replacement hardware, reinstalling software, restoring data from backups.

Malware

Short for malicious software, Malware is a broad-spectrum term used to describe software used to disrupt computer operation.

Viruses

A virus is a computer program that is able to copy itself onto other programs often with the intention of maliciously damaging data.

A virus is transmitted by 'piggybacking' on another

program known as a 'vector'.

Worm

It is similar to a virus but is a standalone program that replicates itself in order to spread to other computers. It does not need a vector.

Keyloggers

They are covert programs that capture keyboard (or

other input device) input and transmit this data to a third party or hold the data for collection.

Protection against Malware

• firewalls

• antivirus programs

• patching out-dated software

• security tools

• personnel

Describe the different forms of attack based on technical weaknesses

SDPI

• SQL injection

• DoS attack.

• Password-based attack.

• IP address spoofing.

Describe the different forms of attack based on user behaviour

• Social engineering.

• Phishing.

What are the methods of identifying vulnerabilities?

- Footprinting

- Penetration testing

Footprinting

Interrogating resources on the Internet for information about systems, looking to discover what a potential attacker can also discover

without an organisation's knowledge (can remove

'enticements' or 'low hanging fruit' by this method)

Penetration testing

Attempting to penetrate a system's security layers in order to demonstrate security risks

What are different ways of

protecting software systems during design, creation, testing and use?

• Buffer overflows

• Too many permissions

• Scripting restrictions

• Accepting parameter without validation

What is an internet cookie?

A cookie is the term given to describe a small piece of code that is given to a Web browser by a Web server.

What is the role of a cookie?

The main purpose of a cookie is to identify users and prepare customized Web pages or to save site login

information.

Why may cookies be a security issue?

Cookies can be seen as a security issue as they hold

personal information and this can be used or sold and tracking cookies can hold information on the websites visited by users.

What does an AUP include?

Typical rules set out in an AUP will include a list of unacceptable types of website that should not be visited and activities that are not allowed on the network, such as gambling and installation of unauthorised software

What is the effect of archiving to data that is in use?

The process of archiving data frees up resources on the main computer system and allows faster access to data that is in use.