A-Level IT: Protecting Data

What factors should be considered in keeping data safe and accurate?

What factors should be considered in keeping data safe and accurate?

• Integrity (keeping it accurate and complete)

• Security (keeping it safe from theft, misuse and damage)

What is malware?

Malicious software that damages computers.

What are some examples of types of malware?

• Virus (software programs attaching to other programs)

• Worm (uses computer networks to replicate itself)

• Trojan horse (advertisements, cracked software or fake emails)

• Ransomware (encrypts users’ files and asks for payment to decrypt)

• Spyware

• Denial of Service attack (sends lots of requests to a server to crash it)

• Distributed Denial of Service attack (comes from multiple systems)

What are botnets?

Collections of internet-connected devices (zombies) that were infected and controlled by the owner of the botnet.

What are the effects of viruses?

• Freezing

• Crashing

• Slower processing speed

• Strange new programs/desktop icons

What are the effects of data loss from a virus?

Money can be spent restoring systems and files.

What is the difference between black-hat hackers and white-hat hackers?

Black-hat hackers write malware. White-hat hackers find weaknesses in systems with a company’s permission.

What is phishing?

Attacks designed to persuade users to type in personal information.

How do fraudsters commit identity fraud with users’ details?

• Taking out mobile phone contracts

• Opening bank accounts

• Taking out credit cards

• Applying for loans

How do people recognise identity fraud?

• Receiving invoices for items they haven’t ordered

• Receiving letters about debts that aren’t theirs

• Being overdrawn at the bank

What are the effects of identity fraud?

• Lack of bill payments

• Bad credit ratings making it difficult to obtain mortgages

What are the impacts of ransomware?

• Financial cost

• Corrupted or damaged files

• Loss of productivity for companies

Which factors are recommended for a strong password?

• No personal details

• Combination of lowercase and capital letters

• Numbers and symbols

Why can using USB flash drives be a potential threat to systems and data?

They can carry malware or viruses, compromising the security of organisations and workplaces’ data.

What does BYOD stand for?

Bring Your Own Device.

What is BYOD?

A policy deciding when and how employees can use their own laptops on company networks to work and access data.

What are the advantages of BYOD?

It allows employees to work and gain resources anywhere.

Why may BYOD be a cause of concern to organisations?

Company data can be retrieved outside of the network and stolen or tampered with.

How can organisations using BYOD prevent risks to their data?

Organisations can encrypt data when storing it or transferring it to employees.

How does physical access control protect organisations’ data?

Companies can use keycards and databases to sort their employees into who is authorised to edit certain files or work in high-tier areas.

What does TLS stand for?

Transport Layer Security.

What does SSL stand for?

Secure Sockets Layer.

What do TLS and SSL certificates do?

Verify legitimate webpages upon user requests and indicate if they are secure or not.

What is the purpose of TLS and SSL protocols?

To verify encryption keys and prevent unwanted traffic from hackers by encrypting data when it is transferred.

What is the difference between one-way firewalls and two-way firewalls?

• One-way firewalls protect systems from incoming threats

• Two-way firewalls prevent malware from connecting to the internet

What is the purpose of firewalls?

To stop unwanted traffic from entering wireless connections and putting users’ data at risk.

What is the purpose of stateful packet inspection?

To check packets of information entering networks and verify if they are legitimate.

What is a virus definition database?

A database that helps antivirus software identify viruses by scanning downloaded files for definitions and detecting viruses in the ones that match.

What is plaintext?

The original message/string of data before encryption.

What is ciphertext?

An encrypted message/string of data.

What is encryption?

The process of converting plaintext to ciphertext.

What is the purpose of encryption?

To encode data so it cannot be read or stolen when transferred without a key to decrypt it.

What is the difference between private key encryption and public key encryption?

• Private key encryption uses one key.

• Public key encryption uses two separate keys.

What happens in private key encryption?

A key is transferred between communicated devices so they both understand how to pass messages.

What happens in public key encryption?

A public key, available to anyone, is used to encrypt a message for a recipient. A private key, available to only the recipient, is used to decrypt a message.

What does PGP stand for?

Pretty Good Privacy.

What is public key encryption used for?

SSL encryption of websites and PGP encryption of emails.

What does HTTP stand for?

Hypertext Transfer Protocol.

What does HTML stand for?

Hypertext Markup Language.

What is the purpose of HTTP?

It is a standard protocol used to access and receive webpages.

What is the purpose of HTTPS (Hypertext Transfer Protocol Secure)?

To secure data transmitted between web browsers and websites using encryption.

Secure HTTPS websites…

…use TLS and SSL certificates.

What are some examples of wireless protocols?

• WEP (Wired Equivalent Privacy) - outdated, easy to bypass.

• WPA / WPA2 (Wi-Fi Protected Access) - WPA2 is more secure and should be chosen.

• WPA3 - announced in 2018 as the updated version of WPA2.

If software is not supported with security updates…

…it must be updated or replaced.

If operating systems and software are not updated…

…hackers could exploit their vulnerabilities.

How does antivirus software work?

It regularly updates a virus definition database. When files are downloaded it checks the program against known viruses or malware, then for types of actions that indicate a virus (heuristic analysis). If viruses are detected the files are quarantined or deleted.

What do real-time scans do?

Check downloaded files and email attachments before they are saved, copied, opened or run.

What do full scans do?

Check every file on a computer system to see if it is infected with viruses/malware. This can take hours.

What are the advantages of password managers?

• Only one password needs to be remembered

• Long, complicated passwords can’t be created

• Passwords are randomised

• Log-in screens can be filled automatically

What are the disadvantages of password managers?

If someone steals the main password, they have access to every password. This can be solved with two-factor authentication.

What are some methods of verifying passwords?

• Asking users to input passwords twice

• Asking for phone numbers or recovery emails and sending security codes to them

• Using security questions (e.g. favourite colour/favourite food)

• Asking for selected letters from passwords

• Captchas

What are protocols?

Sets of rules that define common methods of data communication.

What do hashing algorithms do?

Use files or text to produce strings of characters (hashes), which can be compared to verify passwords and protect users from hacking attempts.

How do firewalls work?

Firewalls use software to enforce sets of rules to check incoming files and data. When they identify malicious traffic, they stop it from entering while allowing safe files in.