Often the best way to find out if your system is secure and to expose any system vulnerabilities, is to employ a white hat hacker to try and break into the system.
They deploy a number of different tools and techniques to try and access the system. Once a vulnerability has been exposed the system can be patched to fix the problem or the appropriate policy be put in place.
Some companies offer hack bounties to hackers. If you can hack their system and prove it you are rewarded with a hack bounty, which can often be tens of thousands of pounds.
If an attacker is successful in accessing a network or computer, Network Forensics can be used to find out:
- Who the attacker is (through their IP address or other information)
- How they gained access to the system, so the vulnerability can be fixed
- What information they accessed
- What their motivates were.
This can be achieved by looking at access logs, using specialist forensic technologies.
Secure network policies can be highly effective in reducing successful attacks and mitigating the effects of a successful attack.
Good network policies include:
- Forcing users to change their passwords on a regular basis
- Forcing users to pick a strong password
- Restricting user access only to the files / folders they need access to (see User Access Levels)
- Regularly monitoring access to check for suspicious activity
Malware is software that contains features or extra software that either compromises a system or in some way impairs the user’s experience.
- Installing browser add-ons that redirect web traffic via adverts.
- Installing extra software that turns your computer into a bit-coin miner, costly you money in electricity
- Installing software that allows governments or organisations to spy on you, tracking you browsing habits.
Anti-malware detects, disables or removes harmful software.
Any computer or device connected to the internet is vulnerable to unauthorised access. In order to reduce the number of attacks a firewall is used to detect incoming and outgoing traffic and destroy suspicious packets that don’t meet the firewall’s rules.
These rules often:
- Block traffic from known bad IP addresses (or block and entire range of addresses that originate from certain areas)
- Block access to certain ports.
User Access Levels
An effective way of preventing and containing threats to networks is through the use of User Access Levels.
Each user is given access rights(permissions) to the areas of the network.
Each right is limited to:
- read (view files)
- write(edit files)
- full control(delete/add files)
This means that if an account is compromised, only certain areas and resources are exposed.
Enforcing strong passwords using network policies are an effective way of reducing the possibility of successful network attacks.
- Mixture of lower and upper case letters.
- Include a number
- Include the use of characters e.g “£$%^&
- Make sure that standard words are not used on their own. (dog)
- Make sure the password is long enough to prevent a brute force attack.
- Change passwords regularly
- Use different passwords for different accounts
- Don’t use easy to guess passwords (password123)
Limited Login attempts
- Users are limited to a certain number of login attempts, after which their access is suspended for a period of time
- Especially useful against brute force attacks
Data encryption is useful for limiting the possibility of data being assessed when being stored or transmitted.
- A strong encryption method should be used when transmitting (WP2 for Wifi).
- Hard drives used to store data should be fully encrypted.
- Messaging services should use end to end encryption.
- Data should only be entered in to sites that use HTTPS / SSL encryption
(Make sure when you print you choose ‘print on both sides’ ‘flip on the long edge’)
Past Paper Questions
0478/12 – Paper 1 Theory February/March 2017 Qn4 – caesar shift example
0478/12 – Paper 1 Theory February/March 2017 Qn9 – biometric password
0478/11 – Paper 1 Theory May/June 2018 Qn10d Proxy server