1.4.2 Identifying & Preventing Vulnerabilities

Cards (7)

  • Organisations should:
    • Regularly test the network to find and fix security weaknesses and investigate any problems.
    • Use passwords to prevent unauthorised people from accessing the network.
    • Enforce user access levels to limit the number of people with access to sensitive information.
    • Install anti-malware and firewall software to prevent and destroy malicious software attacks.
    • Encrypt sensitive data.
  • Penetration Testing
    Penetration testing is when organisations employ specialists to simulate potential attacks on their network. It is used to identify possible weaknesses in a network's security by trying to exploit them. The results of the test are then reported back.
  • Physical Security
    • Physical security protects the physical parts of a network from either intentional or unintentional damage (e.g. fire, flooding, theft, vandalism, etc).
    • Physical security can involve many different things, for example:
    • Locks and passcodes to restrict access to certain areas, e.g. server rooms.
    • Surveillance equipment, e.g. cameras or motion sensors to deter intruders.
  • Passwords
    Passwords help prevent unauthorised users accessing the network. They should be strong - they should be many characters long, use a combination of letters, numbers and symbols - and be changed regularly.
  • User Access Levels
    • User access levels control which parts of the network different groups of users can access.
    • E.g. business managers are likely to have a higher access level allowing them to access more sensitive data, like pay information. They may also have write access to files that others can only read and the ability to change employees' access levels.
    • User access levels help limit the number of people with access to important data, so help prevent insider attacks on the network.
  • Anti-Malware Software
    Anti-malware software is designed to find and stop malware from damaging a network and the devices on it. There are lots of different types of anti-malware software, including antivirus programs which isolate and destroy computer viruses. Companies also use firewalls to block unauthorised access. Firewalls examine all data entering and leaving the network and block any potential threats.
  • Encryption
    • Encryption is when data is translated into a code which only someone with the correct key can access, meaning unauthorised users cannot read it.
    • Encrypted text is called cipher text, while non-encrypted data is called plain text.
    • Encryption is essential for sending data over a network securely.