4.2: Preventing Vulnerabilities
Penetration tests are carried out as part of ethical hacking.
The purpose of a penetration test is to review the system's security to find any risks or weaknesses and to fix them.
There are four main types of penetration tests:
This page is still being updated.
Internal tests are to see how much damage could be done by somebody within the company with a registered account.
External tests are for white hat hackers to try and infiltrate a system from outside the company.
Blind tests are done with no inside information, to simulate what a real attacker would have to do to infiltrate the system.
Targeted tests are conducted by the company's IT department and the penetration team cooperating together to find faults in the system.
Anti-malware software is used to locate and delete malware, like viruses, on a computer system. The software scans each file on the computer and compares it against a database of known malware. Files with similar features to malware in the database are identified and deleted.
There are thousands of known malware, but new forms are created each day by attackers, so anti-malware software must be regularly updated to keep systems secure.
Other roles of anti-malware software:
Checking all incoming and outgoing emails and their attachments.
Checking files as they are downloaded.
Scanning the hard drive for viruses and deleting them.
A firewall manages incoming and outgoing network traffic.
Each data packet is processed to check whether it should be given access to the network by examining the source and destination address.
Unexpected data packets will be filtered out and not accepted to the network.
Other roles of a firewall include:
Blocking access to insecure / malicious web sites.
Blocking certain programs from accessing the internet.
Blocking unexpected / unauthorised downloads.
Preventing specific users on a network accessing certain files.
Usernames must be matched with a secure password to minimise the chances of unauthorised users accessing a system.
Passwords should contain a mix of uppercase and lowercase letters, punctuation and numbers. Passwords should be of a substantial length (at least 8 characters) and should be regularly changed.
User Access Levels
Access levels are used to only allow certain users to access and edit particular files.
'Read-Only' access is when a user can only view a file and is not allowed to change any data.
For example, a teacher might set homework instructions as read-only for students to view.
'Read and Write' access allows a user to read and edit the data in a file.
For example, a teacher might set an online workbook as read and write access for students to fill in.
It is important to set access levels so that only authorised users can view and change data. The more users who have access to a file, the more likely it is to be compromised. Certain users may also have no access to a file - when they can't view or edit it.
Encryption is the process of scrambling data into an unreadable format so that attackers cannot understand it if intercepted during transmission.
The original data (known as plaintext) is converted to scrambled ciphertext using an encryption key. Only at the correct destination will the encryption key be used to convert the ciphertext back into plaintext to be understood by the receiving computer.
4.2 - Preventing Vulnerabilities:
1a. Describe the purpose of penetration tests. 
1b. Describe each type of penetration test. 
2. Describe the purpose of anti-malware software and its different roles. 
3. Describe the purpose of a firewall and its different roles. 
4. State three rules for choosing a strong password. 
5. Describe the three types of access level. 
6a. Describe the purpose of encryption. 
6b. Explain how encryption works, using the terms plaintext, key and ciphertext.