01 Section 2 - Network Security Threats Flashcards
What are the different forms which network attacks come in?
passive attack active attack insider attack brute force attack denial-of-service attack
What is a passive attack?
When someone monitors data travelling on a network and intercepts any sensitive data they find
- use network-monitoring hardware and packet sniffer software
- they are hard to detect if the hacker is quietly listening
How can you protect against a passive attack?
using data encryption for send messages
What is an active attack?
When someone attacks a network with malware or other planned attacks
-they are more easily detected
How can you protect against an active attack?
having firewalls
What is an insider attack?
Someone within an organisation exploits their network access to steal information
What is a brute force attack a type of, and what is it used to gain?
active attack
-used to gain information by cracking passwords through trial and error
What is a brute force attack?
When passwords are cracked through trial and error using automated software to produce hundreds of likely password combinations
-hackers may try lots of passwords against one username or vice versa
What are likely password combinations?
Real words with predictable number sequences
How can you protect against a brute force attack?
- locking accounts after a certain number of attempts
- using strong passwords will reduce the risk
What is denial-of-service attack?
DoS is where a hacker tries to stop users from accessing a part of a network or website
-involve flooding the network with useless traffic, making the network extremely slow or completely inaccessible
What is malware?
Malicious software
- software that can harm devices
- it’s installed on someone’s device without their knowledge or consent
What are the typical action of malware?
- deleting or modifying files
- scareware
- locking files
- spyware
- rootkits
- opening backdoors
What ways can malware access a device?
- viruses
- worms
- trojans
What is scareware?
e.g. tells the user their computer is infected with loads of viruses to scare them into following malicious links or paying for problems to be fixed
What is malware in the terms of locking files?
Ransomware encrypts all the files on a computer. The user receives a message demanding a large sum of money to be paid in exchange for a decryption key
What is spyware?
Secretly monitors users actions (e.g. key presses and sends this information to the hacker)
What are rootkits?
They alter permissions, giving malware and hackers administrator-level access to devices
What is opening backdoors in the terms of malware?
Holes in someone’s security which can be used for future attacks
What is a virus in terms of accessing a device?
Viruses attach (by copying themselves) to certain files (e.g. .exe files and autorun scripts) users spread them by copying infected files and activate them by opening infected files
What is a worm in terms of accessing a device?
Worms are like viruses but they self-replicate without any user help, meaning they can spread quick
-they exploit weaknesses in network security
What is a trojan in terms of accessing a device?
They are malware disguised as legitimate software
- they don’t replicate themselves
- users just install them not realising they have a hidden purpose
What is social engineering?
Social engineering is a way of gaining sensitive information or illegal access to networks by influencing people
What are the different types of social engineering?
- over the telephone, someone ringing and pretending to be someone else and asking for information
- phishing - phishing emails
What is social engineering over the phone?
Someone rings up an employee of a company and pretends to be a network admin or somebody within the organisation
-the social engineer gains the employee’s trust and gets them to disclose confidential information
What is phishing?
Where criminals send emails or texts to people claiming to be from a well-known business
- the emails are sent to thousands of people and often contain spoof versions of the companies website
- claim that a user should update their personal information, so criminal can steal their information
What are the defences against social engineering?
- email programs, browsers and firewalls have anti-phishing features
- often giveaways such as poor grammar on the emails
- treating emails with links with caution, especially if they ask you to fill in information
What networks are vulnerable to SQL injection attacks?
Networks which make use of databases are vulnerable to SQL injection attacks
What does SQL stand for?
Structured Query Language
What is SQL?
It is one of the main coding languages used to gain information in databases
What do SQL injection attacks involve?
Pieces of SQL typed into a website’s input box which then reveals sensitive information
- if a website’s SQL code doesn’t have strong enough input validation then someone could enter a piece of SQL code which allows them to access people’s account information
- if a website’s SQL code is insecure, SQL injection can be an easy way for hacker to get past a firewall
What does a good network policy involve?
- regularly testing and network forensics
- passwords
- enforcing user access levels
- installing anti-malware software and firewall software
- encrypting sensitive data
What does penetration testing involve?
when organisations employ specialists to stimulate potential attacks on their network
-used to identify possible weaknesses in a network’s security and trying to exploit them, the results of the pentests are then reported back
What does network forensics involve?
investigations undertaken to find the cause of attacks on a network, to conduct this an organisation needs to capture packets as they enter the network
-after the network is attacked, the packets can be analysed to prevent future attacks
What does passwords in a network policy involve?
to help prevent unauthorised users accessing the network
-they should be strong, many character long, combination of letters, numbers and symbols and should be changed regularly
What does user access level involve?
Controlling which part of a network different groups of users can access
-helps to limit the number of people with access to important data, to prevent an insider attack
What does anti-malware software involve?
software designed to fins and stop malware from damaging a network
- antivirus - program which isolates and destroys computer viruses
- firewalls - to block unauthorised data and examine all data entering and leaving a network
What does encryption in a network policy involve?
When data is translated into code which only someone with the correct key can access
-it is essential for sending data over a network securly
What is encrypted text called?
cipher text
What is text which hasn’t been encrypted called?
plain text
What are types of malware?
- scareware
- spyware
- rootkits
- viruses
- worms
- trojans
