1.3.3c, 1.3.3d and 1.3.3e networks Flashcards
what is malware
- malicious software written to cause damage/harm to computer or devices on network
give examples of malware
- viruses
- worms
- trojan horse
give some typical actions of malware
- delete / modify files
- scareware
- locking / corrupting files
- opening backdoors (holes in someone’s security which can be used for future attacks)
what is a virus and how can they be spread
- malicious software designed to cause harm to network by attaching themselves to programs or file on computer or server
- often spread through attachments to emails but also spread through files, programs or games downloaded from web page
what can a virus do
- delete / corrupt data
- change system files so they become corrupted
- can fill hard drive so computer runs slower / becomes unresponsive
what is a worm
- replicates itself in order to spread to other computers which uses up a computer’s resource’s and causes other programs to run slowly
how does a worm spread
- replicates itself to spread and can also spread across network, consuming network bandwidth
how are worms different to viruses
- don’t need to be hosted in a program. they can create back doors so a hacker can take over infected computer
what is a trojan horse
- looks like legitimate software and creates backdoors + slows computer down
- program that can be downloaded and installed on computer that appears harmless but is actually malicious
what is spyware
- malware that covertly / secretly aims to collect information about a user’s computer activities by transmitting data from their device
list how spyware can be used in different way to harvest all sorts of sensitive and personal data from a device.
- cookies
- keystrokes
- credit card numbers
- passwords
- downloads
- visited web pages
- email addresses
- internet surfing habits
what is a keylogger
- type of spyware
- secretly collects / monitors activity of computer system and send data elsewhere without victim knowing
what is ransomware
- software that encrypts all files and then demands victim for payment to decrypt them
- no pay = key deleted
what is adware
- software that causes popups or windows that won’t close
what are rootkits
- alter permissions giving hackers administrator level access to devices
what is a botnet
- collection of computers infected with malware and controlled by hackers
what is a man-in-the-middle attack
- intercepting a devices connection to internet achieved by luring users into fake Wi-Fi hotspot
- operators of fake Wi-Fi hotspot then packet sniff to gain personal info that could be used in further attacks
what is a DOS attack
- attackers prevent user from accessing a network or website by flooding servers with traffic
- this makes the network extremely slow (takes up bandwidth) and so they cant respond to legitimate client requests (inaccessible to intended users on network)
what do DOS attacks tend to exploit
- exploit limitation of TCP/IP stack
what servers do DOS attacks tend to target
- web servers of high-profile organisations
what is a DDOS attack
- multiple systems orchestrate a synchronised DOS attack against a single target
- uses a larger number of compromised machines that have been infected with malware (botnets formed from these “zombie” computers)
how can you prevent from DOS and DDOS
- protection services available which can intercept and analyse potential threats (resource requested and visitors IP address)
there are protection services available to prevent against DOS and DDOS attacks which can intercept and analyse potential threats such as visitors IP addresses. what type of IP address is inspected for and why
- proxy server IP addresses as these IP addresses mask the real identity of the real device(s) so are likely malicious packets
what is an SQL injection
- attack uses SQL code on website to query a database attached to website to try and retrieve personal sensitive info
- they use certain characters to form query that is executed by the server which could return all sensitive info to attack data-driven applications
SQL injection attacks are designed to do what
- exploit vulnerabilities in poorly designed / coded databases
how can you prevent against SQL injection
- input sanitation (ensures only permitted characters used. input sanitation code will remove any other characters from input)
- identified exploits must be patched to reduce impact of attack on an organisation
what is a brute force attack
- hacker attempts to crack password by systematically trying different combinations of characters until correct one is found
what is packet sniffing
- interception of data packets being routed on a network using packet analysers that read and display contents of each packet
what is social engineering
- gaining sensitive info or illegal access to networks by manipulation techniques to exploit human error
- tend to use fear to put people off guard as they will be more likely to comply to instructions given to them
what is the weakest point of any computer system
- people that use it
how can people as a weak point be mitigated
- through user training + education programs
what is shoulder surfing
finding out sensitive personal info by means of watching people enter them (look over shoulder)
what is phishing
- online fraud technique used by cybercriminals to trick users into giving personal info
- sending emails purporting to be from reputable / legitimate companies to induce people to divulge personal information