1.4 Flashcards

1
Q

What is a network attack?

A

An attempt to gain access to steal,modify or delete data on a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is malware? Name the 5 types of malware

A

a malicious software designed to hack a system- virus ,trojan, spyware ,ransomware ,worm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a virus?

A

Programs embedded in other files which replicate themselves to become part of other programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a worm?

A

Like viruses but not hidden within files- they’re often spread via emails

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is spyware?

A

Programs that monitor user activity like webs visited or usernames and passwords- this information is then sent back to the hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a trojan?

A

Programs that pretend to be legitimate but are actually malware- often pretend to be email attachments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is ransomware?

A

Programs that blackmail a user to make a payment to the hacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is social engineering?

A

Manipulation of people in order to make them perform desired actions to gain information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is phishing?

A

A phisher sends emails that look legitimate asking for a verification but usually contain a fraudulent link which asks for personal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What’s the name of a phishing attack over the phone?

A

vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is baiting?

A

In baiting- the victim is lured into a trick of the promise of an item (i.e music for free or downloads)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Quid Pro Quo?

A

Promises an exchange for information that they do not have authorisation to but the information tends to be exchanged for a service NOT an item

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is tailgating/piggybacking?

A

When somebody(without proper authorisation) follows someone without proper authorisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a Brute Force Attack? How can we make these attacks harder to carry out?

A

Using trial and error to guess a password (often using a program) by using all possible combinations until the correct one is obtained ——- using complex passwords with lots of character combinations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is hacking?

A

Gaining unauthorised access to data in a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Denial of Service? And distributed denial of service?

A

An attack where the aim is to prevent anyone using the resources e.g. lots of bots (computers) will form a botnet and will bombard a website with too many requests so that it crashes and prevents a server from carrying out its function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is Data Interception?

A

Data accessed en route i.e. by packet sniffing software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is SQL injection?

A

Fake database operations produced to change the way data is entered/ processed by database servers. Often SQL codes are entered as data inputs to cause errors

19
Q

What is Penetration Testing?

A

authorised users hack a network for weaknesses and try to exploit them—– basically tests how resilient a network is against an attack

20
Q

What are Firewalls?

A

These firewalls are often hardware (expensive) or software and monitor traffic going in/out of a network and either allows traffic to block or pass depending on the firewall policy. Packet filter firewalls decide whether packets should be dropped

21
Q

What is an acceptable use policy?

A

When network managers make sure there is a policy that users have long/complex passwords, levels of access ,backups, strict rules on authorised access, penetration testing, no physical access to servers

22
Q

What is anti malware software?

A

A software which scans files to detect and remove malware

23
Q

What are network policies?

A

Policies to determine what users can/cant do and rules of how data is safeguarded

24
Q

Give 2 ways we can prevent SQL injection taking place:

A

limit user access levels and use firewalls

25
Q

Give some basic methods to safeguard data

A

dual credentials, complex passwords, different passwords for different areas of functionality

26
Q

Give some security measure to safeguard data

A

physical security (biometrics, CCTV), WIFI access security, complex passwords, encrypt data

27
Q

Give some network policies to safeguard data

A

Data backups regularly, disaster recovery plan, anti malware software, firewalls, acceptable use policy ( i.e. dont give data to 3rd parties), user access levels

28
Q

What are Key loggers, adware , tracking cookies all examples of?

A

Spyware

29
Q

What is smishing?

A

– This method sends malicious text messages to trick users into clicking on
a malicious link or handing over personal information.

30
Q

What is pretexting?

A

This type of attack involves fraudsters creating a good pretext or a fabricated scenario that
they use to try and steal their victims’ personal information.

31
Q

What do levels of access allow us to do?

A

determine what a user can access and what
they can do, such as:
• Types of software
• Email
• Internet access
• Documents and data
• Ability to install and/or remove software

32
Q

What is the purpose of a router?

A

A client requests files and services from a server which responds to requests.

33
Q

How is encrypted data deciphered?

A

encryption key

34
Q

Name some prevention methods of malware

A

 Use anti-virus or anti malware software to identify and remove suspected malware
 Scan email attachments
 Keep software up to date and download security patches
 Use a firewall and keep it up to date
 Look out for common phishing language e.g. “verify your account”

35
Q

Name prevention methods of attacks like brute force or DOS or Data interception or SQL injection

A

 Use two-factor authentication (2FA), e.g. unique code
 Distribute data servers so that it is harder for attackers to attack
 Use anti-DDoS software to prevent attacks
 Use a Virtual Private Network (VPN) to encrypt data
Use secure SQL statements that anticipate attacks

36
Q

What are the effects of malware?

A
  1. Computer may crash or slow down
  2. When a worm infects a computer, the internet connection may become slow as the worm searches online for other computers to infect.
  3. Files may be deleted, become corrupt or encrypted.
37
Q

How can you prevent malware?

A
  1. Strong security software (firewall, anti-virus, anti-spyware, anti-spam).
  2. Staff training: caution opening attachments.
  3. Back up files regularly.
38
Q

What are the effects of phishing?

A

1) Accessing a victim’s account and withdraw money

2) Gaining access high-value corporate data.

39
Q

How can you prevent phishing?

A

1) Strong security software (firewall, anti-virus, anti-spam).
2) Staff training: awareness of spotting fake websites & emails.
3) Staff training: never disclose personal or financial information.

40
Q

What are the effects of SQL injection?

A

1) Contents of the database can be output, revealing data that otherwise would be hidden.
2) Data in the database can be amended and deleted.
3) New rogue records can be added.

41
Q

Whats the main difference between a worm and a virus?

A

worms dont need to attach to a program

42
Q

What does SQL injection result in access to…

A

databases which means attacker can manipulate data

43
Q

What is network forensics?

A

a close examination of data sent across networks i.e packet sniffing software