1.4 Flashcards

1
Q

What is malware?

A
  • Software designed with malicious intent
  • May disrupt, damage or gain unauthorised access
  • To commit crimes such as fraud and identity theft
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which 2 forms of attack are examples of social engineering?

A
  • Targeting weak people
  • Phishing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is weak people?

A
  • Attempting to gain access by targeting people using the system rather than the technical aspects
  • People are often the weakest security point in a computer system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is phishing?

A
  • Disguising as a trustworthy entity in emails
  • To trick the user to reveal personal information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a brute force attack?

A
  • Trial and error method to guess a password or a pin
  • Attempting every possible solution until the correct one is found
  • Automated software which generates a large number of consecutive guesses (not using intellectual strategy)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a denial of service attack?

A
  • Flooding a server with useless traffic that it cannot handle
  • Causes the server to become overloaded and unavailable to respond to actual client requests
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is data interception and theft?

A
  • Unauthorised act of stealing computer-based information
  • Attempting to access data whilst it is being transferred between devices over a network
  • Intent of compromising sensitive information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is SQL injection?

A
  • Entering SQL code into a data input field on a website or database
  • The code could run directly on the database, allowing the hacker to access/change/delete data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What threats do malware pose?

A
  • Files are deleted, become corrupt or encrypted
  • Internet connection becomes slow
  • Keyboard inputs are logged and sent to hackers
  • Computers crash, reboot randomly
  • If client becomes infected with malware, it easily spreads across servers, which could affect the whole network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What threats do phishing pose?

A
  • Accessing a victim’s account to withdraw money or make purchases
  • Open bank accounts, credit cards
  • Gain access to high value corporate data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What threats do brute force attacks pose?

A
  • Theft of data
  • Access to corporate systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What threats do DoS pose?

A
  • Loss of access to service for customers
  • Lost revenue
  • Lower productivity
  • Damage to reputation (customers become victims of a data breach)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What threats do data inception and theft pose?

A
  • Usernames and passwords compromised, allowing unauthorised access to systems
  • Disclosure of corporate data
  • Theft of data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What threats do SQL injection pose?

A
  • Contents of database could be output, sensitive data could be revealed
  • Data in the database can be amended or deleted
  • New rogue records can be added to the database
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why are people a weak point?

A
  • Carelessness = network vulnerabilities
  • Not installing OS updates
  • Not keeping anti-malware up to date
  • Not locking doors
  • Not logging off/locking computers
  • Leaving printouts on desks
  • Writing passwords down on sticky notes and attached to computers
  • Sharing passwords
  • Losing memory sticks/laptops
  • Not applying security to wireless networks
  • Not encrypting data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can you protect against malware?

A
  • Strong security software (firewall, spam filter, anti-virus, anti-spyware)
  • Enabling software updates
  • Staff training (cautious of opening attachments/downloading things)
  • Backup files onto removable media (secondary storage)
  • Avoid clicking on suspicious links
17
Q

How can people not be weak?

A
  • User training
  • Strong passwords
  • Two-factor authentication
18
Q

How can you protect against phishing?

A
  • Recognise suspicious emails
  • Avoid clicking links or attachments in untrusted emails
  • Verify the legitimacy of requests by contacting organisations
19
Q

How can you protect against brute force attack?

A
  • Strong passwords
  • Limit login attempts
  • Two-factor authentication
20
Q

How can you protect against DoS attack?

A
  • Continuous analysis of network traffic
  • Firewalls
21
Q

How can you protect against data interception and theft?

A
  • Encryption
  • Staff training (passwords, locking computers, logging off, using portable media)
  • Investigating own network vulnerabilities (penetration testing)
22
Q

How can you protect against SQL injection?

A
  • Validation on input boxes
  • Setting database permissions
  • Penetration testing
23
Q

What is penetration testing?

A
  • Authorised hacking attempt
  • Aim is to find errors in the system and report them to the system’s owner
  • Allows security flaws to be fixed before the real hackers take advantage of them
24
Q

What is anti-malware software?

A
  • Attempts to detect, prevent and remove malware on a computer system
25
Q

What are firewalls?

A
  • Network security device
  • Checks traffic passing through it against a set of rules
  • Prevents traffic from unauthorised devices/use of protocols from passing through
26
Q

What are user access levels?

A
  • Controls which aspects of a system users can access
  • Only allowed to access parts they need
  • Prevention of accessing sensitive data/parts of the system deliberately/accidentally
27
Q

What are passwords?

A
  • Secret word or phrase provided along a username to control access a system
28
Q

What is encryption?

A
  • Scrambling data into cipher text so that it cannot be read/understood without first being decrpted
29
Q

What is physical security?

A
  • Securing the physical components of a system
  • e.g. locking doors of server/computer rooms
30
Q

What are viruses?

A
  • Piece of code that inserts itself into an application and executes when the app is run
  • Can steal sensitive data or launch DoS attacks or conduct ransomware attacks
31
Q

What are worms?

A
  • Targets vulnerabilities in operating systems to install themselves into networks
  • Spreads through network through replication
  • Can steal sensitive data or launch DoS attacks or conduct ransomware attacks
32
Q

What are trojans?

A
  • Disguised as desirable code
  • Once downloaded, can take control of systems for malicious purposes
  • Can be hidden in games, apps, email attachments
33
Q

What is spyware?

A
  • Collects user activity data without consent
  • Includes passwords, pins, payment information
34
Q

What is ransomware?

A
  • Uses encryption to disable a target’s access to its data until a ransom is paid
35
Q

What is adware?

A
  • Tracks a user’s activity to determine which ads to display
  • Erosion of user privacy: can create a profile of a certain person including who their friends are, their purchase history, where they have travelled, information can be shared or sold to advertisers
  • Displays unwanted advertisements as a result
36
Q

What is a keylogger?

A
  • Monitors users’ keystrokes
  • Allows keyloggers to steal passwords, banking information
  • Inserted through phishing, social engineering, downloads