1.4 Flashcards
What is a passive attack
Someone intercepts data travelling along a network
Use network monitoring hardware so hard to detect
Protect by encryption
Active attack
Someone attacks network with malware
Easy detected
Protect with firewall
Insider attack
Someone within organisation exploits network access to steal information
Brute force attack
Active attack to gain information
Crack passwords through trial and error with automated software
Prevent by locking accounts after lots of failed attempts and strong passwords
Denial of service attack
Hacker stops users accessing part of network
Making network slow, flooding with useless traffic
Malware
Installed on someone’s device without their knowledge/consent
Malicious software
What are the actions of malware
Spyware, scareware, deletes/modify files, locking files, ransomware
How does malware get onto a device
Virus - attach to a certain file and activated by opening a file
Worms - self replicate without users help so spread quickly
Trojans - malware disguised as legitimate software, users install them without realising the hidden purpose, replicates by it self
MAC address
Can’t be changed
Every device has one
6 hexadecimal numbers separated by dashes
Used by switch
Ip address
Used by routers over networks
IPv4 - 4 denary numbers up to 255 separated by dots
IPv6 - 8 hexadecimal numbers separated by colons
Social engineering
Way to get sensitive information/illegal access to networks by influencing people (employees)
How does telephones make people weak points
Simeon calls pretending to be someone else in company and persuades to get confidential information
Phishing
Criminals send emails pretending to be someone containing links to spoof websites that ask to enter passwords so they can access the genuine account
Sent to thousands of people
Anti-phishing
Spot poor grammar
Emails asking to update personal info taken with caution
SQL injections
Coding language used to access information in data bases
SQL typed into input box which reveals sensitive info
If SQL code is insecure - hackers easily get past firewall
Penetration testing
Organisations employ specialists to hack the network
Identifies weaknesses in networks security and is reported back
Physical security
Protects physical parts
Locks and passwords restrict access to certain areas
Surveillance equipment deters criminals
Passwords
Prevent unauthorised users from network
Strong passwords - many characters, numbers, letters, symbols
Change regularly
User access levels
Control which parts of network people can access
Limits number of people with access to important data - prevents insider attacks
Anti - malware
Find/stop malware damaging network
Antivirus programs - isolate/destroy viruses
Firewalls - block unauthorised access by examining all data entering and leaving to block potential threats
Encryption
Data scrambled which only people with the correct key can access
Cipher text - encrypted
Plain text - decrypted
To send data over networks securely
