Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Computer Science OCR > 1.4 Network Security > Flashcards

1.4 Network Security Flashcards

You may prefer our related Brainscape-certified flashcards:
Biology 101 flashcards
1
Q

What is Malware

What are examples of malware

A

Malware is software written to infect computers and commit crimes. They exploit vulnerabilities in operating systems and browsers.

They do this for FRAUD or IDENTITY THEFT.
Malware is an umbrella term which covers:
-viruses
-trojans
-worms
-ransomware
-spyware
-adware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Viruses

A

Viruses are Programs embedded (hidden) within other files. They replicate themselves and become part of other programs. Viruses often cause damage by deleting or modifying data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Trojans

A

Trojans are Programs which pretend to be legitimate but in reality are malware. They are often disguised as email attachments. Trojans cannot spread by themselves - instead they deceive a user into installing the program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Worms

A

Programs similar to viruses except that they are not hidden within other files. Worms often spread through emails.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Ransomware

A

Ransomware are Programs that attempt to blackmail a user into making a payment to a hacker. Some types of ransomware do little but try to scare users into paying, while others go further - they encrypt documents and will not decrypt them until a ransom is paid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Spyware

A

Spyware are Programs that monitor user activities and send the information back to a hacker.

e.g. key logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Adware

A

advertising-supported malware AKA Adware is a term used to describe unwanted software that displays advertisements on your device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Phishing

A

Phishing is an online fraud social engineering technique used by criminals used to entice consumers to disclose personal information by pretending to be a trusted entity. Used through email and websites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Brute Force Attack

A

A trial and error method used to decode encrypted data such as passwords and keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Denial of Service

A

Overloading a server with useless traffic causing the server to crash. DDOS is a type of attack where multiple compromised systems(zombies) are infected with trojan horse which is then used to attack a single system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data interception and theft

A

An attacker monitors a data stream to or from a target in order to gather sensistive information.

It uses a technique called “Sniffing” or “Evesdropping”

They can find out unencrypted passwords or Configure information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SQL injection

A

SQL injection

This is a code injection technique used to attack data-driven applicaiton. It is able to view or change data in a data-base by inserting code into a text box.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why is malware a problem

A
  • Files may be deleted, corrupt or are encrypted
  • The computers may crash, reboot and slow down
  • Internet connections may become slow
  • Keyboard inputs are logged and sent to hackers
  • If a client is infected then it can easily be passed to the server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Phising - This poses a threat as:

A

Phising poses a threat as:

  • Access to bank accounts and credit cards.
  • access to high value data
  • Damage to brand reputation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Brute Force Attack - This poses a threat as:

A
  • *- Theft of data
  • Access to systems**
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Denial of Service attack - This poses a threat as:

A
  • Loss of access for customers
  • Loss of Revenue
  • Lower Productivity
  • Loss of Reputation
17
Q

Data interception and theft - This poses a threat as:

A
  • Usernames and Password can be compromised
  • Disclosre of corporate data
  • Data theft
18
Q

SQL Injection - This poses a threat as:

A
  • Private Data can be leaked personal or financial information
  • Data can be altered or deleted
  • New rogue records can be added to the data base
19
Q

How do people make their computer or network insecure?

A
  • Not updating OS, anti-malware
  • Not locking doors to physical locations
  • Sharing & Writing passwords and sticking it to a computer
  • Losing memory sticks
  • Not applying security to wireless networks
  • Not encrypting data
  • Not logging off
20
Q

How do you prevent malware?

A
  • Enabling OS and Security software updates
  • Training Staff from Opening suspicious emails
  • Regular data backup
  • Strong security software:
  • Firewall
  • Spam filter
  • Anti-virus
  • Anti-spyware
  • Anti-spam
21
Q

Preventing Phising

A
  • Strong security softwaresss
  • Staff training: awareness of fake emails and websites
  • Staff training: Not disclosing personal or corporate information
  • Staff training: Disabling popups
22
Q

PReventing Brute Force Attack

A
  • Lockout Policy: Locks after 3 password attempts
  • Using progressive delays
  • Staff Training to use effective passowords
23
Q

Preventing Denial of Service

A

Preventing Denial of Service

  • *- Strong firewall**
  • Packet filters on firewall
  • Configuring web servers
  • Network should be monitored
24
Q

Preventing Data Interception

A
  • Encryption
  • Using Virtual Networks
  • Staff training: use for passwords, locking computers, logging off and use of portable media
  • Investigating own network for vulnerabilities
25
Q

Preventing SQL Injection

VUSP

A

To prevent SQL:

  • Input Validation
  • Using parameters queries
  • Setting database permissions
  • Penentration testing

VUSP

26
Q

Preventing malware

A
  • Penetration Testing
  • Anti-Malware software
  • Firewalls
  • User access levels
  • Strong Passwords
  • Encryption
  • Physical Security
  • Validation on input boxes
  • Using parameters queries
  • Setting database permissions
  • Penentration testing
27
Q

How can networks be compromised?

A

Networks can be hacked using a variety of techniques. These include:

  • malware
  • phishing
  • brute force
  • denial of service
  • data interception and theft
  • structured query language injection
  • poor network policy
  • people
28
Q

What do poor network policies not have?

A

Poor network policies tend not to have:

  • Access Levels
  • Rules preventing the connection of external devices
  • regulation regarding secure passwords
  • govern what websites can and cannot be visited
  • backup procedure
  • A regular maintenance programme that is followed
29
Q

What are penetration testing and network forensics?

A

Penetration testing

The purpose of penetration testing is to determine how resilient a network is against an attack. It involves authorised users (sometimes an external party or organisation) who probe the network for potential weaknesses and attempt to exploit them. Software that enables network managers to test the resilience of networks themselves is also available.

Network forensics

Network forensics involves monitoring the traffic on a network. At regular intervals transmitted data packets are copied. The copy and information about the packet are then stored for later analysis. This is usually processed in batches. The information gathered can help identify invasive traffic (from hackers) or to determine where data is being sent.

30
Q

What do network policies ensure?

A

Network policies

A network manager should have an acceptable use policy which ensures:

  • Secure passwords which are regularly changed
  • Users cannot connect unauthorised equipment to the network
  • Access Levels
  • A regular backup procedure is in place
  • A disaster recovery procedure exists in case of data loss
  • Regular penetration testing and forensic analysis
  • Regular maintenance including applying OS, Software & security updates
  • NO physical access to servers
  • Maintaining a high level of security with up-to-date anti-virus software and firewalls
31
Q

What are User access levels?

A

User access levels

Access levels determine the facilities a user has access to, such as:

  • software
  • email
  • internet access
  • documents and data
  • the ability to install and/or remove software
  • the ability to maintain other users’ accounts

A network manager should make sure users can only access the facilities they need. For example, an office worker might need access to productivity software, email and the internet, but not to install software or access other users’ accounts. Restriction limits the actions a user can take, thereby reducing the potential of threats.

32
Q

What are firewalls?

A

Firewalls

A firewall is a tool that monitors traffic going into and out of a computer or network, and either allows the traffic to pass through or blocks it.

The decision to allow or block is based on rules, known as the firewall policy. For example, some programs, such as email clients and web browsers have legitimate cause to send a transmission. These programs are known and the firewall policy allows their communications. However, any transmissions that are not sent from or to known - and allowed - sources are blocked.

Firewalls can be hardware-based or software-based. Hardware firewalls tend to be more expensive, but are more effective.

33
Q

What should organisations do to regularly stop security threats?

A
34
Q

How can phishing take place at a business

A
  • Staff respond to fake email, link, website, popup or
  • Staff respond to spam
  • Staff respond to software fake instant messages

Staff respond to social media messages, ‘likes’, etc.

35
Q

What are problems to a business if phishing takes place?

A
  • Acquisition of user names and passwords
  • Acquisition of financial details/credit card details
  • Identity theft
  • Data theft
  • Staff disclose personal/confidential data
  • Financial data theft
36
Q

What are Reasons for people committing DDOS

A
  • Protest/hacktivism
  • Cyber vandalism
  • Distraction technique
  • Espionage – commercial, industrial. political
  • Can lead to malware/data theft if part of a distraction technique
  • If a distributed denial of service attack can lead to computer/network control
  • Extortion
  • Competition between companies
  • Make a website unavailable
  • Interrupt an organisation’s work
  • Suspend an organisation’s work
  • Block user requests
37
Q

What are Advantages of using a firewall

A
  • Controls network traffic/allows data from authorised source while blocking data from unauthorised sources
  • Protects against attackers
  • Offers different protection levels
  • Protects privacy
  • Provides warnings
  • Filters advertisements/popups
  • Filters web content
38
Q

What are physical ways of protecting a network?

A
  • Door locks
  • Window locks or bars
  • Intruder alarm systems
  • CCTV systems
  • Laptop locks (e.g. Kensington locks)
  • Security guards

Computer Science OCR (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions