1.4 Network Security Flashcards
ways to spot a phishing email
- Poor spelling and grammar.
- The message asks for personal information.
- Generic greeting/impersonal
- You didn’t initiate any action to cause the email.
- sense of urgency in the information
what is malware
software written to infect computers and commit crimes like fraud and identity theft
what is phishing
designed to get you to give away personal information using emails purporting to be reputable companies
what is a brute force attack
a trial and error method to decode encrypted data such as passwords and keys carries carried out by programs
what is a denial of service attack
involves flooding a server with useless traffic causing it to overload and become unavailable
what is data interception and theft
an attacker monitors data streams to and from a target to gather sensitive information
what is an SQL injection
a code injection technique used to attack data driven applications
what does it mean when people are the weak point of a network
when system vulnerabilities are caused by people being careless
what is the purpose of a malware attack
- to delete, corrupt, or encrypt files
- computers can crash, spontaneously reboot or slow down
- keyboard inputs can be logged and sent to hackers
internet connections can become slow (due to worms) - malware can pass from the computer to the server it is connected to, to all the other clients also connected, and spread very quickly
what is the purpose of a phishing attack
- gain access to high value corporate information
- access a victim’s bank account ot withdraw money
- open new bank accounts and cards in victim’s name
- cash illegitimate cheques
- financial services can blacklist the company (damage to reputation)
what is the purpose of a brute force attack
- theft of data
- access to corporate systems
what is the purpose of a denial of service attack
- loss of access to a service for customers
- lost revenue
- lower productivity
- damaged reputation
- average cost of downtime = over £4000/min
what is the purpose of data interception and theft
- disclosure of corporate data
- theft of data
- usernames and passwords compromised allowing unauthorised access to systems
what is the purpose of an SQL injection
- data in the database can be amended or deleted
- contents of database output, revealing private data
- new rogue records can be added to the database
what are examples of when people can be a weak point of a system
- sharing passwords
- losing memory sticks/laptops
- not installing systems updates
- not logging off/locking computer
- not encrypting data
- not applying security to wireless networks
- not keeping anti-malware up to date
what are 7 common prevention methods
- penetration testing
- anti-malware software
- firewalls
- user access levels
- passwords
- encryption
- physical security
how do you limit threats posed from a malware attack
- strong security software (firewall, spam filter, anti-virus, anti-spyware)
- enabling operating system and security software updates
- training staff to recognise suspicious emails and links
- backup files regularly onto removable media
how do you limit threats posed from a phishing attack
- strong security software
Training staff to: - disable browser pop-ups
- not disclose personal or corporate information
- be aware of spotting fake emails and websites
what do we mean by strong security software
firewall, spam filter, anti-virus, anti-spyware
how do you limit the threats posed from a brute force attack
- use a network lockout policy (locks after 3 password attempts)
- use progressive delays (wait times to retry passowords)
- staff training: using effective passwords with symbols etc
- using challenge and response eg “i am not a robot or reCAPTCHA
how do you limit the threats posed by a denial of service attack
- strong firewall
- packet filters on routers
- configuring the web server
- auditing, logging and monitoring of systems
what is configuration of a web server
spotting when attacks are taking place and then preventing them from reaching the server
how do you limit the threats posed by data interception and theft
- encryption
- using virtual networks
- staff training: logging off and locking computers/offices & use of passwords and portable media
- investigating your own network vulnerabilities
how do you limit threats posed by SQL injection
- validation on input boxes (eg. looking for code that would not be relevant in that box)
- using parameter queries
- penetration testing
- setting database permissions (not all users can perform all actions on a database)
what is penetration testing
aims to identify weaknesses in a system using a hacker to attempt to break in
what does anti-malware software do
- prevents harmful programs from being installed on the computer
- prevents important files such as the operating system from being changed or deleted
- if virus does manage to install itself, the software will detect it when it performs regular scans
how does anti-malware software help to prevent attacks
They detect and remove types of malware and prevent viruses
It does this by looking through its database of virus signatures and looks out for typical virus behaviour.
what is a firewall
A firewall sets the rules for how data packets can enter or leave the network.
it can block certain IP addresses and block computers on a network from accessing specific sites or categories of sites on a network
what three things are common security criteria of a firewall
- where the access is from (the computer’s address)
- the type of traffic (eg .exe files which may carry viruses)
- specific web site addresses
how do user access levels help to prevent attacks
user access rights define groups and allocate specific permissions to those groups
this level of control ensures that people only have access to areas they have the authority to use and if there is a virus or malware then it is limited to the areas the user has access to
how do passwords help to prevent attacks
it is the easiest way to stop unauthorised access to your computer
how does encryption help to prevent attacks
Encryption changes the data before it is transmitted so it can only be deciphered by someone with the appropriate key. to anyone intercepting the message it would be unintelligible
why do we need encryption
There are devices that can read network transmissions just by scanning transmissions without leaving any evidence
how does physical security help to prevent attacks
it simply makes it difficult for unauthorised people getting access to the server or computers
