1.4 – Network security Flashcards
What’re the different threats posed for networks?
- Malware
- Phishing
- Brute Force
- Denial of Service
- Data interception & theft
- SQL Injection
- People/Social Engineering
What is Malware?
Software written to cause loss of data, encryption of data, fraud and identity theft , eg viruses, spyware
What happens during a Malware attack?
- Files are deleted, corrupted or encrypted
- Computers crash, reboot randomly and slow down
- Internet slows down
- Keyboard inputs sent to hackers
What is a Phishing attack?
Sending fraud emails (pretending to be companies/people) to get personal information
What happens during a Phishing attack?
- Accessing accounts to get money
- Open bank accounts, credit cards & cash false cheques
- Access high value corporate data
- Cause companies to be blacklisted
What is a Brute Force attack?
A trial and error method of getting passwords/pin numbers
What happens during a Brute Force attack?
- Hackers steal data
- Gains access to corporate systems
What is a Denial of Service attack?
Flooding a server with useless traffic, overloading it
What happens during a DOS attack?
- Block customers accessing services
- Loose revenue
- Decrease productivity
- Damage reputation
What is a Data Interception & Theft attack?
Stealing computer-based info from someone, compromising privacy/getting personal info
What happens during a Data Interception & Theft attack?
- Usernames & passwords compromised
- Leaking & stealing data
What is an SQL Injection?
A technique to view/change data by adding extra code into an input box
What happens during an SQL Injection?
- Contents of databases leaked
- Data in databases amended/deleted
- New fake records added to databases
What is Social Engineering?
The use of deception to manipulate individuals into divulging confidential or personal information
How can people pose a threat to networks?
by NOT doing the following:
- Installing updates
- Locking doors to computer rooms
- Keeping anti-malware updated
//
- Writing passwords on sticky notes, weak passwords
- Not encrypting data
What are the common methods of preventing attacks?
- Penetration testing
- Anti-Malware software
- Firewalls
- User Access Levels
- Passwords
- Encryption
- Physical Security
What can prevent Malware attacks?
- Enabling OS & security software updates
- Staff training
- Backup files regularly
& Softwares such as: - Firewall , Spam Filters , Anti-Virus/Spyware/Spam
What is anti-malware software?
Software that protects computing devices against malicious code
What is a Firewall?
Used in a network to prevent external users gaining unauthorised access to a computer system / network
What can prevent Phishing attacks?
- Strong security software
- Staff training : Awareness of fake emails, pop-ups & not leaking personal/corporate info
What can prevent Brute Force attacks?
- Network lockout policy: locking after 3 password attempts
- Progressive delays
- Staff training: Strong passwords
- Challenge responses , recaptcha (bot response)
What can prevent Denial of Service attacks?
- Strong firewall
- Packet filters on routers
- Configuring web servers
- Auditing, logging & monitoring systems
What can prevent Data Interception & Theft?
- Encryption
- Use of virtual networks
- Staff training: Passwords, locking computers, use of portable media
- Investigating own network vulnerability
What can prevent an SQL Injection?
- Validation on input boxes
- Using parameter queries
- Setting database permissions
- Penetration testing
What is Penetration testing?
Testing designed to check the security and vulnerabilities of a system
What is Physical Security?
Any form of real world physical security to help protect data and systems
What are User Access Levels?
The amount of access a user is allowed to a computer system
