1.4 Network security Flashcards
Forms of attack
-Malware
-Phishing
-Brute-force attack
-Denial of service attack
-Data interception and theft
-SQL interjection
Malware
Any type of harmful program that seeks to damage or gain unauthorized access to your computer system
-e.g. viruses, trojans, ransomware, spyware, adware
Method of prevention - Malware
-strong security software - firewall, antivirus, antispyware, antispam
-enabling security software updates
-backup files regularly onto removable data
Phishing
-The fraudulent practice of sending emails pretending to be from reputable companies in order to trick individuals in revealing personal information
-e.g. usernames, passwords, credit card details
-e.g. an e-mail has a link that when clicked directs the users to a fake website that collects personal data
Method of prevention - phishing
-Network policies
-staff training: awareness of spotting fake emails and websites, not disclosing personal or corporate information, disabling browser pop-ups
Brute force attack
-A trail and error method of attempting passwords and pin numbers. Automated software is used to generate a large number of consecutive guesses
Method of prevention - brute force attack
-network lockout policy - lock accounts after 3 passwords
-staff training: using effective passwords with symbols, letters, numbers, mixed case
-challenge response ‘I am not a robot’ - reCAPTCHA
Denial of service attack
Flooding a server with useless traffic causing the server to become overloaded and unavailable
Method of prevention - DOS attack
-strong firewall
-packet filters on routers
-auditing, logging, monitoring systems
Data interception
When data packets on a network are intercepted by a third party and copied to a different location that the intended destination
-e.g. monitoring traffic on the network to pick out encrypted passwords, configuration information
Method of prevention - data interception
-encryption
-staff training: use of passwords, locking computers, logging off
SQL injection
When a malicious SQL query is entered into a data input box on a website to trick it into giving unauthorized access to its database
Method of prevention - SQL injection
-validation on input boxes
-using parameters queries
-setting database permissions
-penetration testing
Methods of physical security
-lock used to prevent access to server rooms
-biometric devices the require the input of human characteristics (fingerprint)
-CCTV cameras
-keycards
-alarms
Penetration testing
Ethical hacking to find any risks or weaknesses and fix them
-internal testing by somebody within the company
-external testing - white hat hackers try to infiltrate a system from outside the company
