1.4 Network Security Flashcards
Define malware
Malware is installed on someone’s device without their knowledge. Malware includes spyware, ransomware, worms, Trojan horses and viruses.
Define social engineering
Social engineering is a way of gaining sensitive information or illegal access to networks by influencing people e.g employees in large companies.
Define brute force
Brute force attacks use automated software to produce hundreds of username and password combinations. Trial and error is used to access a system. A dictionary attack is a form of brute force attack where words from the dictionary are tried first.
Define Denial of Service
DoS attacks involve flooding a server with fake requests. This makes the website or network extremely slow and inaccessible to legitimate users. A DoS attack is malicious and prevents the website from being accessible. This could be to silence a website that the user disagrees with or to gain money. It can be used to hide another malicious attack.
Define data interception
A ‘man in the middle’ or ‘passive’ attack involves someone monitoring data on the network and capturing any sensitive or personal data they see.
Define SQL injection
Structured Query Language is one of the main coding languages used to access databases. sQL code is typed into a websites input box, revealing personal data. If the attack is successful, data can be exposed, altered or deleted.
Define penetration testing
Organisations employ specialists to identify possible weaknesses in the networks security.
Define anti-malware
Anti-malware is designed to find and stop malware from damaging a network and devices on it. Anti-virus is a type of anti-malware.
Define firewall
Firewalls examine all data entering and leaving the network and block any potential threats.
Define user access levels
User access levels control which part of the network different groups of users can access. This limits the number of people with access to important data.
Define passwords
Passwords help prevent unauthorised users from accessing the network. Passwords should be strong and changed regularly.
Define encryption
Encryption is when data is translated into code which only someone with the correct key can access. Also known as cipher text.
Define physical security
Physical security protects the network from intentional or unintentional damage e.g fire, flood. E.g locks, motion sensors, cameras etc
Define DDoS attack
A large number of computers are used to carry out the attack. This is more effective because it generates more traffic.
Define viruses
Malicious software designed to cause harm to a network or computer system. Attaches itself to programs or files on a computer or server.
Define worms
Replicates itself in order to spread to other computers, often using a computer network. A worm exploits vulnerabilities across the network.
Define Trojan horse
Malicious computer program designed to access a computer by misleading users of its intent.
Define phishing
Form of social engineering designed to acquire sensitive information through email etc.
What is a white hat hacker?
Someone who has permission and is authorised to act as a penetration tester.
What is a grey hat hacker?
Someone who may not have permission, and may break the law during their testing but they don’t have malicious intent. They inform organisations of vulnerabilities often for a fee.
What is a black hat hacker?
Someone without permission with malicious intent. These are the people penetration testers are trying to stop.
Define biometric security
Retina scan, fingerprint, voice, facial recognition
What are secure passwords?
12 characters or more
Mixture of capital and lower case letters, numbers and symbols
Password encryption
Password reset once a month
Two factor authentication
