1.4 Network Security (1.4.1 And 1.4.2) Flashcards
1
Q
Forms of attack
A
- malware
- social engineering
- brute force attack
- denial of service attacks
- data interception and theft
- SQL injection
2
Q
Malware and types of it
A
- executable programs that run on a computer
- e.g. computer virus, worm, Trojan horse and ransomware
3
Q
Computer viruses and worms
A
- viruses infect computers, replicate their code in other programs, infect other computers, and harm the computer by deleting, corrupting or modifying files
- worms replicate themselves in order to spread to other computers, they slow down networks and computers
4
Q
Trojan horses
A
- they have a program, game or cracked file which is something the user wants
- they have negative program code which causes damage, takes control or provides access to the computer
5
Q
Ransomware
A
- software which holds a computer hostage by locking or encrypting access to it
- if the data is encrypted, it won’t be able to be recovered unless backups are available
- once a ransom is paid to the attacker, access is restored
6
Q
Social engineering
A
- ability to obtain confidential information by asking people for it
- e.g. shoulder surfing, phishing
7
Q
Shoulder surfing
A
- ability to get information or passwords by observing as someone types them in
- either by looking over someone’s shoulder or using a CCTV camera
8
Q
Phishing
A
- emails, texts or phone calls sent to users commonly pretending to be from a bank or website
- messages will try to get personal information like: usernames, passwords, credit card details
9
Q
Brute force attacks
A
- a hacker tries every combination of password until the correct one is found
- this is done using a computer program
10
Q
Denial of service attacks
A
- a hacker infects a computer so that it sends as many requests to the server as it can
- the server then can’t respond fast enough so it slows or goes offline
11
Q
Data interception and theft
A
- allows the attacker to intercept communications between the user and the server
- the attacker can then:
- eavesdrop to find passwords and personal information
- add different information to a web page or other communications such as email
12
Q
SQL Injection
A
- it’s a database of query language
- takes advantage of web input forms to access or destroy data
- SQL commands can be input into web forms instead of the expected ‘real’ data
- this can be interpreted by vulnerable web applications and end up causing damage or releasing personal information
13
Q
Methods to prevent vulnerabilities
A
- penetration testing
- anti-malware software
- firewalls
- user access levels
- passwords
- encryption
- physical security
14
Q
penetration testing
A
- deliberately trying to find holes in your own system
goal is to:
- identify the targets of potential attacks
- identify possible entry points
15
Q
anti-malware software
A
- detects malware such as viruses, worms, trojans and spyware
- when a virus or new malware is detected it is sent to the anti-virus company
- they verify it is malware then create a signature of the virus
- they then add it to their virus database and tell computers to run an update
- viruses can morph, makes it harder to create a signature
- anti-malware software must be running at all times and has to be up to date
