1.4- Network Security Flashcards
Threats posed to devices/systems by viruses
Viruses attach themselves to legitimate programs or files and replicate when the infected program or file is executed. They can corrupt or delete files and spread to other programs or devices.
Threats posed to devices/systems by worms
Worms are self-replicating programs that spread across networks without requiring user interaction. They can consume network bandwidth, degrade system performance, and open backdoors for other malware.
Threats posed to devices/systems by trojans
Trojans disguise themselves as legitimate software but contain malicious code. They can perform various harmful activities, such as stealing sensitive information, providing unauthorized access to attackers, or enabling other malware.
Threats posed to devices/systems by ransomware
Ransomware encrypts files on a system, rendering them inaccessible. Attackers then demand a ransom for the decryption key. It can lead to data loss, financial damage, and operational disruption.
Threats posed to devices/systems by spyware
Spyware secretly monitors user activities, collects sensitive information, and transmits it to third parties. It can compromise user privacy, leading to identity theft or unauthorized access to personal data.
Threats posed to devices/systems by phishing
Phishing attacks involve fraudulent attempts to obtain sensitive information, such as usernames, passwords, or financial details. Attackers often use fake emails, websites, or messages that mimic legitimate entities to trick users into providing information.
Threats posed to devices/systems by spear fishing
Similar to phishing, spear phishing targets specific individuals or organizations. Attackers personalize their messages, making them more convincing and increasing the likelihood of success.
Threats posed to devices/systems by spear pretexting
Pretexting involves creating a fabricated scenario or pretext to trick individuals into providing information or performing actions. This could include impersonating a colleague, vendor, or authority figure to gain trust
Threats posed to devices/systems by spear baiting
Baiting involves offering something enticing, such as a free software download or a USB drive labeled as important, to lure individuals into taking actions that compromise security, like installing malware or disclosing sensitive information.
Threats posed to devices/systems by unauthorised access
The primary threat of a brute force attack is gaining unauthorized access to a system, application, or account by successfully guessing the correct password or encryption key.
Threats posed to devices/systems by compromised user accounts
If an attacker successfully guesses a user’s password, they can compromise the associated account, gaining control over sensitive information, personal data, or even financial resources.
Threats posed to devices/systems by data breaches
Brute force attacks can lead to data breaches, exposing sensitive information such as personal details, financial records, or intellectual property stored on the compromised system.
Threats posed to devices/systems by identity theft
Once an attacker gains unauthorized access, they may impersonate the legitimate user, leading to identity theft. This can result in financial losses, reputation damage, or legal consequences for the victim.
Threats posed to devices/systems by service disruption
The primary goal of a DoS attack is to disrupt the normal functioning of a targeted service or system, rendering it temporarily or permanently unavailable to legitimate users.
Threats posed to devices/systems by downtime
DoS attacks can lead to extended periods of downtime, impacting the availability of critical services, websites, or online platforms. This downtime can result in financial losses and damage to the organization’s reputation.
Threats posed to devices/systems by loss of productivity
Businesses and individuals relying on online services may experience a loss of productivity during a DoS attack, as they are unable to access essential tools, applications, or resources.
Threats posed to devices/systems by financial losses
Extended service disruption or downtime can lead to financial losses for businesses, especially e-commerce platforms, which may lose revenue during the period of unavailability.
Threats posed to devices/systems by unauthorised access
Attackers may intercept sensitive data during transmission, gaining unauthorized access to confidential information, login credentials, or financial details.
Threats posed to devices/systems by data eavesdropping
Cybercriminals may eavesdrop on communication channels, intercepting unencrypted data as it travels across networks. This can lead to the compromise of sensitive information.
Threats posed to devices/systems by credential theft
Attackers may intercept login credentials, such as usernames and passwords, during data transmission. Stolen credentials can be used for unauthorized access to accounts and systems.
Threats posed to devices/systems by financial fraud
Intercepted financial data, such as credit card information or banking details, can be exploited for financial fraud, leading to unauthorized transactions and monetary losses for individuals and organizations.
Threats posed to devices/systems by data disclosure
Attackers can exploit SQL injection vulnerabilities to extract sensitive data from databases, such as usernames, passwords, and personal information.
Threats posed to devices/systems by data manipulation
Malicious SQL statements can alter, add, or delete data within the database, leading to data manipulation and potential disruptions in business operations.
Threats posed to devices/systems by bypassing authentication
SQL injection can be used to bypass authentication mechanisms, granting unauthorized access to restricted areas of a website or application.
Threats posed to devices/systems by injection of malicious code
Attackers can inject malicious SQL code that may lead to the execution of additional code on the server, potentially compromising the entire system.
Malware penetration testing approach:
Conduct regular malware detection and removal tests.
Simulate malware attacks to identify weaknesses in endpoint protection.
Test email security measures to detect and prevent malware distribution.
Assess the effectiveness of antivirus and anti-malware solutions.
Social engineering penetration testing approach
Perform phishing simulations to assess the susceptibility of employees.
Test user awareness and education programs.
Evaluate email filtering systems for detecting phishing attempts.
Assess the effectiveness of multi-factor authentication (MFA) in preventing unauthorized access.
Brute force attacks penetration testing approach
Test the strength of password policies and enforcement mechanisms.
Conduct brute-force attack simulations on login interfaces.
Assess the effectiveness of account lockout mechanisms.
Evaluate the implementation of CAPTCHA or similar mechanisms to prevent automated attacks.
Denial of service attacks penetration testing approach
Perform stress testing to identify the system’s resilience to high traffic.
Conduct simulated DoS attacks to assess the impact on network and system resources.
Evaluate the effectiveness of intrusion prevention systems (IPS) and firewalls.
Assess the capacity of web servers and network infrastructure to handle DoS attacks.
Data interception and theft penetration testing approach
Assess the security of data transmission channels (e.g., SSL/TLS protocols).
Test the effectiveness of encryption mechanisms for stored data.
Conduct simulated man-in-the-middle attacks to identify weaknesses.
Evaluate the security of authentication processes to prevent unauthorized access.
SQL injection penetration testing approach
Test web applications for SQL injection vulnerabilities.
Assess the security of input validation and sanitization mechanisms.
Verify the use of parameterized queries or prepared statements.
Evaluate the effectiveness of web application firewalls (WAFs) in detecting and preventing SQL injection.
Tackling malware using anti-malware software
Implement reputable anti-malware solutions on all endpoints.
Ensure real-time scanning for files, emails, and web traffic.
Regularly update anti-malware databases to detect the latest threats.
Configure scheduled scans to proactively identify and remove malware.
Tackling social engineering using anti-malware software
Use anti-phishing features provided by advanced anti-malware tools.
Enable email filtering to identify and block phishing emails.
Educate users on recognizing phishing attempts through awareness training.
Implement browser protection to block access to malicious websites.
Tackling brute-force engineering using anti-malware software
Select anti-malware solutions that include intrusion detection features.
Implement network intrusion prevention systems (IPS) to detect and block brute-force attempts.
Utilize tools that can identify patterns indicative of brute-force attacks.
Monitor and limit the number of failed login attempts.
Tackling denial of service attacks engineering using anti-malware software
Choose anti-malware tools that offer DDoS (Distributed Denial of Service) protection.
Implement firewalls with anti-DDoS capabilities.
Use traffic filtering solutions to block malicious traffic during an attack.
Collaborate with internet service providers (ISPs) to mitigate large-scale DDoS attacks.
Tackling data interception and theft attacks engineering using anti-malware software
Implement endpoint protection tools that include encryption features.
Choose solutions with data loss prevention (DLP) capabilities.
Enable network monitoring to detect abnormal data transfer patterns.
Utilize encryption for data in transit and at rest
Tackling sql injection and theft attacks engineering using anti-malware software
Select web application firewalls (WAFs) that can detect and prevent SQL injection attacks.
Regularly update and patch web applications to fix known vulnerabilities.
Employ anti-malware solutions that include behavioral analysis to identify unusual database activity.
Conduct regular security audits to identify and remediate SQL injection vulnerabilities.
Tackling malware using firewall configuration
Set up a stateful firewall to monitor and control incoming and outgoing network traffic based on predetermined security rules.
Implement deep packet inspection to analyze the content of network packets and identify potential malware signatures.
Enable application-layer filtering to block unauthorized or suspicious applications and protocols.
Tackling social engineering using firewall settings
Configure web filtering on the firewall to block access to known phishing websites.
Implement DNS filtering to prevent access to malicious domains associated with phishing campaigns.
Utilize intrusion prevention systems (IPS) within the firewall to detect and block phishing attempts.
Tackling brute force attacks using firewall rules
Implement rate limiting on the firewall to restrict the number of login attempts within a specified timeframe.
Configure firewall rules to block IP addresses exhibiting suspicious behavior indicative of brute-force attacks.
Use firewalls with built-in intrusion detection and prevention capabilities to identify and block brute-force attempts.
Tackling denial of service attacks using firewall protections
Employ firewalls with DDoS protection capabilities to detect and mitigate large-scale attacks.
Configure firewall settings to limit the number of concurrent connections from a single source to prevent resource exhaustion.
Use load balancing in front of multiple servers to distribute traffic and withstand DDoS attacks.
Tackling data interception and theft using firewall security
Implement encryption protocols such as SSL/TLS to protect data during transmission.
Configure firewall rules to monitor and control data transfers, blocking any suspicious or unauthorized activities.
Utilize next-generation firewalls (NGFW) with advanced threat detection features to identify and block data exfiltration attempts.
Tackling sql injection using web application firewalls
Deploy a WAF to protect web applications from SQL injection attacks.
Configure the WAF to inspect and filter HTTP traffic for malicious SQL injection patterns.
Regularly update the WAF’s signature database to stay protected against evolving SQL injection techniques.
Tackling malware using user access levels
Assign users the least privileges necessary to perform their tasks (principle of least privilege).
Users with limited access have reduced chances of unintentionally executing or spreading malware.
Tackling social engineering using user access levels
Educate users about social engineering tactics, especially phishing.
Limit access to sensitive information and systems based on job roles to reduce the risk of falling victim to phishing attacks.
Tackling brute force attacks using user access levels
Implement account lockout policies after a certain number of failed login attempts.
Users with limited access won’t have the ability to perform extensive brute-force attacks.
Tackling denial of service attacks using user access levels
Set up rate-limiting mechanisms for user access to prevent malicious users from overwhelming resources.
Users with restricted access won’t be able to generate a high volume of requests.
Tackling data interception and theft using user access levels
Enforce data encryption for users accessing sensitive information.
Users with lower access levels won’t have access to critical data, reducing the risk of interception or theft.
Tackling sql injection using user access levels
Assign users access to databases based on their specific needs.
Users with limited database access won’t have the opportunity to perform SQL injection attacks
Tackling malware using passwords
Implement strong password policies requiring a combination of uppercase and lowercase letters, numbers, and special characters.
Regularly enforce password changes to reduce the likelihood of malware obtaining and using compromised credentials.
Tackling social engineering using passwords
Train users to create strong passwords and recognize phishing attempts.
Encourage the use of unique passwords for different accounts to prevent a single compromised credential from affecting multiple systems.
Tackling brute force attacks using passwords
Implement account lockout policies to lock user accounts after a certain number of failed login attempts.
Use complex passwords to increase the difficulty of successful brute-force attacks.
Tackling denial of service attacks using passwords
Restrict access to critical systems or services with strong passwords.
Utilize secure login mechanisms to prevent unauthorized individuals from gaining control and initiating denial of service attacks.
Tackling data interception and theft using passwords
Encrypt stored passwords using strong encryption algorithms.
Avoid storing plain-text passwords to reduce the risk of data interception and unauthorized access.
Tackling sql injection using passwords
Use strong passwords for database access credentials.
Regularly rotate and update database passwords to minimize the impact of potential SQL injection attacks
Tackling malware using encryption
Use encrypted communication channels (e.g., HTTPS) to protect data transmitted over networks.
Employ email encryption to secure sensitive information shared through emails.
Tackling social engineering using encryption
Implement end-to-end encryption for email communication to ensure that even if intercepted, the content remains confidential.
Encrypt sensitive documents and attachments shared via email.
Tackling brute force attacks using encryption
Store passwords using strong encryption algorithms (e.g., bcrypt, scrypt) to protect them from being easily decrypted in the event of a breach.
Encrypt password databases to add an additional layer of security.
Tackling denial of service attacks using encryption
Implement encryption protocols to protect network traffic.
Use Virtual Private Networks (VPNs) to encrypt communication between different network components.
Tackling data interception and theft using encryption
Apply end-to-end encryption to sensitive data, ensuring that it remains encrypted throughout its entire lifecycle.
Use file-level encryption to protect individual files and prevent unauthorized access.
Tackling sql injections using encryption
Implement parameterized queries and prepared statements to prevent SQL injection attacks.
Encrypt sensitive data stored in databases to safeguard against unauthorized access.
Tackling malware using physical security
Control physical access to servers and critical infrastructure to prevent unauthorized installation of malware.
Restrict physical access to workstations to prevent tampering with hardware or USB-based attacks.
Tackling social engineering using physical security
Ensure workstations are strategically placed to prevent unauthorized individuals from viewing sensitive information on screens.
Implement privacy filters on computer screens to limit visibility from different angles.
Tackling brute force attacks using physical security
Restrict physical access to server rooms and data centers to authorized personnel only.
Implement biometric or card-based access controls to enhance security.
Tackling denial of service attacks using physical security
Secure network devices and infrastructure against physical tampering to prevent disruptions.
Implement physical security measures for critical network components and data centers.
Tackling data interception and thefts using physical security
Implement controlled access to areas where physical data storage devices are kept.
Use secure cabinets and safes for physical documents and storage media.
Tackling sql injection using physical security
Restrict physical access to database servers to prevent tampering with configurations.
Physically secure the infrastructure housing the databases to prevent unauthorized access.
