1.4 Network Security Flashcards
OCR GCSE Computer Science J277
Malware
malicious software, created with the intent to:
Cause damage to computer systems or
Steal data
Vulnerabilities
Vulnerabilities can be caused by:
Human weakness
Software issues
Code quality
Virus
malware in the form of a program that attaches itself to another file and can replicate itself when the file is executed.
DEFENCE: Antivirus and anti-malware software
Don’t click on links from unknown sources
Worm
malware that is able to replicate itself and does not need to use another file as a vector.
DEFENCE: Antivirus and anti-malware software
Don’t click on links from unknown sources
Trojan
a piece of malware that is hidden inside another file in a computer system
A trojan is a piece of software that appears to be legitimate (such as a game), to trick the user into executing it.
DEFENCE: Antivirus and anti-malware software
Don’t click on links from unknown sources
RAT
Remote Access Trojan
The main objective of a trojan is to steal confidential information or inflict damage.
A type of trojan is a remote access trojan (RAT). A computer with a RAT may become a bot under the remote control of a hacker.
DEFENCE: Antivirus and anti-malware software
Don’t click on links from unknown sources
Botnet
When the hacker controls many computers, the computers form a botnet.
A botnet (robot network) is a network of computers that are under the control of a single operator who can instruct all of the computers to do something at the same time. This could be to send out spam emails or perform a distributed denial of service (DDos) attack on a chosen target.
DEFENCE: Antivirus and anti-malware software
Don’t click on links from unknown sources
Spyware
a form of malware that captures data from a computing device and transmits it without the user’s knowledge.
DEFENCE: Anti-malware software
Keylogger
Spyware. A keylogger can keep a record of all keys pressed, meaning that usernames and passwords are recorded and transmitted back to the malicious software author.
DEFENCE: Anti-malware software
Ransomware
a form of malware that locks a computer or encrypts files, and therefore prevents a user from accessing their data.
The attacker will demand a fee (ransom) is paid before they release the files, although there is no guarantee that the user will get their files back, even after they have paid the ransom.
DEFENCE: Anti-malware software
Social Engineering
techniques used to trick users into giving away personal information by psychological manipulation
It is different to other cyber crimes because it involves humans trying to trick or manipulate other humans
DEFENCE: Security training
Phishing
an attack in which the victim receives a message disguised to look like it has come from a reputable source (for example, a bank), in order to trick them into giving up personal information.
DEFENCE: Security training
Network policy
Firewall
User awareness of phishing ‘clues’
Spear Phishing
Spear phishing is a more sophisticated version of the scam, where a fraudulent message is sent to a specific person and often includes personal details in order to appear legitimate.
For example, rather than sending phishing emails to a whole company, a spear phishing attack might just aim at the finance director and be more personalised
DEFENCE: Security training
Network policy
Firewall
User awareness of phishing ‘clues’
Pharming
deceiving users by sending them to a fake website that the user believes is the real one, with the intention of tricking them into submitting personal information.
DEFENCE: Security training
DNS Poisoning
A more sophisticated method of pharming, known as DNS poisoning involves hacking a DNS (the database that allows your browser to find the website that you are visiting).
When the victim enters a correct web address of the site they wish to visit into their browser, they visit a website controlled by the attacker, rather than the legitimate website.
Blagging
an attack in which the attacker invents a scenario in order to convince the victim to give them personal information or money.
DEFENCE: Security training
Shouldering
a type of social engineering attack design to steal a victim’s password or other sensitive information by using close visual observation.
DEFENCE: Security training
Concealing your password or pin entry
User access levels
User awareness
Hacker
someone who deliberately gains, or attempts to gain, unauthorised access to a computer system with the intent to cause damage or steal data