1.4 - Network Security Flashcards
What is SQL injection?
Controlling a database via user input
A SQL injection is when a malicious SQL query (command) is entered into a data input box on a website. If the website is insecure then the SQL query can trick the website into giving unauthorised access to the website’s database.
What is social engineering?
Tricking humans into revealing personal data
What is a brute-force attack?
Is an attack in which every possible password combination is tested in order from start to finish.
How do you lessen the risk of a brute-force attack working?
Long passwords and a limit on attempts
What is a Denial of Service (DoS) attack?
A computer repeatedly sending requests to a server causing the system to slow or crash
What is a Distributed Denial of Service (DDoS) attack?
A coordinated attack using a botnet of infected systems to overload a server with requests
What is malware?
A harmful program seeking to damage or gain unauthorised access to a computer system
What is a virus?
Self-replicating malware that attaches itself to infected files
What is a worm?
Self-replicating malware that finds weaknesses in software
What is a trojan?
A harmful program that looks like legitimate software so users are tricked into installing it to get backdoor access to a system
What does spyware do?
Secretly records the activities of a user to look for usernames, passwords and credit card information
What does a keylogger do?
Secretly records the key presses of a user to record usernames, passwords and credit card information
What does ransomware do?
Locks files using encryption so a user can’t access them and demands money from the victim to decrypt the data
What is data interception?
Data packets are intercepted by a third party and copied to a different location
What is penetration testing?
Simulating an attack to find weaknesses
