1.4: NETWORK SECURITY TRE fin Flashcards
what are spyware and keyloggers and how are they prevented?
software that hides on your computer and records your keystrokes to send to a third party for analysis
this can be stopped by anti malware software
what are viruses and how can they be prevented?
a program installed on your computer that is designed to replicate itself
it can harm files and spread to other computers and devices
they can be prevented by antivirus/anti malware software and by not clicking on links from unknown sources
what are denial of service attacks and how can they be prevented?
servers and devices are flooded with too many requests or data packets, causing them to crash or become unusable
they can be prevented by a firewall
what are brute-force attacks and how can they be prevented?
automated or manual attempts to gain unauthorised access to secure areas
>by trying lots of password combinations
these can be prevented by strong passwords with limited attempts and by penetration testing
what is blagging and how can it be prevented?
dishonestly persuading someone to divulge personal or sensitive information by deception
this can be prevented by security training
what is phishing and how can it be prevented?
redirecting a user to a fake website where they trick them into divulging information such as passwords for fraudulent use
this can be prevented by network policies, firewalls or being aware of phishing clues
what is shouldering and how can it be prevented?
looking over someone’s shoulder as they enter a password
this can be prevented by concealing the password entry, user access levels (eg 2 factor authentication) and user awareness
what is data interception and theft and how can it be prevented?
data may be intercepted during transmission, but physical theft can occur when storage devices or data files are left insecurely
this can be prevented by encryption, physical locks and biometrics
what is an SQL injection?
STRUCTURE QUERY LANGUAGE
used to search databases
when data is entered like username and password, the website will contact the database server to find the account details and display them
HOWEVER
if a hacker enters malicious SQL into the password field, this will modify the SQL executed, resulting in unauthorised access
eg they might type in 1=1 and be let in
what is penetration software?
used to find weaknesses in a system by hiring someone to try and hack into it before a hacker does
what is external pen testing?
trying to find a way into a system form outside the organisation, like servers and firewalls
what is internal pen testing?
putting the tester in the position of an employee who has some access into the system to test the damage they could cause
what is anti malware software?
it protects a computer by preventing harmful programs from being installed
if a virus is detected, the software will quarantine and remove the file
it should be constantly kept up to date to detect all recent threats
what is a firewall?
prevent unauthorised access to the computer
all data traffic is monitored as it passes through the firewall, meaning external attacks and banned websites can be blocked
what are user access levels?
different access can be given to each employee based on their needs
this limits the amount of data that a hacker may be able to see if an account is compromised
