14- Threats to computer systems and networks Flashcards
What are the different ways a network can be hacked?
malware phishing brute force denial of service data interception and theft structured query language injection poor network policy people
What is malware?
Malware is malicious software that is designed to hack a system. Malware can take many different forms.
What different forms can malware take place as?
Viruses, worms, trojans, spyware and ransomware
What are viruses?
Programs embedded (hidden) within other files. They replicate themselves and become part of other programs. Viruses often cause damage by deleting or modifying data.
What are worms?
Programs similar to viruses except that they are not hidden within other files. Worms often spread through emails.
What are trojans?
Programs which pretend to be legitimate but in reality are malware. They are often disguised as email attachments. Trojans cannot spread by themselves - instead they deceive a user into installing the program
What is spyware?
Programs that monitor user activities (such as websites visited, usernames and passwords used) and send the information back to a hacker.
What is ransomware?
Programs that attempt to blackmail a user into making a payment to a hacker. Some types of ransomware do little but try to scare users into paying, while others go further - they encrypt documents and will not decrypt them until a ransom is paid.
What is phishing?
Emails that try to trick users into giving away personal details. The phishing email pretends to be a genuine message and tries to deceive the user into following a link to a website that looks like the real company, for example, a bank. However, it is a fake website designed to catch data such as bank account numbers and security codes.
What is a brute force attack?
Where a program is used to find a password by trying all possible combinations of characters until the correct one is obtained.
What is a Denial of service attack?
Where a computer (or many computers) is used to prevent a server from performing its tasks. This is done by bombarding the server over and over again with requests. Eventually the server is tied up trying to handle all the DOS requests, making it very difficult for it to respond to legitimate requests.
What is Data interception and theft
Where data is intercepted during transmission. This is done using software called a packet sniffer, which examines data packets as they are sent around a network, or across the internet. The information gathered is sent back to a hacker.
What is SQL injection?
SQL is used to search databases. A hacker can enter some malicious SQL into a database, which can cause errors or unintended operations.
What is poor network policy?
Where a network does not have security rules in place for users to follow.
How are people a threat to networks?
Where users do not adhere to network policy. People frequently ignore rules, or accidentally or deliberately break them. For example, many users choose easy to guess passwords, or send and receive personal emails which may contain viruses. This behaviour increases the chances of a network being compromised and its data being accessed by unauthorised users. This is sometimes called social engineering.
What do poor network policies tend to not have?
- levels of access to prevent users from accessing sensitive data unless they are authorised to do so
- rules preventing the connection of external devices such as USB memory sticks which may contain and transmit viruses
- regulation regarding secure passwords, for example using a number of letters, numbers and symbols
- rules to govern what websites can and cannot be visited
- methods to prevent any user wirelessly connecting an unsecured laptop, tablet or smartphone
- controls on what facilities can be accessed remotely (away from the organisation)
- a formal backup procedure that is adhered to
- a regular maintenance programme that is followed
What is a network attack?
an attempt to gain access to, steal, modify or delete data on a network.
What are the 4 types of network attack?
active, eavesdropping(passive), external, internal
What methods are in place to help keep a network safe?
secure passwords
encryption
anti-malware software
firewalls
Describe penetration testing
The purpose of penetration testing is to determine how resilient a network is against an attack. It involves authorised users (sometimes an external party or organisation) who probe the network for potential weaknesses and attempt to exploit them. Software that enables network managers to test the resilience of networks themselves is also available.
Describe network forensics
Network forensics involves monitoring the traffic on a network. At regular intervals transmitted data packets are copied. The copy and information about the packet are then stored for later analysis. This is usually processed in batches. The information gathered can help identify invasive traffic (from hackers) or to determine where data is being sent.
What is meant by network policies?
Rules put in place that ensure the safety of a network
What do network policies ensure?
- users have a secure, hard-to-guess password which meets specified conditions
- users change their password on a regular basis
- users cannot connect unauthorised equipment to the network, such as USB memory sticks, smartphones and tablets
- levels of access are given, which allow only authorised users to access sensitive data
- a regular backup procedure is in place
- a disaster recovery procedure exists in case of data loss
- regular penetration testing and forensic analysis
- regular maintenance including applying software upgrades and security patches to equipment
- preventing physical access to servers
- maintaining a high level of security with up-to-date anti-virus software and firewalls
What do user access levels do?
They determine the facilities a user has access to e.g. software, email, internet access, documents & data, the ability to install and/or remove software, the ability to maintain other users’ accounts.
-
-
What methods are in place to identify vulnerabilities in a network?
penetration testing, network forensics, network policies, user access levels
What is the purpose of a password?
The purpose of a password is to verify who a user is. Without knowing the password, you cannot use a user ID to sign into a network.
What is an ideal secure password?
One that contains a combination of upper an lower case letters, special characters and numbers. The password should also be at least 8 characters long and not be easy to guess.
What is encryption?
the process of disguising data so that it cannot be understood. Even if a hacker gains access to encrypted data, they will not be able to understand it, as they do not have the key to turn the message from ciphertext to plaintext.
Network managers usually encrypt data which is to be stored or transmitted on a network.
What are the 3 purposes of anti-malware?
- To detect malware that has been installed
- To prevent malware from being installed
- To remove malware from the system.
What does anti-malware include?
anti-virus software, anti-phishing tools and anti-spyware software
How does anti-malware work?
by scanning through all the files on a computer and checking them against a list (known as definitions) of known malware.
What is the main problem with anti-malware?
that it is reactive - it can only detect, prevent and remove known malware. When new malware is introduced, anti-malware has to be updated to take account of the new threats. The longer the gap before anti-malware is updated, the less protection it offers.
What does a firewall do?
A firewall stops unauthorised traffic entering and leaving a network.
The decision for a firewall to allow or block traffic is based on what?
The firewall policy
What is an example of the firewall policy in use?
some programs, such as email clients and web browsers have legitimate cause to send a transmission. These programs are known and the firewall policy allows their communications. However, any transmissions that are not sent from or to known - and allowed - sources are blocked.
What are the 2 things firewalls can be?
Hard-ware based or soft-ware based
Which is more expensive, hardware-based firewalls or soft-ware based firewalls?
Hard-ware based firewalls
Which is more effective, hardware-based firewalls or soft-ware based firewalls?
Hard-ware based firewalls
