5.2 Network Security Flashcards
What is Network Security?
It is the processes, practices, and technologies designed to protect networks from attacks, damages, or unauthorized access.
Where do attacks originate from?
It can happen internally and externally.
What are the kinds of security do you need to watch out for?
- Physical Security
- CCTVs, Case Locks, Disabling USB Ports
- Cloud Security
- Ensure the cloud servers you use are safe
What should be done when checking security?
- Validation
- Ensuring that data is correct and secure before processing
- Authentication
- Ensuring that an entity is genuine, like users, product authentications.
What are some security threats?
- Unpatched Software
- Misconfigured Access Controls
- Social Engineering
- Phishing
- Shoulder Surfing
- USB devices
- Portable Digital Devices
- Eavesdropping
- Malicious Code, malware basically
- Commercial Analysis tools
What is Unpatched Software?
It is basically just un-updated software, which may have some protection holes.
What is Misconfigured Access Control?
It is when an entity has permission to access something that they’re not supposed to.
What is Phishing/Pharming?
It is the usage of sending emails from a ‘verified’ entity that contains malicious links that can lead to websites that download malware.
What is shoulder surfing?
Someone staring at you when you type in important information.
What is Malicious Code?
It is malware like:
- viruses
- spyware
- things like that
How can you identify vulnerabilities?
- Penetration Testing
- Ethical Hacking
What is penetration testing?
It is basically stimulating an attack to find any weaknesses. For example, entering a random username and password just to see if it can access the site. It is normally done by an external entity.
What are the kinds of penetration testing?
- White-box pen test
- Inside attack, where attacker has some knowledge of the system
- Black-box pen test
- Outside attack, hacking
What is ethical hacking?
Hacking is finding and exploiting vulnerabilities, it is only ethical when done in a testing context. There are kinds identified by white/black/gray hat hackers. For it to be ethical, it must:
- Have permission
- Be worked on securely
- notify admins when weaknesses are found
What are Firewalls?
They monitor network traffic and filter data packets based on agreed rules. Routers and dedicated hardware contain firewalls, they can:
- Block Packets
- Connections from certain regions