5.3 cyber security Flashcards
process of brute-force attack
- hacker systematically try
- all diff combos of letters, numbers, symbols
- until eventually find password
aim of carrying out brute-force attack
figure out passwork
process of data interception
- steal data by tapping into wired/wireless communication link
- wardriving (wireless)
- packet sniffing (wired)
aim of data interception
- compromise privacy
- obtain confidential information
explain wardriving
locating and using wireless internet connections illegally
explain packet sniffing
- uses packet sniffers
- examine packets sent over a line
- all data collected sent back to attacker
process of DDoS attack
- flood network with useless spam traffic
- server can only handle finite number of requests
- so server fails as result, struggles to respond to all requests
explain how the spam traffic works in DDoS attack
- originates from many diff comptuers (hard to block traffic)
- network of computers infected with malware called bots
- send multiple requests to access web server all at same time
- while bot not being used, called zombie
aim of DDoS attack
- prevent users from accessing part of network
- notably, internet server
process of hacking
gaining unauthorised access to computer system
aim of hacking
- gain personal info
- data change, corrupt, passed on
types of malware
- virus
- ransomware
- adware
- trojan horse
- spyware
- worms
explain virus
- programs that can replicate themselves
- delete or corrupt files
- cause computer to malfunction
- need active host program on target computer before can actually run and cause harm (need to be executed by trigger)
explain ransomware
- attackers encrypt users data
- until certain amount of money paid
- then, decryption key sent to user
explain adware
display unwanted ads on user screen
explain trojan horse
- program disguised as legitimate software
- used to invite other malware, often installed via trojan horse malware
explain spyware
- software that gathers info by monitoring user activity on computer
- send back to cybercriminal who originally sent spyware
- include web browsing activities, personal data
explain worms
- programs that can replicate themselves
- intention of corrupting entire network instead of computer alone
- no need for active host program
process of pharming
- attacker install malicious code on computer
- redirects user to fake websites
process of phishing
- attackers send legitimate-looking emails
- bait user into giving out info
process of social engineering
- attacker creates social situation
- leads to victim giving out details
what is malware
malicious software
aim of pharming
give login details and other personal details
aim of phishing
give out personal information
aim of social engineering
give out personal details
how do access levels keep data safe
different level of access for diff people
what are the types of anti-malware
anti-virus, anti-spyware
features of anti-virus software
- check software/files before run/loaded on computer
- compares possible virus against database of known viruses
- any files/programs potentially infected put into quarantine
what does anti-spyware do
detects and removes spyware programs
types of authentication
- username and password
- biometric
- two-step verification
how does automating software updates help keep data safe
- contain patches that update software security
- improve software performance
what are firewalls
- either software or hardware
- sits between user computer and external network
- primary defense against hacking
tasks of firewall
- examine traffic between user comp and public network
- log all incoming and outgoing traffic and give user warning if security issue
how do proxy servers work
- intermediate between user and web server
- keep user IP address secret
- allow internet traffic to be filtered
- can act as firewalls
diagram for proxy server
what is SSL
-
