6) Fundamentals of Cyber Security Flashcards
What are the forms of attack on a network?
Active attack
Passive attack
Insider atatck
Social engineering
What is a passive attack?
When a hacker eavesdrops of a network by ‘sniffing’ data packets
What is an active attack?
When someone uses malware or other technical methods to compromise a network’s security
What is authentication?
Any methods which allow users to prove that an account is theirs
What is a dictionary attack?
Brute force attack from words in a pretermined lists
What are ways of protection against cracking?
Writing a network policy which enforces strong passwords
Using two-factor authentication
Restricting number of failed password attempts
What does DoS stand for?
Denial of Service
What does a DoS attack do?
Attempt to bring a server down by flooding it with useless requests
What are ways of protection against DoS attacks?
Firewalls blacklisting traffic from known IP addresses
Monitor and limit traffic
What does DDoS stand for?
Distributed Denial of Service
What does DDoS attacks overcome?
Blacklisting of IP addresses
How do DDoS attacks work?
Requests are sent from an army of machines
A botnet
What does penetration testing identify?
Vulnerabilities
What does a good penetration test check?
Technical vulnerabilities
Likelihood of social engineering
Test of damage recovery
What is the motivation for penetration tests?
Fixing bugs saves money
What is black box testing?
Outside organisation practices a real attack
What is white box testing?
Inside organisation tests vulnerabilities with knowledge of system and basic access rights, prevents insider attacks
What is cold calling?
Pretending to be from a bank or utility company
Attempting to gain confidential details
What tactic do social engieers often use?
Fear
How can we protect against social engineering?
Public awareness campaigns
Company security policies
Education and training