Data Security Flashcards
Antivirus Software
A program that can be loaded into memory when the computer is running. It monitors the activity on a computer for the signs of a virus.
Firewalls
Software or hardware that controls the incoming and outgoing network traffic. Data is analysed to decide if it should be allowed through or not
Access Levels
A method used to allow only certain users read and/or write access to data on a computer system.
Passwords
Used to prove a persons identity to computer system, thus allowing them access to relevant data.
Double authentication
Users provide 2 forms of ID. Usually something they know (pin) and something the have (bank card).
Network Forensics
This involves monitoring the traffic on a network. At regular intervals transmitted data packets are copied. The copy information about the packet are then stored for later analysis. This is usually processes in batches. The information gathered can help identify invasive traffic or to determine where data is being sent.
Ethical hacking
Carried out with the permission of the system owner to cover all computer attack techniques.
An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the system owner to improve system security.
Penetration testing
A sub-set of ethical hacking that deals with the process of testing a network/system to find vulnerabilities that an attacker could exploit.
Targeted
Carried out by the organisation’s IT team and the penetration testing team working together.
External
to find out if an outside attacker can get in and how far they can get in once they have gained access.
Internal
to estimate how much damage a dissatisfied employee could cause
Blind
to simulate the actions of a real attacker by severely limiting the information given to the team performing the test.
Foot printing
The first step in the evaluation of system security. It involves gathering all available information about the computer system or network. Used to limit technical information about a system that is publicly available.
Networking standards
Ensures how different hardware and software produced can work together. Without networking standards, it would be difficult to develop networks that easily share information.
Viruses
A program that is able to copy itself onto other programs with the intention of damaging data. A virus is transmitted by ‘piggybacking’ on another program known as a ‘vector’.
Key logger
Covert programs that capture keyboard inputs and transmits or stores this data for a hacker.
Worm
a standalone program that self-replicates in order to spread to other computers. It does not need a vector.
Spyware
Installed by opening attachments or downloading infected software. Can be used to collect stored data without the user’s knowledge.
Trojan Horse
Appears to perform a useful function, but provides a ‘backdoor’ that enables data to be stolen.
SQL injection
Malicious users can inject SQL commands into a web page input form and compromise data held in a database
DoS Attack
Denial of service attacks attempt to make your website and servers unavailable to real users, by swamping a system with fake requests.
Brute Force Attack
A hacking algorithm, which tries all possible combinations of lowercase and uppercase characters, numbers and symbols to gain unauthorised access to a computer system.
IP address spoofing
Changing the IP address of a real host so that a visitor who types in the URL of a real site is taken to a spoofed web page in order to steal personal details.
Social Engineering
Involves tricking a user into giving out sensitive information such as a password e.g. phishing (an attempt to get users’ details using fake emails).
