Internet Security Flashcards
What is a firewall and what is it used for
A piece of software that sits between 2 networks.
It can prevent certain things from entering and leaving
What is static filtering
When a firewall checks packet headers arriving from untrusted networks against a set of rules or packet filters defined by the network administrator
What is packet filtering
When the firewall inspects packets to check which port they’re attempting to access
What is stateful Inspection/ dynamic filtering
When incoming & outgoing traffic is continuously monitored after a connection is established
Done via looking at contents of packet rather than header
What is required of the firewall for stateful inspection to occur
Requires the firewall to maintain a connection table which keeps track of all conversations going on between networks
What does a proxy server do
Sits between the client device and firewall.
Provides anonymity to the client keeping their true IP hidden.
Additional uses of a proxy server
- keeps a cache of websites, speeds up user access and reduces traffic
- logs all user activity e.g. recording a list of websites user has attempted to visit
- web filtering
What is symmetric encryption
uses the same key for encryption & decryption
What is asymmetric encryption
- Uses a public and private key. The keys work as a pair.
- one key is used to encrypt message and the other to decrypt.
- used to initiate TLS connections
Symmetric Vs Asymmetric encryption
- symmetric is faster as it uses less complex mathematical operations, allows for data to be encrypted and decrypted at suitable speeds
- Asymmetric is slower but allows the sender to be authenticated (more secure)
What is key exchange
When the communicating devices have to transfer the key between them so they can pass each other messages
What is a digital signature
A form of authentication to guarantee the integrity of the message and authenticate the sender
How is a digital signature created and used
- runs a hash function against the unencrypted message to produce a hash total
- encrypts the hash total with their private key, forming the digital signal
- the sender then bundles it with the message and encrypts it with the public key
How does the recipient decrypt the message and digital signature
- uses private key to decrypt the bundled digital signature & message
- use the public key to decrypt hash total
- run the hash function on the plaintext to see if it matches the hash total
- if the hashed message and hash total match then it verifies the integrity
What can a digital signature also include
A timestamp so that a false signature cannot be recreated at a later date
What is a digital certificate
An electronic document that authenticates a message sender or website
- issued by an official certificate authority
What does a digital certificate include
- serial number
- expiry date
- holder’s name
- holder’s public key
- ‘signed’ by digital certificate of issuing CA to verify its genuine
What is the purpose of a digital certificate
- used to verify the identity of the owner of each public key and obtain the key itself
- used to check if a website is authentic
- used by websites that use HTTPS
What can be considered vulnerabilities in a computer system
- Human weakness
- out of date or unpatched software
- poor code quality
What is a virus
- Malicious form of self-replicating software
- attaches itself to other programs or files
- makes copies of itself and spread to infect computer systems
What can a virus do
May be designed to:
Spam / steal data / infect other devices on network / corrupt files
What is a worm
Malicious software that can replicate and distribute itself independently.
Done by using network features or email services to spread
What does a worm do
- programmed to damage software
- waste system resources
How does a worm waste system resources
Uses up network bandwidth, slows down network significantly
Some cases worms can use all the resources causing a denial-of-service attack
What is a trojan
A malicious piece of software that appears to be real to trick the user into executing it
What does a trojan do
Performs malicious attacks such as:
Data theft / redirecting search requests / installing more malware / opening a backdoor for remote access
What is spyware
Malicious software that installs onto a device without the user’s knowledge
What does spyware do
Captures data from the device and sends it back to creator of the software
What is ransomware
Malware that locks a computer or encrypts files, preventing a user from accessing their data
What is the purpose of ransomware
The attacker demands a fee for the release of the files
What is antivirus software
Software used to detect, quarantine or remove malware
Methods for antivirus to detect malware
- Comparing your files to a list of of known malware
- monitoring files for suspicious activity
What does improving code quality do
Reduces threats from malware
Measures against malware
Guarding against buffer overflow attack
Guarding against SQL injection attack
Use of strong passwords
2FA
Use of access rights
When does buffer overflow occur
When a program accidentally writes data to a location to small to handle it
What is the result of buffer overflow
Malware can cause and manipulate overflowed data which then may be read ad a malicious instruction
What is SQL injection
When a malicious user enters SQL commands via the online database to change the processing
