Network Security Flashcards
Acceptable Use Policy
a document that stipulates what users of a network may or may not do with that network
Adware
not dangerous in its own right, but may contain links to other malware, such as viruses and key loggers
Alphanumeric Characters
letters and numbers
Anti-Malware
software that detects and removes harmful software, such as viruses, from a computer
Anti-Virus
a program that can be loaded into memory when the computer is running that monitors activity on a computer system for the signs of virus infection that scans for a virus’s signature
Archive
long-term storage of files no longer in use
Backdoor
built into a computer program that allows someone to bypass any security to get to it
Back Up
where the original file is still on the computer, but there is another copy somewhere else
Full Backup
where everything is backed up
Differentiation Backup
where files are backed up between different time intervals
Incremental Backup
where only files that have been edited are backed up
Blagging
the act of convincing someone that you are someone else to make them directly give away information such as passwords
Brute Force Attack
where hackers have multiple guesses in quick succession at your password until they eventually guess it correctly
Buffer Overflow Attack
a malware attack where the attacker attempts to fill up your memory
Compression
process that reduces a file’s size for efficient storage or transmission
Cookie
a text file stored on your computer that contains details about a website that you have visited
Cyberattack
attacks on computers or networks that use various types of malware
Cyphertext
text that has been encrypted and cannot be decrypted without the decryption key
Dictionary Attack
an attack where a hacker uses a file containing every word in the dictionary to guess your password
Digital Footprint
the record that is kept of everything you have done online
Disaster Recovery Policy
a document that describes how a company would aim to recover from catastrophic damage to hardware, software or data
Distributed DoS Attack
a DoS attack involving several networks, either because several networks are attacking at once, or several networks are being attacked at once
DoS Attack
Denial of Service Attack
attempt to make your website and servers unavailable to legitimate users by swamping a system with fake requests, usually in an attempt to exhaust server resources, not to break system security, involving a single internet connection
Encryption
by encrypting data, it can only be read by someone who has the same decryption software on the other end
Firewall
a security system that controls incoming and outgoing network traffic, that analyses packets of data to determine whether they should be allowed through or not, its function is to monitor where data has come from and where it is going and to determine if this communication is allowed by checking a list of pre-determined rules, not to stop viruses
Footprinting
where an attacker builds up a profile about someone to make it easier to guess their passwords
Fraud
a crime in which you purposefully deceive someone for monetary gain
Guess Attack
where a hacker makes an educated guess at your password
Hashing
performing an algorithm on a password which allows entered passwords to be checked, without allowing the actual password to be viewed
Human Error
the biggest threat to any type of cyber security
Injection Attacks
when an attacker tries to get the program to execute their malicious code by including it as a regular output, which can be avoided by using input validation
IP Address Spoofing
involves an attacker changing the IP address of a legitimate host so that a visitor who types in the URL of a legitimate site is taken to a fraudulent or spoofed web page, meaning the attacker can then use this page to steal sensitive data or install malware
JPEG
Joint Photographic Experts Group
a format for compression images using lossy compression
Key Logger
a type of software that can be used to track keystrokes and capture passwords, account numbers, fraudulent use or people’s online activity
Malware
malicious software
a broad term used to describe software used to disrupt computer operation
Name Generator Attack
attacks in which the victim is asked on an app or social media to put in personal details about themselves, often to produce a name, allowing attackers to find out key pieces of information about you to help them answer security questions that protect people’s accounts
MPEG
Moving Picture Experts Group
a standard for compression videos using lossy compression
Network Forensics
monitoring and analysis of network traffic to detect intrusion
Network Security
security methods such as passwords, user access levels, encryption, etc
Nonalphanumeric Characters
characters such as punctuation marks
Parity Bit
used to indicate whether the number of bits transmitted that are equal to one are even or odd, an error is detected when the parity bit is not set to the expected value
Parity Checking
the most straightforward method of detecting errors, usually a parity bit
Passphrase
a technique using WhatThreeWords for coming up with passwords
Password
used to prove a person’s identity to a computer system, thus allowing them access to relevant data. These should be easy for the user to remember, but hard for other people to guess, can be guessed using formula:
Attempts = Number of characters^Password length
Penetration Testing
where a company is attacked and the results are reported back to the company
Blind Testing
testing to simulate the actions and procedures of a real attacker by severely limiting the information given to the team performing the test
External Testing
testing carried out to find out if an outside attacker can get in and how far they can get in once they have gained access
Internal Testing
testing carried out to find out how much damage a dissatisfied employee could cause
Targeted Testing
testing carried out by the organisation’s IT and the penetration team working together
Pharming
where users are unknowingly redirected to a fake website with the intention of identity or information theft
Phishing
fraud where a user is tricked, often by e-mail, into revealing personal or confidential information, eg bank details which can be used fraudulently
Physical Security
security methods such as locking doors, CCTV etc
Pretexting
an attack in which the perpetrator invents a scenario in order to convince the victim to give them data or money, often requiring the attacker to maintain conversation with the victim until they are persuaded to give them whatever the attacker asked for
Private Key
used for encryption/decryption and should not be shared with unauthorised parties, usage of them is laid out in the company’s AUP
Ransomware
malware attack that holds the computer to ransom, locking the computer and demanding money to unlock the computer or regain access to files
Shouldering
an attack designed to steal a victim’s password or other sensitive data, involving the attacker watching the user input information, for example, over their shoulder, and is often done at PIN machines, but can be carried out long-distance by binoculars or CCTV
Signature
all viruses have a unique signature that anti-virus software scans for
Smishing
a form of phishing that is done through SMS
Social Engineering
psychological manipulation of people into revealing personal or confidential information, eg bank details which can be used fraudulently
Spear Pharming
a type of pharming with a specific intended target
Spear Phishing
a type of phishing with a specific intended target
Spyware
installed by opening attachments or downloading infected software, used to collect stored data without the user’s knowledge
SQL
Structure Query Language
a set of commands that allows you to get information
SQL Injection
a technique where malicious user can inject SQL commands into SQL statement, via web page input, which can alter SQL statements and compromise the security of information held in a database
System Access
users should only be able to access areas for which they have permission
Trojan Horse
a program that appears to perform a useful function, but also provides a ‘backdoor’ that allows data to be stolen
User Access Levels
allowing different users to have access to different data, such as giving some people Read Only access, or allowing some people to access more data than others
User Account
these should not be shared, permitted usage of these is laid out in a company’s AUP
Virus
programs that can replicated themselves sand be spread from one system to another by attaching themselves to host files, used to modify or corrupt information on a targeted computer system
Worms
self-replicating programs that identify vulnerabilities in operating systems and enable remote control of the infected computer
Xor
exclusive or, used in encryption and decryption
World Wide Web
the name given to the large number of webpages stored on the internet
Distributed DoS Attack
a DoS attack involving several networks, either because several networks are attacking at once, or several networks are being attacked at once
Dictionary Attack
an attack where a hacker uses a file containing every word in the dictionary to guess your password