Network security Flashcards
What are the different forms of attack that pose a threat to computer systems and networks?
- Malware
- Social engineering, e.g. phishing, where people are the “weak point”
- Brute force attacks
- Denial of Service Attacks
- Data interception and theft
- SQL injection
What is malware?
Malware is any type of harmful program that seeks to damage or gain unauthorised access to your computer system.
What are the 6 different types of malware?
Viruses
Worms
Trojans
Spyware
Ransomware
Keylogger
What is a virus?
A virus is a program embedded (hidden) within another file. It can replicate itself on a user’s computer to system by attaching itself to infected files. A virus is only activated when opened by a human. A virus causes damage by damaging or deleting data, or corrupting files. It can also corrupt a system/application so that it stops working.
What is a worm?
A worm can replicate itself from system to system by finding weaknesses in software. Unlike a virus, a worm does not need an infected file or human interaction to spread. A worm can very quickly spread across a network once it has infiltrated it. Worms can also spread to other devices and computers on a network, unlike a virus. Worms can infect computers from infected websites, instant message services, emails and network connection.
What is a trojan?
A trojan is a harmful program that is disguised as legitimate software so users are tricked into installing it (e.g game, file). A trojan has negative program code that causes damage, takes control, or provides access to a computer/system. Trojans do not self replicate or infect other files.
What is spyware?
Spyware is a software that allows a person to spy on a user’s activities on their devices by secretly recording the user’s activities.. This form of software will be embedded onto other software such as games or programs that have been downloaded from illegitimate sources. Spyware can record your screen, log your keystrokes to gain access to passwords and more. Their main aim is to record usernames, passwords and credit card information, so that all secretly recorded information is passed back to the attacker.
What is ransomware?
Ransomware is a form of malware that locks files on a computer system using encryption so that a user no longer has access to them. The attacker demands money from the victim to decrypt their data. There is no guarantee paying the ransom will get your money back and attackers usually use digital currencies such as bitcoin, making it harder to trace.
What is a keylogger (you most likely won’t need to know this)?
A keylogger secretly records the key presses of a user on a computer. Data is stored or sent back to the attacker. The main aim of a keylogger is to record usernames, passwords and credit card information. Keyloggers cna be donwloaded or plugged into the USB port.
What is social engineering?
Social engineering is exploiting weaknesses in a computer system by targeting the people that have access to them.
What are some examples of social engineering?
- Fraudulent phone calls: pretending to be someone else in order to gain access to their account or details (e.g insurance scammer)
- Phishing: Sending fraudulent emails to a large number of email addresses, claiming to be from a reputable company or trusted source and try to gain access to your details (e.g. usernames, passwords, credit card info, other personal information)
- Pretexting: a scammer will send out a fake text message, often pretending to be from the government of HR from a company, this scam is used to trick the user to giving out confidential data
What do you look out for in a phishing email?
- Greeting isn’t personalised - the phishers don’t know your name
- The sender’s address is often a variation of a genuine address
- Forged link: a link may look genuine, but it may not link the website given. Roll your mouse over it to check.
- Request for personal infromation: genuine websites never do this
- Sense of urgency: Criminals try and persuade you that something bad will happen if you don’t act fast
- Poor spelling and grammar (because they may be foreign ,and also because they are trying to weed out the clever ones from the stupid ones - who will actually fall for their scam?)
Why are humans seen as a weak point in system security? Give examples.
Human errors can lead to significant isues.
Examples of human errors:
- not locking doors to computer/server rooms
- Not logging out of their device when they’re not using it
- Sharing passwords
- Not encrypting data
- Not keeping Operating systems/anti-malware software up to date
What is a brute force attack?
A brute force attack is a program attempting all possible password combinations to gain unauthorised access to a user’s device or accounts.
A dictionary attack can also be used which is using popular words or phrases to speed up the processs
What is a Denial of Service attack?
Simple: an attempt to bring down a server by flooding it with lots of useless requests.
A DoS attack is when an attacker(computer) repeatedly sends requests to a server to flood the server with traffic, causing it to overload the system. The server will slow down to the point of becoming unusable.
What is a DDos attack (Distributed Denial of Service)?
A DDos attack is a coordinated attack from multiple distributed services to flood a single server/network with traffic. A network of compromised devices, called a botnet, can be used in a DDos attack. A botnet is a large group of interconnected devices, that have been infected with malware and can be controlled and used maliciously by an attacker.
What is data interception and theft?
Data interception is when communications are read by unauthorised users/programs. Alt. defintion: Unauthorised users obtaining data during transmission/communication (by theft).
A software called a packnet sniffer is used to intercept and analyse data packets. They can collect data being transferred across a network, and a thief can use this data to gain unauthorised access to websites, companies and more.
What is a man-in-the-middle (MITM) attack?
A hacker monitors a network in order to gain information. An example of this is wiretapping, where communications are monitored. The hacker can use this data later to gain access to the system by pretending to be an authorised user.
What is shoulder surfing?
Shoulder surfing is the ability to
get information or passwords by
observing as someone types them in.
Examples include:
Looking over someone’s shoulder
Using a CCTV camera
What is SQL injection?
SQL is a language used for manipulating data in databases.
SQL injection is entering an SQL command into a web text field to manipulate the SQL query
The goal is to insert, modify or delete data from the database
A SQL injection is when a malicious SQL query (command) is entered into a data input box on a website.
If the website is insecure then the SQL query can trick the website into giving unauthorised access to the website’s database.
An SQL injection can be used to view and edit the contents of a database or even gain administrator privileges.
Examples include:
Writing “Drop Table Customers” at the end of a query, adds a command which deletes all company customer details.
Writing where 1=1, gives returns all the details of whatever you’ve entered as 1 is always equal to 1
What are the different ways of preventing vulnerabilities in a computer system/network?
Penetration testing, anti-malware software, encryption, firewall, user access levels, passwords, physical security
What is pen testing? What is its purpose?
Penetration testing is carried out as part of ethical hacking.
Penetration tests assess the security of a system or network. They identify vulnerabilities or weaknesses so that they can be fixed before malicious hackers can exploit them.
Pentests protect against unauthorised access (hacking), SQL injection, brute force attacks
What are the four main types of pen testing?
Internal tests, to see how much damage can be done by somebody within the company with a registered account.
Blind tests are done with no inside information, to simulate what a real hacker would have to do to infiltrate a system.
External tests are for white hat hackers (ethical hackers) to try and infiltrate a system from outside the company.
Targeted tests are conducted by the company’s IT department and the penetration team cooperating together to find faults in the system.
What is anti-malware, what does it prevent and how does it work?
Anti-malware is used to locate and delete malware, like viruses, worms, trojans, spyware and ransomware.
Anti-malware software scans files and programs and compares each to a database of known malware signatures (patterns). It can quarantine, block, and remove suspicious files to prevent them from harming the system.
There are thousands of known malware, but new forms are created each day by attackers, so anti-malware software must be regularly updated to keep systems secure.
What are some other roles of anti-malware software?
- Checking all incoming and outgoing emails and their attachments
- Checking files as they are downloaded
- Scanning the hard drive for viruses and deleting them
What is a firewall and how does it work?
A firewall monitors and controls incoming and outgoing traffic in a network. A firewall acts as a barrier between an internal network and external networks like the Internet. It blocks unauthorised access while allowing safe data to pass through.
Each data packet is processed to check whether it should be given access to the network by examining the source and destination address. Unexpected data will be filtered out and not accepted to the data.
Protects against unauthorised access (hacking), malware, DoS attacks
What are some other roles of a firewall?
Blocking access to insecure/malicious websites.
Blocking certain programs from accessing the internet.
Blocking unexpected/unauthorised downloads.
Preventing specific users on a network accessing certain files.
What is encryption, how does it work and how does it prevent/limit an attack?
Encryption is the process of scrambling data using a key into an unreadable format so that attackers cannot understand it if is intercepted during transmission.
Passwords stored by websites are almost always stored in an encrypted form.
If a hacker obtains the data in the password database, they won’t be able to easily read the passwords.
Devices and computers can also have their storage and hard disk data encrypted.
Helps protect against data interception and theft.
Why are secure passwords important for network security? What makes a strong password?
Strong passwords are important for network security as they make it harder for attackers to guess or crack login credentials using brute force attacks. This helps prevent unauthorised access to systems, data and user accounts.
Strong password should have at least 8 characters (be of substantial length), contain a mix of uppercase and lowercase letters, punctuation and numbers. They should be regularly changed.
Helps prevent brute force attacks, data theft, unauthorised access (hacking)
What are user access levels and why are they important?
User access levels control what users can see and do on a system or network. Users may be given different permissions. This helps prevent accidental or intentional misuse of data and keeps sensitive information secure.
Examples of user access levels include only being able to read data, or read and write data in a file.
It is important to set user access levels so that only authoorised users can view and change data. The more users who have access to a file, the more likely it is to be compromised. Certain users may have no access to a file - they can’t read or edit it.
Help protects against unauthorised access (hacking), SQL injections, malware
Why is physical security important for network security?
Physical security can restrict access to systems and network hardware. Physical security secures server rooms and prevents unauthorised access and theft.
What are examples of physical security?
Locks, keycards, biometric controls, staff, CCTV cameras, intruder alarms.
A lock can be used to prevent access to server rooms or locations that store confidential data. Only authorised personnel with a matching key will have access.
Biometric devices require the input of a human characteristic (such a fingerprint, iris or voice).
The biometric data is checked against previously inputted data in a database. Only a match will allow access to the user.
What are the different types of software-based security (aka system security)?
Firewall, encryption, anti-malware software, user access levels, network policies, penetration testing, anti-virus, anti-spyware, two factor authenticaiton
What are some errors that people may make that endanger the security of a network? Mention procedures that could be put in place to prevent each error.
leaving computer logged on - log off after 10 minutes
insecure passwords - expiry dates to change passwords/network policies to tell staff to have good passwords
click on links that download malware - install anti-malware/firewall
sticking USB sticks in - train staff to not do that
How do you protect against malware?
FIREWALL AND ANTI-MALWARE
Have strong security software: firewall; anti-malware, including anti-virus, anti-spyware, anti-spam; enabling OS and security software updates; staff training - being cautious of opening email attachments and downloading software; backup files regularly onto removable data.
How do you protect against phishing?
Strong security software
Staff training: awareness of spotting fake emails and websites
Staff training: not disclosing personal or corporate information
Staff training: disabling browser pop-ups
How do you protect against brute force attacks?
Firewalls, pentesting and secure passwords
Network lockout policy: locks account after 3 password attempts
Using progressive delays
Staff training: using effective passwords with symbols, letters, numbers and mixed case
Using challenge response e.g. “I am not a robot” and reCAPTCHA
How do you protect against DoS attacks?
Strong firewall
packet filters on routers
configuring the website
auditing, logging and monitoring of systems (network forensics)
How do you protect against data interception and theft?
ENCRYPTION
Encryption
Using virtual networks
Staff training: use of passwords, locking computers and office doors, logging off, use of portable media, investigating your own network vulnerabilities
How do you protect against SQL injection?
PENTESTING, FIREWALL
Validation on input boxes
Using parameters queries
Setting database permissions
Penetration testing
What are network forensics?
The monitoring, storage, and analysis of traffic on a network. The information gathered can help identify invasive traffic (from hackers) or to determine where data is being sent.
What are network policies, give examples and how do they prevent vulnerabilities?
A network policy is a policy that provides rules and regulations on what network users can and cannot do.
Users of a network are often the source of threats, whether accidental or deliberate. A network manager should have an acceptable use policy which ensures:
- users have a secure, hard-to-guess password which meets specified conditions
- users change their password on a regular basis
- users cannot connect unauthorised equipment to the network, such as USB memory sticks, smartphones and tablets
levels of access are given, which allow only authorised users to access sensitive data - a regular backup procedure is in place
- a disaster recovery procedure exists in case of data loss
- regular penetration testing and forensic analysis
- regular maintenance including applying software upgrades and security patches to equipment
- preventing physical access to servers maintaining a high level of security with up-to-date anti-virus software and firewalls
