Network Security And Threats Flashcards
What is a firewall?
A security checkpoint designed to prevent unauthorised access between two networks, usually involving an internal trusted and an external network
What does a typical firewall consist of?
A separate computer containing two Network Interface Cards (NICs), with one connecting to an internal network, the other to an external network
What happens when special firewall software is used?
Each data packets attempts to pass between the two NICs is analysed against preconfigured rules and then accepted or rejected
What are the preconfigured rules in a firewall called?
Packet filtering
What is packet filtering also called?
Static filtering
What does packet filtering do?
Controls network access according to network administrators rules and policies by examine the source and destination IP addresses in packet headers
What reasons can static filtering block packets for?
Block packets based on the protocols being used and the port number they are trying to access
What is a port?
Is where a client reaches the right computer or network at the right IP address and for example allows the client to download the packets data to a computer
What is an example of certain protocols using particular ports?
Telnet, is used to remotely access and uses port 23 so if Telnet is disallowed by a network administrator, any packets attempting to connect through port 23 will be dropped or rejected to deny access
What is the difference between a dropped packet and a reject packet?
A dropped party Is removed quietly while a rejected packet will cause a rejection notice to be sent back to the sender
What us a proxy server?
Interrupts all packets entering and leaving a network, hiding the true network addresses of the source from the recipient
What does using a proxy server do for the user?
Enables privacy and anonymous surfing
How can proxy servers help commonly voters websites?
By maintaining a cache of commonly visited websites and return the web page data to the user immediately without the need to reconnect to the Internet and re-request the page from the website server
How can proxy servers control over the content that users may demand?
They are often used to filter requests providing administrative controls
What is encryption?
Encryption is one way of making messages travelling over the Internet secure
What are all types of malware or malicious software?
Worms, Trojans and viruses
What do worms and viruses have the ability to do?
Self-replicate by spreading copies of themself
What’s the difference between a worm and a virus?
Worms are a sub-class of viruses, but viruses rely on the host files to be opened in order to spread themselves, whereas worms do not
What type of virus resident is most common?
memory resident
What happens tot eh virus once it is in memory?
Any other uninfected file that runs becomes infected when it is copied into memory
Where do other common virus reside?
In macro files usually attached to word processing and spreadsheet data files, that infect data files once created and are usually less harmful
How does a worm get into a system?
Resides within a data file and enter the computer through a venerability or tricking the user into opening a file
How does a worm replicate?
A worm can replicate itself and send copies to others user from your computer
Why can worms be responsible for causing computer or servers to slow?
Worms are often reasonable for using up bandwidth, system memory or network resources
What is a trojan?
A type of malware that manifests it self in something useful file, games or utility
What are some uses for Trojans?
To harvest personal information, or use your computer power or network bandwidth to send thousands of spam emails
What is a difference from viruses, worms and Trojans?
Trojans cannot self-replicate
What is the weakest point in security?
Humans
What di many malware attacks exploit?
‘buffer overflow’, which occurs where a program accidentally writes values to memory locations too small to handle them, and inadvertent overwrites the value in neighbouring location
What is a result of ‘buffer overflow’?
Overflow data is often interpreted as instructions
What is another example of social engineering threats?
Phishing (persuading individuals to open files, internet links and emails containing malware)
