Network Security Threats Flashcards
Different forms of network attacks
Passive
Active
Insider
Brute force
Denial-of-service
Passive Attack
When hackers monitor data travelling on a network using packet sniffers to find sensitive data
Best defense: Data encryption
Active Attack
Malware
Best defense: firewall
Insider Attack
Someone within an organization uses their access to steal information
Brute Force
Automated software used to generate hundreds of likely passwords to crack it
Denial-of-service
Hacker floods network with useless traffic making it impossible to access the website
What is malware?
A software installed on a persons device without their consent
Examples of actions of malware
Deleting files
Spyware: secretly monitors users
Locking files and hacker asks for money in exchange to give the decrypt key
How can malware access your device?
Trojans: Disguised as legitimate software
Viruses attach to certain files: activated when user opens the file
What is the weak point of a secure system?
People
What is social engineering?
Way of gaining illegal access to network by influencing employees of the company
Types of social engineering
Telephone - hacker pretends to be from the company and employee discloses sensitive information
Phishing - Hackers send emails pretending from a legit company which contain links asking for personal information
What is SQL injection?
Pieces of SQL typed into input box which reveals sensitive information
Can be used when SQL code of a website is insecure - easy to pass website’s firewall
Ways to prevent network vulnerabilities
Penetration Testing
Passwords
Physical Security
User Access Levels
Anti-Malware Software
Encryption
Penetration Testing
Organization employs specialists to stimulate possible attacks on a network