Network security threats Flashcards
Why do we need network security?
Connecting computing devices together via a network, allows them to share data and subsequently connect them to the internet, they become vulnerable to attack or misuse
All networks need protection from unwanted intrusion and hacking
What is the aim of network security?
- Only allow authorised users to access what they need
- Prevent unauthorised access
- Minimise the potential damage caused by unauthorised access
What is a hacker?
Someone who attempts to gain access to a computer system with the intent of damaging data or somehow harming that system
What type of hackers are there?
Black-hat hackers
White-hat hackers
Grey hat hackers
What is a Black-hat hacker?
Traditional hackers who attempt to gain access via nefarious means, typically to steal company secrets or cause damage
What is a White-hat hacker?
Security experts (often ex-hackers) employed by a company
- known as ethical hackers and use their skills to try to find vulnerabilities and fix them
What is a Grey hat hacker?
Sit in-between the other 2
They are not employed by a company, but still attempt to locate flaws in company-wide computer systems as a hobby
- this is technically illegal, but they then inform the company the flaw, so it can be fixed.
What is meant by the term malware?
Malicious software that is designed to hack a system
Code written with intent to frustrate or harm
What kind of effects can malware cause?
Depending on the type:
- deleting, corrupting or encrypting files
- causing computers to crash, reboot or slow down
- reducing network speeds
- logging keyboard inputs and sending them to hackers
Name a type of malware
hint V
Virus
What is a virus?
Pieces of code capable of copying themselves and spreading throughout a system
- typically designed to have a detrimental effect like corrupting a file system or destroying data
Name a type of malware
hint S
Spyware
What is spyware?
Form of malware that covertly obtains information about a user’s computer activities by transmitting data from their device
How can spyware be used?
Can be used to harvest sensitive and personal data from a device:
- internet surfing habits
- email addressed
- visited web pages
- Downloads/download habits
- passwords
- credit card numbers
- keystrokes
- cookies
What is a DoS?
Denial of Service attack:
when an attacker floods a server with useless traffic, causing the server to become overloaded
- many past DoS attacks exploited limitations of the TCP/IP stack
Who do DoS attackers typically target?
Web servers or high-profile organisations such as banks and the government
- this attack typically doesn’t result in theft or loss of data or other assets, they can cost a great deal of time and money to handle
What is a DDoS attack?
Distributed denial-of-service
When does a DDoS attack occur?
When multiple systems orchestrate a synchronised DoS attack against a single target
- instead of being attacked from one location, the target is attacked from many locations at once
What is SQL injection?
Code injection technique used to attack data-driven applications
- designed to exploit vulnerabilities in poorly coded database applications
- code is entered into input text boxes and is executed by the server
What is social engineering?
Umbrella term covering several different manipulation techniques that exploit human error, with a view to obtaining private information, access to a restricted system or money
Social Engineering scammers lure users into exposing data, spreading malware or providing access to a system, including:
- Baiting
- Scareware
- Phishing
- Pharming etc
Name and explain a type of social engineering
Hint: P
Phishing:
Online fraud technique used by cybercriminals to trick users into giving out personal information
- Perpetrators disguise themselves as trustworthy source in electronic communication e.g. email or fake website
