security Flashcards
what is malware ?
Malware is any type of harmful program that seeks to damage or gain unauthorised access to your computer system
virus
- can replicate itself
- and spread from system to system by attaching itself to infected files
- only activated when opened by a human
- once activated , it can change data or corrupt a system so that it stops working
worm
- can replicate itself
- and spread from system to system by finding weaknesses in software
- does not need an infected file or human interaction to spread
- can spread very quickly across a network once it has infiltrated it
what is a trojan?
- a harmful program that looks like legitimate software so users are tricked into installing it
- secretly ives the attacker backdoor access to the system
- do not self replicate or infect other files
what is spyware ?
- secretly records the activities of a user on a computer
- aim of spyware is to record usernames, passwords and credit card information
- all recorded information is secretly passed back to the attacker to use
keylogger
- secretly records the key presses of a user on a computer.
- data is stored or sent back to the attacker
- aim of keylogger is to record usernames, password and credit card information
- keyloggers can be downloaded or plugged into the USB port
ransomware?
- locks files on a computer system using encryption so that a user can no longer access them
- the attacker demands money from the victim to decrypt (unlock) the data
- attackers usually use digital currencies like bitcoin which makes it hard to trace them
what is phishing ?
- the method of misleading individuals or organizations into sharing sensitive information , often through the use of emails
- phishers may pose as trusted company like amazon or YouTube to direct users to open malicious attachments or encourage them to follow fraudulent links to steal their data
what is social engineering?
- the means to trick others into revealing their personal data by posing as a trusted source
- e.g. impersonating an IT technician of a school via email and asking for a student’s username and password
what is interception?
- when data packets on a network are intercepted by a third party (e.g hacker) and copied to a different location than the intended destination.
- software called packet sniffers are used to intercept and analyse data packets
what software is used to intercept and analyse data packets ?
software called packet sniffers are used to intercept and analyse data packets
what is physical theft?
- computer systems or storage devices may be stolen in public or from offices
- unwanted systems and storage media should be disposed of securely as data could be stolen from discarded information, such as old CDs or even printed paper
what is hacking ?
- the method of exploiting weaknesses in a system or network to create, view, modify or delete files without permission.
- A hacker is anyone who gains access to data or systems that they do not have authority to access
what does DoS and DDoS stand for?
denial of service attack
distributed denial of service attack
what is a DoS attack?
- when a computer repeatedly sends requests to a server to overload the system
- a server overload will slow the system and may take websites offline temporarily
what is a DDos Attack?
- a coordinated attack using a botnet of infected systems to overload a server with requests.
- A botnet is a large group of devices controlled and used maliciously by an attacker
what does SQL stand for?
Structured Query Language
what is an SQL injection?
- SQL is a programming language used for manipulating data in databases
- SQL injection is when a malicious SQL Query (command) is entered into a data input box on a website
- if the website is insecure then the SQL query can trick the website into giving unauthorised access to the website’s database
- An SQL injection can be used to view and edit the contents of a database or even gain administrator privileges
What is brute force attack?
- in order to break a password , every possible combination is tested in order from start to finish
- This is not a quick method but it should break the password eventually and can be sped up if multiple computer systems are used at the same time
What is IP Address Spoofing ?
- when an attacker changes the IP address of a legitimate host so any visitors to the URL are instead taken to a spoofed (fake) web page
- This web page is used to record any inputted data (e.g usernames and passwords) and send it back to the attacker
- The spoofed web page can also be used to install malware
what is network forensics ?
- the monitoring of a network to identify unauthorised intrusions
- network forensics is used to record and analyse attacks on a network and to gather other information about how the network is performing
- it is important for organisations to identify weaknesses in their networks so that they can fix them and be prepared for any type of attack or malware
what is footprinting?
- a method of evaluating a network’s security
- when a security team puts itself in the attacker’s shoes by obtaining all publicly available information about the organisation and its network
- footprinting allows the company to discover how much detail a potential attacker could find out about a system
- the company can limit the technical information about its system that is publicly available
what are penetration tests?
- carried out as part of ethical hacking
- ethical hacking is when a. organisation gives permission to specific ‘good ‘ hackers to try and attack a system so that the weak points can be highlighted and then fixed
- the purpose of penetration tests is to review the system’s security to find any risks or weaknesses and to fix them
what is ethical hacking ?
- ethical hacking is when a. organisation gives permission to specific ‘good ‘ hackers to try and attack a system so that the weak points can be highlighted and then fixed
what are internal tests?
internal tests are carried out to see how much damage could be done by someone within the company with a registered account
what are external tests?
- are for white hat hackers to try and infiltrate a system from outside the company
what are blind tests?
are carried out with no inside information , to stimulate what a real attacker would have to do to infiltrate a system
what are targeted tests ?
conducted by the company’s IT department and the penetration team cooperating together to find faults in the system
what is anti-malware software?
- used to locate and delete malware, like viruses , on a computer system
how does anti-malware software work?
- the software scans each file on a computer and compares it against a database of known malware
- files with similar features to malware in the database are identified and deleted
- new forms of malware are created each day by attackers, so anti-malware software must be regularly updated to keep the system secure
other roles of anti-malware software :
- checking all incoming and outgoing emails and their attachments
- checking files as they are downloaded
- scanning the hard drive for viruses and deleting them
what is a firewall and how does it work?
- a firewall manages incoming and outgoing network traffic
- each data packet is processed to check whether it should be given access to the network by examining the source and destination address
- unexpected data packets will be filtered out and not accepted to the network
other roles of firewall :
- blocking access to insecure/malicious websites
- blocking certain programs from accessing the internet
- blocking unexpected / unauthorised downloads
- preventing specific users on a network accessing certain files
what is double authentication also known as ?
two-factor authentication (2FA)
what is double authentication ?
- a method of confirming someone’s identity by requiring two forms of authorisation e.g. password and pin code sent to your mobile
describe secure passwords as a method of protection
- usernames must be matched with a secure password to minimise the chances of unauthorised users accessing a system
- passwords should contain a mix of uppercase and lowercase letters , punctuation and numbers
- password should be a substantial length (at least 8 characters) and should be regularly changed
why are user access levels used?
so only certain users can access and edit particular files
what is read-only access?
when a user can only view a file and is not allowed to change any data
e.g a teacher may set instructions as read-only for students to view
what is read and write access?
allows a user to read and edit the data in. a file
e.g a teacher may set an online workbook as read and write access for students to fill in
why is it important to set access levels?
so that only authorised users can view and change data.
the more users who have access to a file to the more likely it is to be compromised
what is encryption ?
the process of scrambling data into an unreadable format so that attackers cannot understand it if intercepted during transmission
how does encryption work?
the original data( plaintext) is converted to scrambled ciphertext using an encryption key
- only at the correct destination will the encryption key be used to convert the ciphertext back into plaintext to be understood by the receiving computer
what is an example of a simple method of encryption?
the XOR logical operator
- xor is used on the plaintext and key together to create the ciphertext.
- using XOR gain on the ciphertext and key will reverse the encryption to reveal the plaintext
