Security Flashcards
Computer security
The protection of computers form unauthorised access and the protection from data loss.
How to prevent unintentional loss of data
- Backup of data help to retrieve data when it is lost
- Verification helps to prevent data loss occurring
Backups
Is a copy of data being used that we can keep in case of data loss. The data is copied on separate storage medium.
Where to back up data?
- magnetic media-external hard disk drive or magnetic tapes
- optical media-CD, DVD, Blue-ray disks
- cloud storage-online back up facilities
Verification
Is a check that asks the user to confirm whether or not he wishes to go ahead with the instruction.
When the verification is used?
- when attempting to save a file with a filename that already exists in that location
- when deleting a record or file
Types of attacks
- malware
- phishing
- pharming
- denial of device (DoS) attack
Types of malware
- viruses
- worms
- trojan horses
- spyware
Worms
They replicate themselves over and over, filling the computer’s storage. This can cause a computer to run slowly or stop running.
Trojan
Programs that disguise themselves as other programs. When run, they act like any other virus, deleting and corrupting files.
Phishing
Attack usually comes in the form of email. The email will look person or organisation that is known and trusted by the user. It is designed to trick user into giving data such as passwords.
Pharming
Attempts to trick the user into giving their personal data by using fake websites. When a user tries to visit a genuine website, they instead re-direct to a fake website that looks almost same.
How does pharming work?
Malware installed on the user’s computer look for domain names of reputable sites and translates them into different IP addresses those of fake websites.
DoS attacks
Denial of Service. These attacks are not designed to gain access to data but instead they prevent access to data.
How does DoS attack work?
It attempts to prevent access to a server by sending it more requests than it can handle. The request queue becomes so large that the server cannot respond to all requests within a reasonable time.
Physical security
Security that prevents a physical access to a computer.
E.g.
Locks-computers can be kept in locked room
CCTV-cameras can be used to monitor who physically accesses a computer.
Security guards-extra level of security to help deter unauthorised people.
Authentication
Is designed to stop a user from being able to access the system once they have physically got to it. Also, when hacker is trying to get access trough internet.
Biometrics
As physical characteristics are unique, they provide a way to identify a user to a computer. It uses scanners or sensors to record input.
Proxy servers
One way to protect a network server from attacks is to prevent direct access to the server itself. This is done by directing traffic to an intermediary server. The proxy server sits between the network server and the internet.
Benefits of proxy servers
- if the data are lost on proxy server, the original data are still held on server network
- as a proxy server can handle requests and transfer data, the network server is free and faster
- can hold copies of frequently visited webpages. This speeds up access to those pages, since the webpages do not have to be downloaded again
- can be used to prevent users on a network from accessing external websites
Encryption
A way of modifying data to make it difficult to understand by unauthorised person.
Key
Information that describes how a massage is encrypted or decrypted.
SSL
Secure Socket Layer. It uses asymmetric encryption to create a secure links between computers, so data can be transferred safely.
TSL
Transport layer security. More recent, updated version of SSL. It works the same way as SSL.
