SLR1.4 Flashcards
types of attacks
malware
phishing
brute force attack
denial of service attack
data interception and theft
SQL injection
people as a weakpoint in secure systems
malware
software specifically designed to disrupt, damage or gain unauthorised access to a computer system
phishing
sending emails proposing to be from a company to convince individuals to reveal their personal information
brute force attack
a trial and error method of attempting passwords and pin numbers. automated software is used
DDOS
denial of service attack
flooding a server with useless traffic causing the server to become overloaded and unavailable
data interception and theft
stealing computer-based information with the intent of compromising or obtaining personal information
sql injection
a technique used to view or change data in a database by inserting additional code into a text input box, creating a string
what happens during malware
files are deleted, become corrupt or encrypted
crashing occurs, reboot spontaneously and slow down
internet connection becomes slow
keyboard inputs are recorded and sent to hackers to find passwords
what happen during phishing
accessing a victims account to withdraw money
open bank accounts and credit cards, cashing illegitimate cheques
gain access to high value corporate data
what happen during brute force attack
hacker attempts to access corprate systems and try to access sensitive information
what happen during DDOS
companies lose services for customers
lose revenue
productivity lowers
reputation damaged
what happen during interception
usernames and passwords are compromised
corporate data is disclosed
packet sniffers
listens to data that is being transferred between 2 points
what happen during sql injections
reveal private information
data in the database can be amended or deleted
using people as weakpoints
not installing operating system updates
not keeping antimalware up to date
not logging out of a computer
sharing passwords
security softwares
firewalls
spam filters
anti virus
anti spyware
anti spam
staff training
backing up files regularly
preventing phishing
have strong security software
staff training-awareness of spotting fake emails
staff training-disabling browser pop ups
staff training-not revealing personal information
preventing brute force attacks
using progressive delays
using effective passwords
network lockout policy-locks out after 3 tries
preventing DDOS
having strong firewalls
packet filtering on routers
web servers that spot DDOSs
preventing data interception and theft
encryption
using virtual networks
use of passwords
investigating network vulnerabilities
preventing sql injections
validation on input boxes
using parameters queries
setting database permissions
penetration testing
penetration testing
employing people to hack your programs
common errors that staff can make to endanger the security of a network
problem - bringing unauthorised files
solution - not allowing external devices being used on the network
problem - allowing physical access to a network
solution - locking doors
problem - Sending/sharing sensitive data with
third parties
solution - blocking/restricting access to USB ports/emails