Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

A Computer Science : Unit 1 > System Security > Flashcards

System Security Flashcards

You may prefer our related Brainscape-certified flashcards:
Biology 101 flashcards
1
Q

Threats / Attack Methods

A

Malware
Phishing
People as a ‘weak point’
Brute Force Attacks
Denial of Service Attacks
Data Interception
SQL Interjections
Poor network policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Different types of Malware

A

Viruses
Spyware
Adware
Pharming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Viruses

A

Viruses are small programs which aim to cause physical harm to a computer system. ​

They often get confused with spyware (which simply spy’s on users, recording key strokes etc. but do not aim to harm the system – just the user).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Standard Virus

A

These hide in files / programs and replicate themselves in order to spread into other programs / files. Their aim is usually to delete or damage data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Worms Virus

A

These don’t necessarily damage data, instead they simply try to replicate themselves, using more and more of the computer’s resources, slowing down your computer and making it useless.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Trojan Virus

A

Trojan Virus​

These are often programs (such as a game) which you can use. But in the background they will cause harm, like deleting your files, making annoying changes to your computer setup or creating a portal for other users to use in order to gain access to your system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Spyware

A

Spyware’s aim is to spy on the user and send back as much information about them as possible (passwords, usernames, websites they visit, purchases they have made).​

The reason for collecting this data is so that ‘senders’ of the spyware can use this information to steal your identification or sell your information to third parties who will then target you with advertisements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Adware

A

Like spyware, this type of malware doesn’t physically deleted or corrupt a systems data.​

Instead its aim is to download and display unwanted adverts and collect marketing information about your online habits.​

It will often also try to direct you to unwanted websites by changing your default homepage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Pharming

A

Pharming malware seeks to change the IP address stored in the DNS (or cached on our computer) to another IP address so that the user is sent to a phoney website instead of the one they intended.​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Scareware

A

This kind of malware often comes in the form of a pop up telling you that you have a virus. The pop up will them advertise purchasable software hoping that you will pass over your money.​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ransomware

A

This malware will seek to lock your computer making it useless. It will then demand that you pay a sum of money in order for you to get your computer working again. ​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Rootkits

A

These pieces of malware contain a set of tools, which once installed, allow a criminal to access your computer at an administrator level, allowing them to do pretty much what they like.​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Phishing

A

Phishing seeks to acquire sensitive information about a user such as their usernames, passwords, bank details etc.​

The way in which this is done is usually through the form of direct electronic communications (emails / phone calls).​

These emails or phone calls try to impersonate legitimate companies (such as banks) and ask you to give away sensitive information.​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Social Engineering

A

Social engineering is the act of manipulating people and is often used by criminals to force people to make mistakes which can compromise a network’s security.​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Brute Force Attacks

A

A Brute Force Attack is were criminals will use trial and error to hack an account by trying thousands of different possible passwords against a particular username.​

They will repeatedly try to ‘login’ with one password after another.​

This threat can be easily reduced by ensuring that a system locks an account if more than three unsuccessful password attempts have been made.​

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Denial of Service Attack

A

This method seeks to bring down websites by using up the web server’s resources.​

This is done by acquiring multiply computers (often through malware) to repeatedly try to access (or log into) a website.​

17
Q

Data Interception and Theft

A

Hackers can use specialist hardware and software to secretly monitor network traffic and can intercept any packets that they believe may contain sensitive data.​

They use ‘packet sniffers’ to sniff out these data packets, decode them and steal the information inside, such as passwords and bank numbers.​

18
Q

SQL Injections

A

SQL stands for Structured Query Language and is used to lookup data in a database.​

When you log in to an account, you will add your username and password into a couple of input boxes.​

With SQL injections, you can ‘bolt on’ some SQL to the end of your password. This will then alter the SQL statement and allow you to access the accounts of other users.​

19
Q

Network Policy

A

A network policy is simply a set of rules and procedures that network users must follow.​

They may include rules / procedures such as:​

Use complex passwords​

Have different levels of access (only certain people in a company can access sensitive data)​

Lock computers if the user leaves their desk​

a network policy is poor, or if it is not followed properly, then the risk of a breach in system security increases.​

20
Q

Identification and Prevention

A

Penetration Testing
Network Forensics
Network Policies
Anti - Malware Software
Firewalls
User Access Levels
Passwords
Encryption

21
Q

Penetration Testing

A

‘Penetration Testing’ is where a company will invite / employ experts to try to simulate a range of network attacks such as Denial of Service attacks (DoS), SQL injections and Brute Force Attacks.​

They will attempt to discover any weaknesses in the system and will summarise their findings to the company who will then make improvements to their system security.​

22
Q

Network Forensics

A

Networks should have software which continually monitors network traffic.​

In the event of an attack, this monitoring can play an important part in finding out how the attack was carried out and also by whom.​

The monitoring software will monitor data packets and so after an attack, suspicious data packets can be analysed forensically.​

23
Q

Acceptable Use Policy

A

Use complex passwords​

Have different levels of access (only certain people in a company can access sensitive data)​

Locking computers if the user leaves their desk​

No installing of software and downloading files from the WWW​

No use of USB sticks​

24
Q

Backup Policy

A

The person responsible for backing up​

The time and frequency that data should be backed up​

The media on which back ups should be stored on​

The location of the storage of backups (offsite)​

The data to be backed up (all or changes since last backup etc.)​

25
Q

Disaster Recovery Policy

A

he person responsible for backing up​

The media on which back ups have been stored and its location​

The organisations who will help supply the resources / hardware to get the system back up and running.​

26
Q

Anti - Virus Software

A

Viruses are small programs which aim to cause active harm to a computer system. ​

They often get confused with spyware (which simply spy’s on users, recording key strokes etc. but do not aim to harm the system – just the user).​

Anti-virus software is dedicated to finding and destroying these files.​

27
Q

Firewalls

A

When files are sent across the internet, they are broken down into small packets of data. ​

The part of the computer which receives these packets is made up of 256 ports (you can think of these ports like a country’s ports, which manage people in and out of the country)​

A firewall monitors the data which flows through the ports.​

They also keep ports closed and open only those that they expect data to be sent to. For example, incoming emails are usually sent to port 110.​

Having ports closed protects the computer from hackers, plus its continual monitoring will help detect hacker activity.​

28
Q

User Access Levels

A

This is where users of a computer system will be given different access rights depending on their role in the company.​

What this means is that depending on their role in the company, some users will have access to certain parts of the system with other parts inaccessible.

29
Q

Passwords

A

Passwords are in place to ensure that a network has no unauthorised access.​

30
Q

Encryption

A

Encryption is where data is scrambled before being sent across a network so that it is unreadable if intercepted.​

To encrypt data, an encryption key is used which will convert ‘plain text’ into ‘cipher text’.​

A Computer Science : Unit 1 (26 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions