System Security and Software Flashcards
Different forms of attack
malware
phishing
brute force
denial of service
data interception and theft
SQL injection
Malware def
Software written to infect computers and commit crimes
e.g fraud, identity theft
They xploit vulenrabilites in OS software.
Malware examples
Virus
Worm
Trojan
Spyware
Adware
Ransomware
Pharming
what are viruses and worms
Virus: program hidden within another program/file, designd to cause dmg to file systems
Worm: independent self replicaing program that spreads itself between multiple connected systems
what are torjan and spyware
trojan: software that causes damage or allows access for criminals to use the device
Spyware: software that secretly passes info to a criminal without users knowledge.
what is adware and ransomware
Adware: displays targeted adverts and redirects search requests without permission
Ransomware: software that locks access to a users system until a ransom is paid
pharming def
redirecting of a users website by modfiying their DNS entries to a fraudulent site without their permission
phishing
fraud technique.
designed to get you to give away personal info.
achieved by disgusinig themselves as a trustworthy source in an electronic communication e.g email, fake website
brute force attack
trial by error method used by programs to decode encrypted data such as passwords and keys
denial of service attack
flooding a server w/ useless traffic cuasing server o overload and crash. comes from one device.
distributed denial of service attack comes from multiple deivces. these devices are compromsed systems infected with a trojan.
dos attacks have exploited limitations in TCP/IP stack.
data intercpetion and theft
an attacker monitors data streams to and from a target in order to gather sensitive info
can use technique claled ‘sniffing’ - act of monitoring traffic on network to pick out unencrypted passwords and configuration info
SQL injection
code injection technique used to attack data driven apps
makes use of vulnerabilities in poorly coded database apps
code entered into text boxes and eecuted by server
social engineering
using people as the ‘weak point’ in secure systems
threats posed to networks: malware
files are deleted, become corrupt or are encrypted
computers crash, reboot spontaneously and slow down
internet connections become slow
keyboard inputs are logged and sent to hackers
how do infections psread quickly on networks
client is infected, malware then infects the server, then all other clients
threats posed to networks: phishing
accesing a victim account to withdraw money or purchase things
open bank accounts and credit cards, cashing illigitmate cheques
gai access to high value coroprate data
financial services can blacklist the company, resulting in dmg to brand reputation
threats posed to networks: brute force atacks
theft of data
access to coroprate systems
threats posed to netowrks: denail of service attacks
loss of access to a service for customers
lost revenue
lower productivity
damage to reputation
threats posed to networks: data interception and theft
usernames and passwords compromised allowed unauthroised acccess to systems
discloure of coroprate data
theft of data
threats posed to networks: sql injection
contents of databases can be output, revealing private data
data in database can be amended or deleted
new rogue records can be added 2 database
threats posed to networks: people as a weak point
many system vulnarabilites caused by ppl being careless:
not installing OS updates
not keeping anti-malware up to date
not locking doors to computer rooms
not logging off or locking their comp
leaving printouts on desks
writing paswords down on sticky notes attached to comps
sharing passwrds
losing memory sticks/laptops
not appling security to wireless networks
not encrypting data
