Topic 2 Flashcards
Refers to malicious software designed to disrupt, damage or gain unauthorized access to systems
Malware
Malware Prevention Methods
Regular Software Updates
Antivirus Software
Network Segmentation
Educate Users
Malware Prevention Tools and Strategies
Patch Management Systems
Endpoint Detection and Response (EDR)
Regular Backups
Network Segmentation
Involves tricking individuals into providing sensitive information by pretending to be a trusted entity
Phishing
Phishing Prevention Methods
Email Filtering
Employee Training
Verify Links and Senders
Multi-Factor Authentication (MFA)
Phishing Prevention Tools and Strategies
Email Security Gateways
Phishing Simulations
Zero Trust Access
Threat Intelligence Feeds
This threat exploits human psychology to manipulate individuals into divulging confidential information
Social Engineering
Social Engineering Prevention Methods
Strict Access Control
Verify Requests
Awareness Programs
Incident Reporting
Social Engineering Prevention Tools and Strategies
Access management
Strong Internal Authentication
Verification Protocols
Social Engineering Defense Training
Flaws or weaknesses in code that attackers can exploit to compromise systems, steal data, or gain unauthorized access
Software Vulnerabilities
Buffer Overflow
Injection Flaws (SQL/Command injection)
Cross-Site Scripting (XSS)
SV - Common Vulnerabilities
Physical Access Exploits
Side-Channel Attacks
Hardware Vulnerabilities
Weaknesses in network protocols, configurations, or infrastructure that can lead to unauthorized access or data interception
Network Vulnerabilities
Weak or Default Credentials
Man-in-the-Middle (MITM) Attacks
Unsecured Network Devices
Denial of Service (DoS) and Distributed Denial of Service (DDos Attacks:
Outdated or Insecure Protocols
NV - Common Vulnerabilities
Overloading systems of networks to make them unavailable to legitimate users
Denial of Service (DoS)
Intercepting communication between two parties to eavesdrop or alter data
Man in the Middle (MITM) Attacks
Cracking or steals passwords through brute force, dictionary, attacks, or keylogging
Password Attacks
Exploiting software vulnerabilities before the vendor releases a patch
Zero-Day Exploits