Topic 6 - Cyber Security Flashcards
What are the 4 types of attacks ?
Active attack
Social engineering
Passive attack insider attack
What is an active attack ?
When someone uses malware or other technical methods to compromise a network’s security
What is social engineering?
When a person is exploited into giving away critical information that gives access to the network or accounts.
What is a passive attack ?
When a hacker eavesdrops on a network by ‘sniffing’ the data packets
What is an insider attack ?
When someone in an organisation gives away access details or sensitive information.
What is the name for any methods which allow users to prove that an account is theirs ?
Authentication
What is the most common authentication method ?
The most common authentication method is using a password.
Why do many hackers want to find people’s passwords ?
so that they can gain access to accounts:
What is Finding people’s passwords called ?
cracking the password
What is a brute force attack ?
A brute force attack tries to crack a password by trying every single combination of letters and numbers until the correct one is found
What is the problem with a brute force attack ?
This can take a very long time, although special software is used to do this which makes it possible to make millions of attempts per second
What is a dictionary attack ?
A quicker form of the brute force attack is the dictionary attack.
Rather than attempting every single combination, a dictionary attack tries words from a predetermined list:
A common dictionary to use would be a list of common passwords.
What are three ways to protect against password cracking ?
Writing a network policy which enforces strong passwords can protect against dictionary attacks.
Using two-factor authentication can prevent the hacker from logging in, even if they have the password.
Restricting the number of failed password attempts before an account is ‘locked’ for a fixed period of time can deter hackers.
How do denial of service (DoS) attacks work ?
A denial of service (DoS) attack tries to bring down a server by flooding it with many useless requests.
The attack aims to overload the server. This stops the server responding to legitimate requests
What can be used to protect a server from a DoS attack ?
A fire wall
How does a fire wall protect a server from a DoS attack ?
a server’s firewall can blacklist (ban) any traffic from an IP address which is known to perform DoS attacks.
Firewalls can also monitor traffic in real time. So if a new IP address starts to send too much traffic then traffic limits can be set.
When are Distributed DoS (DDos) attacks used ?
commonly used to overcome the blacklisting of an IP address because of a high number of requests
In a DDoS attack how are requests sent ?
from an army of compromised machines, known as a botnet
How do the bonnets work in DDoS attacks ?
Botnet machines are infected with malware which allows a hacker to send requests from their computer.
The botnet can launch a huge number of simultaneous requests. The owners of the devices in the botnet might not even realise they are taking part.
What does Penetration testing identify ?
vulnerabilities in a network’s security
How does penetrating testing work ?
by attempting a controlled attack on the network
This usually involves carrying out multiple types of attack to see which is most successful.
Who performs penetration testing ?
the organisation itself, or an external organisation or contractor they have hired
What does a good penetration test check ?
Technical vulnerabilities.
Likelihood of social engineering.
A test of damage recovery
What is the motivation for penetration testing ?
Organisations choose to perform penetration testing to try to find vulnerabilities before criminals do.
If an organisation can find and fix a bug before it is exploited, it can save time and money.
What are the two types of penetration tests ?
White box penetrating testing
Black box penetrating testing
What is white box penetration testing ?
A white box penetration test is done inside an organisation.
In a white box penetration test, system administrators will test how vulnerable the system is against someone with knowledge of the system, and possibly a user account with low access rights.
This will help to prevent insider attacks.
What is black box penetration testing ?
A black box penetration test is done outside of an organisation.
A system administrator might pay an outside organisation to attempt to gain access to their systems in a controlled way.
This will allow the system administrators to experience a ‘practice’ attack which is very similar
to a real attack.
Who are often the weak point in any network security package?
People
What is social engineering?
the art of manipulating people so they give up confidential information
What are ways to protect against social engineering?
Education and training
Public awareness campaigns
Company security policies
What’s the most effective means of protection against social engineering ?
education and training
How does education and training help prevent social engineering?
People are made aware of the tactics of fraudsters:
This makes it more likely that they will recognise a fraudulent phone call.
How do company and security policies help prevent social engineering?
Company security policies include instructions that employees must follow to uphold security.
For example:
Don’t discuss a user account without the user having confirmed their PIN number.
How do public awareness campaigns help prevent social engineering?
Banks and governments often run public awareness campaigns to educate members of the public about the risks of social engineering.
These often include case studies of what could happen if people do not take care.
What are three types of social engineering?
Shouldering
Pharming
Blagging
