Unit 1 - 4 Flashcards
What is indirect access?
An approach which involves manipulating the victim in order to gain access and control over an online system. A TYPE OF SOCIAL ENGINEERING
Why do people hack and use indirect access to do so?
To gain access in order to steal personal data and in many cases financial information
Give examples of social engineering?
Baiting - attacks that use a false promise to depict a victim’s greed or curiosity.
Phishing - when criminals use scam emails, text messages or phone calls to trick their victims.
Scareware - involves victims being bombarded with false alarms and threats.
Give the examples of direct threat attacks?
Malware, Brute-force, Denial of service, SQL injection
What is data interception? (Indirect access)
A form of eavesdropping as users are unaware that their data is being extracted, all data moving across the internet or IP network does so in the form of data packets so those data packets may be intercepted. These packets can contain personal information such as passwords is extracted by copied packets. Types can be targeted or bulk.
What is Malware? (Direct threat)
General term to suggest a hostile or software that has infected your device, it might disrupt the efficiency of device or secretly monitor wa you are doing for future reference for e.g. passwords. Spyware does this, viruses disrupt computers operations and efficiency
What is Brute-force (Direct threat)
An approach to guess a password through a computer program that is written to go through every possible combination until the correct one is found, difficulty is dependant on how efficient the password is, character length and variety of characters and symbols
What is denial of service (DOS) (Direct threat)?
A method of preventing legitimate users from connecting to a certain server, website and mainline networks can be blocked to clop the CPU and memory expenditure to gain access and block user access to networks, types HTTP Flood, UDP flood
What is SQL injection (Direct threat)?
Deliberate addition of malicious SQL code into a form of a web where it is able to view and acess databases, aim to gain access to confidential information through a database attack. SQL = Structured query language. Types of SQL include Error-bases, UNION, Out of band
What is prevention?
Techniques used to ensure a network is safe from any attacks or threats
Give the 7 examples of preventions?
Anti-malware software, Firewalls, User access levels, passwords, encryption, physical security, penetration testing
What is anti-malware software (prevention)?
Prevents malware, it is a database that looks for typical virus behaviour and is downloaded and uploaded on a daily basis, types include bitdefender, ransomware protection, malwarebytes free
What is a firewall (prevention)?
Set of rules in which data packets can enter a live network and come in forms of both hardware or software to block certain IP addresses and servers especially gaming servers
What is user access levels (prevention)?
St up by network manager to manage access rights and allocate different groups and accounts to prevent unwanted access to personal data and files, different levels of access can be granted which determine applied actions. 3 Levels include, READ - WRITE - EXECUTE
What is passwords (prevention)?
Best possible way to defend cyber attacks and remain on a safe network, brute force attacks try crack them so having a strong password with a variety of characters and symbols which is relatively long and does not repeat is the best
