Unit 3- Operating Online Flashcards
What is unauthorised access?
- when a user gains access to a network without permission
What can unauthorised access be the result of?
- direct entry - a user tries to gain access directly by themselves or by by using software designed to try username and password combinations repeatedly (brute force attack)
- indirect entry - a users tries to gain access indirectly by exploiting vulnerabilities in software or users
What are botnets?
- groups of computers that are used without an owners knowledge to carry out harmful activities or spread malware
What can accidental deletion occur?
- Presses the wrong key on a keyboard
- Formats media on the wrong device
- Loses power unexpectedly
What is malware?
Malware (malicious software) is the term used for any software that has been created with malicious intent to cause harm to a computer system
What are some examples of issues caused by malware?
- Files being deleted, corrupted or encrypted
- Internet connection becoming slow or unusable
- Computer crashing or shutting down
What are the different types of malware?
virus, worms, trojan, spyware and ransomware
What does a virus do?
- program which can replicate itself on a users computer
- contains a code that will cause unwanted and unexpected events to occur
examples of issues a user may experience are: - corrupt files
- delete data
- prevent applications from running correctly
What does the malware worms do?
- very similar to viruses
- the main differences being they spread to other drives and computers on the network
worms can infect other computers from: - infected websites
- instant messages services
- network connection
What does a trojan do?
- sometimes called a trojan horse
- trojans disguise themselves as legitimate software but contain malicious code in the background
What does spyware do?
- software which will allow a person to spy on the users activities on their devices
- form of software will be embedded into other software such as games or programs that have been downloaded from illegitimate sources
- can record your screen, log your keystrokes to gain access to passwords and more
What does Ransomware do?
- form of malware that locks your computer or device that encrypts your documents and other important files
- a demand is made for money to receive the password that will allow the user to decrypt the files
- no guarantee that paying the ransom will result in the user getting their data back
What is phishing?
- form of social engineering
- involves sending fraudulent, legitimate looking emails to large number of email addresses (they claim to be from a reputable company or trusted source and try and gain access to your details)
- tries to coax the user to click on a log in button and enter their details
What are the effects of phishing?
- creator of the email can gain unauthorised access- this gains personal data like login information, bank accounts
- can lead to identity theft or fraudulent activity on credit cards and bank accounts
How can phishing be prevented?
Phishing can be prevented by:
- Anti-spam filters to avoid fraudulent emails arriving in a user’s inbox
- Training staff to recognise fraudulent emails and to avoid opening attachments from unrecognised senders
- User access levels to prevent staff from being able to open files-types such as executable (.exe) files and batch (.bat) files
What is pharming?
Pharming is typing a website address into a browser and it is redirected to a ‘fake’ website to trick a user into typing in sensitive information such as passwords
An attacker attempts to alter DNS settings or change a users browser settings to redirect users to the fraudulent website
What are the effects of pharming?
The creator of the malicious content can gain unauthorised access to personal data such as login information, bank accounts and more
- can lead to identity theft or fraudulent activity on credit cards and bank accounts
How can pharming be prevented?
- Keeping anti-malware software up to date
- Checking URLs regularly
- Make sure the padlock icon is visible
Exam question: Explain why phishing messages are sent to many users (2 marks)
It increases the chances of a user responding [1] because not all users are vulnerable / phishing targets vulnerable users / more people are aware of phishing [1]
What is a strong password?
Strong passwords should contain:
- More than eight characters
- mixture of letters, numbers and symbols
- mixture of uppercase and lowercase letters
- Uncommon words/phrases
Passwords should be changed regularly
What are biometrics?
Biometrics are a way of authenticating a user by using their unique human characteristics
Some of the ways biometrics can be used are:
- Fingerprint scans
- Retina scans
- Facial recognition
What are the advantages of biometrics?
- Unique to the person and can not be copied, meaning that the data is always with the person
-Passwords can be easily copied, forgotten, guessed or cracked - It is difficult to copy or forge biometric data
- Eliminates the possibility of attacks such as shoulder surfing and key-logging software
- A high degree of accuracy as there is no known way to copy a person’s retina pattern for example
What are the disadvantages of biometrics?
- can be intrusive, for example, scanning eyes
- Scans be not be recognised, an example of could be fingerprint scans with dirty hands
- Very expensive to install
- Low light can provide an issue for facial recognition as well as hats and glasses
- People may be uncomfortable having their most unique characteristics being stored in a database
What is CAPCHA?
- method of testing if a website request originates from a human or a machine (bot)
- used to prevent spam and protect logins
Completely Automated Public Turing test to tell Computers & Humans Apart (CAPTCHA) examples include:
Text - Asking users to enter characters from a distorted text box, users would need to decipher the characters and enter them in a designated box
Image - A grid of images, a user would be asked to select all those that contain a specific object
Checkbox - A simple checkbox appears asking the user to confirm they are not a robot