1.6 System Security Flashcards
Define malware
MALicious softWARE written to infect computers and commit crimes such as fraud and identity theft.
Define worms
Replicates itself to spread to other computers often using a computer network and fills up the RAM.
Define network policies
How a system can be secured through specific rules or requirements.
Define firewalls
Software that performs a “barrier” between a potential attacker and the computer system.
Define penetration testing
Tests performed under a controlled environment by a qualified person.
What are the effects of malware?
1) Computer may crash, reboot spontaneously or slow down without any logical explanation. 2) When a worm infects a computer, the internet connection may become slow as the worm searches online for other computers to infect. 3) Files may be deleted, become corrupt or encrypted. 4) Hackers record typed keys of computer so they know passwords.
How can you prevent malware?
1) Strong security software (firewall, spam filter, anti-virus, anti-spyware, anti-spam). 2) Enable OS updates. 3) Staff training: caution opening attachments. 4) Back up files regularly.
Define social engineering
Relies on human interaction (social skills).
Define phishing
Form of social engineering.
What are the effects of phishing?
1) Accessing a victim’s account and withdraw money or purchase merchandise or services. 2) Open new bank or credit-card accounts in a victim’s names, and use the new account to cash illegitimate checks or purchase merchandise. 3) Gaining access high-value corporate data. 4) Financial services can blacklist institutions, resulting in reputational damage.
How can you prevent phishing?
1) Strong security software (firewall, spam filter, anti-virus, anti-spam). 2) Staff training: awareness of spotting fake websites & amp; emails. 3) Staff training: never disclose personal or financial information. 4) Staff training: disable pop-ups.
Define brute force attack
Trial and error method used by programs to decode encrypted data such as: passwords or Data Encryption Standard (DES) keys, through exhaustive effort rather than employing intellectual strategies.
What are the effects of brute force attack?
1) Theft of data.
How can you prevent brute force attacks?
1) Network lockout policy: locks out after number of tries expires. 2) Effective software: progressive delays. 3) Staff training: using effective passwords that contain symbols and numbers. 4) Challenge response tests e.g. reCAPTCHA.
Define denial of service attack
Flooding a server with useless traffic causes servers to become overloaded preventing them responding to legitimate client-server requests from users.
What are the effects of denial of service attack?
1) Revenue losses: downtime affects profits. 2) Productivity Loss. 3) Reputation Damage.
How can you prevent denial of service attacks?
1) Strong security software (firewall). 2) Packet filters on routers. 3) Configuration of the web server. 4) Good network policy: audits, logs, monitoring.
Define data interception and theft
An attacker monitors data streams to/from a target, in order to gather sensitive information.
What are the effects of data interception and theft?
1) Discovering username and password credentials. 2) Gaining access to systems. 3) Disclosure of corporate data. 4) Theft of data.
How can you prevent data interception and theft?
1) Strong encryption. 2) Using virtual networks. 3) Staff training: use of passwords, locking and portable storage devices. 4) Network forensics.
Define SQL injection
A code injection technique, used to attack data-driven applications.
What are the effects of SQL injection?
1) Contents of the database can be output, revealing data that otherwise would be hidden. 2) Data in the database can be amended and deleted. 3) New rogue records can be added.
How can you prevent SQL injection?
1) Validation of input fields. 2) Using parameterised queries. 3) Using database permissions. 4) Penetration testing.
There are few/many ways in which networks can be attacked
many
