Forms of Attack Flashcards
What is Malware?
- It is malicious software that can harm devices
- Deleting/modifying files, scareware, locking files, spyware, Rootkits, opening backdoors
How to stop Malware?
- Firewall
- Anti-virus
- Spam filter
What is Phishing?
- Social engineering where criminals send emails or texts to people claiming to be from a well-known business (eg a bank or an online retailer)
- The email often contains links to spoof versions of a company’s website
- They then request the user to update their personal information
- When the user inputs this data, they hand it over to the criminal who can then access their genuine account
These emails are sent to thousands of people
How can you stop Phishing?
- Many email programs, browsers and firewalls have anti-phishing features that will reduce the number of phishing emails recieved
- Poor grammar can also be spotted
- Staff training
- Disabling browser pop-ups
What is a Brute Force Attack?
- A type of attack used to gain information by cracking passwords through trial and error
- It uses automatd softwre to produce hundreds of likely password combinations
- Hackers may try loads od passwords against one username
How to prevent a Brute force Attack?
- Two-factor authentication
- Locking accounts after a number of password attempts
- Use strong passwords with a combination of numbers and symbols
- Progressive delays
What is a Denial-Of-Service attack?
- Where a hacker tries to stop users from accessing a part of a network or a website
- This involves flooding the network with useless traffic making the network extremely slow or completely inaccessible
How to prevent a Denial-Of-Service attack?
- Strong firewall
- Packet filters on routers
- Configuring the web server
What is a Distributed Denial of Service?
A distributed denial-of-service (DDoS) attack is a DoS attack that uses multiple computers or machines to flood a targeted resource.
What is Data Interception and Theft?
- Where hackers try to get access to sensitive information
- This could be done through a passive or active attack
What is a SQL Injection?
Pieces of SQL typed into a website’s input box which then reveal sensetive information
How to prevent Data interception and Theft?
- Encryption
- Firewall
- Staff training : Use of passwords, locking computers, logging off, physically locking areas with computers
- Investigating your own network for vunerabilities
- Antivirus, Anti-malware
How to prevent SQL attacks?
- Validation on input boxes
- Penetration testing
- Setting database permissions
Way of Preventing Attacks/Mitigating Risks
- Penetration testing
- Physical security
- Passwords
- User access levels (Controls which parts of a network different users can access)
- Anti-Malware
- Encryption
What is Penetration testing?
- Employing specialists to stimulate potential attacks on the network
- Used to indentify possible weaknesses in a network’s security by trying to exploit them
- The results on the pentest are then reported back