Internet Security Flashcards
(19 cards)
What are worms
Self-replicating pieces of software that spread through networks. Slow down the computer and use up internet bandwidth
What are trojans
A malicious program that disguises itself as legitimate software. Can give access to the computer, allowing them to steal personal information.
What are viruses
Self-replicating and are spread through a host file or program
What is phishing
Using an email to manipulate the victim into visiting a fake website and giving away personal information
What is SQL injection
Where users enter SQL commands via online databases forms to change the processing
How can you minimise threats to the system
Anti-virus software
Up-to-date software
Improve code quality
Strong passwords
2FA
Firewalls or proxy servers
VPNs
Digital signature
Symmetric/asymmetric encryption
How does anti-virus software work
Will scan your computer for known malware and will quarantine the file if found
What does Up-to-date patches mean
Updates to the operating system and application programs to reduce vulnerabilities in the system
How does VPN work
Encrypts your internet making it harder for hackers to intercept your data
How does improving code quality help
Guard against buffer overflow attack
Guard against SQL injection attack
Use of strong passwords for login credentials
2FA
Use of access rights
How does firewalls work
A firewall is a security system that monitors and controls incoming and outcoming traffic
It acts as a barrier between computer/network and internet.
Can be placed at the gateway
Can be configured to alert administrators of suspicious activity or
blocked attempts
How does stateful inspection work
In a firewall it will examine the payload of the packet instead of relying on port numbers and IP addresses
What are proxy servers
Servers that act as an intermediary between the device and the internet. Hides the IP address, location,
It can filter content, cache and bypass restrictions
What is symmetric encryption
Uses the same key to encrypt and decrypt
Uses key exchange to transfer the key between devices
What is a man in the middle attack
An attacker only has to collect the key by sitting in the middle of the conversation and pretend to be the other party
What is asymmetric encryption
Uses two separate but related keys. Known as public/private key encryption.
What is digital signature
Something that can verify the integrity of the message
How does digital signature work
Sender creates digital signature:
1. Reduce the unencrypted message to produce a hash, then encrypt
the hash using their private key
2. The sender bundles the digital signature with the message and
encrypts the bundle using the recipient’s public key
Recipient receives the encrypted message:
1. Use own private key to decrypt bundle of digital signatures and
message
2. Uses sender’s public key to decrypt the message
3. Compares the hash received in message and their own hash to
verify
What is digital certificate
Something used to verify the identity of the owner of each public key
