Module 1 Lecture 6 Flashcards
(21 cards)
What can be hacked:
Anything with an IP address, anything connected to the internet has an IP address.
Common types of cyber attacks:
Malware, phishing, man-in-the-middle attack, denial-of-service attack, SQL injection.
Malware (malicious software):
Virus, worms, trojan, adware, spyware, ransomware.
Virus:
Specific type of malware, contagious piece of code that infects other software on a host system then spreads itself when its run, mostly known to spread when software is shared between computers. Embedded in a host program, a separate executable application that has been embedded with the virus, virus is activated when the app is run.
Worm:
Standalone app. Unlike a virus, it does not need a host application, can easily replicate to other computers, typically more severe than a virus both in how it spreads but also in its impact on files and applications.
Trojan:
A type of malicious code or software that looks legitimate but can take control of your computer. Designed to damage, disrupt, steal or in general inflict some other harmful action on data or network. Often comes in email from someone you know.
Adware:
Known as advertisement-supported software. Creators of adware include advertisements or help distribute other software to earn money. Ads may be within software itself, adware may encourage you to install additional software provided by third-party sponsors.
Spyware:
Unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive information.
Ransomware:
Type of malicious software designed to block access to a computer system until a sum of money is paid.
Attacks come through either:
People, data, or systems.
First line of defense; people:
Organizations must enable employees, customers, and partners to access information electronically, biggest issue of information security is people not tech.
Authentication and authorization:
Authentication is a method for confirming users identities, authorization is the process of giving someone permission to do or have something.
Common methods of authentication:
Something the user knows, something the user has, something that is part of the user.
Something the user knows:
User ID, password, most common way to identify individual users, most ineffective form of authentication.
Something the user has:
Smartphone, USB security key, hardware token.
Something that is part of the user:
The best and most effective way to manage authentication, uses biometric identification like fingerprint or face to authenticate.
Privilege escalation:
A network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.
Data prevention and resistance:
One of the most common defenses for preventing a security breach is a firewall, which is hardware or software that guards a private network by analyzing the information leaving and entering the network.
Anti-spam protection:
Keeps malicious spam out of your mailbox, reduces chance of employee clicking on potentially harmful links, keeps inbox form clutter, false positives, false negatives.
Anti-virus protection:
Protects malware from getting on your system, detects malware on your computer, stops malware from doing damage, constantly updating.
Backup strategies:
Local backup, offsite backup, cloud backup, good for fighting cyberattacks.
