SLR 1.6 System security Flashcards Preview

GCSE Computer Science > SLR 1.6 System security > Flashcards

Flashcards in SLR 1.6 System security Deck (21)
Loading flashcards...
1
Q

What is ‘malware’?

A

Malware is a word made up from two others: MALicious softWARE. It is any form of software designed to cause harm on a computer.

2
Q

List four different types of Malware

A
Adware
Scareware
Ransomware
Trojans
Worms
Viruses
3
Q

What is Adware?

A

Adware is a form of malware designed to automatically deliver advertising (adware is short for advertising supported software)

4
Q

What is Scareware?

A

Scareware is a form of malware designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection

5
Q

what is Ransomware?

A

Ransomware is a form of malware designed to lock files or even a complete computer system until a ransom is paid to unlock it.

6
Q

What is a Trojan?

A

A Trojan is a form of malware designed to look like harmless software but which actually gives remote access to a computer. (see the story of the Trojan horse which the ancient Greek army used to get into the city of Troy).

7
Q

What is a worm?

A

A worm is a form of malware which can spread without the need for a host file. Worms can be used to deliver a payload of code designed to steal data, delete files or create a botnet.

8
Q

What is a virus?

A

A virus is a form of malware which requires a host file to spread. Once inside a computer a virus will replicate itself and attempt to spread to other computers on a host file. They can be used to control or damage a computer.

9
Q

What is a botnet?

A

A botnet is a roBOTic NETwork of computers which can be controlled remotely. These could be used in a Denial Of Service attack

10
Q

Explain what is meant by the term ‘phishing’

A
  • An online fraud technique.
  • To disclose personal information.
  • By disguising as a trustworthy email/website.
11
Q

Give three examples of common signs of phishing

A
  • Although allegedly from a trusted source the e-mail address / web address is incorrect
  • A generic greeting is used e.g. ‘Dear valued customer’
  • Poor spelling, punctuation or grammar
  • A threatening tone
  • A sense of urgency / deadline to comply
12
Q

Explain what is meant by the term ‘SQL injection’.

A
  • An attack on a database.
  • Code entered into a text box…
  • …that is executed by the server.
  • Outputting, changing, adding or deleting records.
13
Q

People are often regarded as the ‘weak point’ in secure systems. Explain what is meant by this term.

A
  • Human actions often result in vulnerabilities in secure systems e.g. :
  • not installing operating system updates.
  • not keeping anti-malware up-to-date.
  • not locking doors to server/computer rooms.
  • not logging off.
  • leaving sensitive information lying around.
  • writing passwords on sticky notes by computer.
  • sharing passwords.
  • using easy to guess passwords.
  • not encrypting data on portable media.
  • not applying security to networks e.g. VPN, WPA2.
  • having poor / badly understood network policies
  • not training staff e.g. how to avoid phishing scams
14
Q

How can you protect yourself from malware?

A
  • install trusted anti-malware software
  • only open attachments you are expecting from a trusted source
  • keep your system up-to-date
  • back-up all data regularly
15
Q

Explain what is meant by the term ‘denial of service attack’

A
  • Flooding a server with useless traffic.

* Preventing legitimate requests being processed.

16
Q

What is ‘penetration testing’?

A

• Attempting to hack your own systems to identify vulnerabiltiies.

17
Q

What is a ‘brute force attack’?

A

A ‘trial-and-error’ method of guessing passwords or similar which does not use logic e.g. a dictionary hack - guess at each word in turn to see if it is the pasword.

18
Q

How can you protect against a brute force attack

A

Only allow 3 attempts at a password before locking the account

19
Q

What is the role of a firewall?

A

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

20
Q

What are network diagnostics?

A

software is designed to help user and network administrators in scanning, diagnosing and identifying problems within a computer network. They can be used in network forensics to analyse whether a network is running correctly e.g. is there any issue with bandwidth being restricted or is a Denial Of Service attack possibly happening?

21
Q

What can network managers in schools and businesses do to prevent attacks on their network?

A
  1. install a firewall
  2. keep all software and operating systems up-to-date
  3. backup all data
  4. run network diagnostics regularly
  5. train all users about how to keep themselves and the network secure
  6. ensure all users sign an Acceptable Usage Policy (and stick to it!)