Flashcards in System Security Deck (44)
Networking of computers brings many advantages. Why might networking of computers also have some disadvantages?
Networking is when two or more computers are connected together. It means that if someone is able to access one computer on the network, they could also be able to access all the data on all the computers on the entire network.
What is System Security about?
System Security looks at the measures that can be put in place to reduce the risk of criminals gaining entry to a network to steal data from or compromise data on computers in a network.
What is malware?
Any software that can harm a computer or a user.
Name four types of malware
What is a virus?
Viruses is a small program who main purpose is to cause physical harm to a computer.
What is Spyware?
Spyware is a small program that is designed to harm the user by trying to record data about them. The aim is to spy on the user and send back things like username, common passwords, sites visited by the user.
Name three different types of viruses.
Describe what Standard viruses do.
These are programs which hide in files. Copying themselves (replicate) in order to spread into other programs and files. Their aim is usually to delete and damage data
How does a Worm virus operate?
These programs replicate themselves using more and more of the computer resources, slowing the computer down until it basically cant function anymore.
What is a Trojan virus?
These programs come in as programs that you think are useful, but in the background they add another small program that may be deleting programs or opening ports for other destructive programs to use to get into your computer and network.
Name one common spyware program and explain what it does
A key logger. It is the software that will record all the keys that are pressed on a keyboard. It does this to record information about such as your password, so that it can steal more information about you.
What is Adware?
Adware is a spyware. This malware aims to download and display unwanted adverts. It also may collect information about what you regular do online for marketing purposes. They may also redirect you to unwanted pages by changing your homepage.
What is pharming?
Pharming is when you type in a web address, a url of a genuine site but instead of being taken to the correct site you are taken to a fake version of the site because the numbers point to the website (IP address) have been changed to the wrong ones in the DNS records.
Describe what Scareware does?
Scareware is a pop up malware that scares you with a message to carry out a purchase or action. It might show a pop up that says your computer is infected with a virus. Then provide a button that says purchase now to clean it.
What is ransomware?
Ransomware is a program that uses encryption to lock the data on your computer so that you cannot use it. They will then send a message asking you to pay a certain amount of money to unlock it. An example of this is what happened to the NHS a few years back.
What are Rootkits
A set of software programs or hacking tools that allow unauthorized users (criminals) to take complete control of your computer.
What is phishing? Describe it.
An email or phone call or website that tries to get certain sensitive information about you. This is a method of identity theft. You may get a message pretending to be from your bank asking you to re-enter your username and password. Once these have been entered, the hacker now uses it to access your bank account or impersonate (pretend ) to be you at your online bank.
What do you call the act of manipulating people to give away personal information or making mistakes when it comes to doing the right things when working on a network.
How can you reduce the effect of social engineering tactics on your users.
People are the main problem when trying to protect a network as they fall foul to social engineering tricks. This can be reduced by educating the users on different social engineering tricks and what they should and should not do.
What do your call the process used when a criminal uses trial and error to try thousands and thousands of passwords to hack an account's password?
Brute Force Attack
What does DoS stand for?
Denial of Service Attack
Put the website server resources under so much pressure by bombarding it with intensive traffic that it cannot cope and the website crashes. What kind of attack is this?
Denial of Service Attack.
Name two reasons why criminals carry out Denial of Service attacks.
Criminals do it to ask for money to stop the attack
Do it for political or social reasons as a form of punishment for the website.
What does encryption do to data?
It puts data into a format that humans cannot easily read (unreadable, scrambled), thereby protecting the data
What can criminals use to monitor network traffic and intercept data which they feel contains sensitive data and read it?
What protects data from being read by Packet sniffers?
What is SQL?
Structured Query Language that is used to look up, write, add, modify etc. data on a database using a set of statements.
What is SQL Injections
When you modify the SQL statements to change what it should do to what the criminal wants it to do. This may be to change the database password, return more records, add, delete or or become destructive.
What does a network policy do?
It sets out the rules telling users what they should do and how they should do it.. The rules may include that they will need to use a password to log on and off of their computer, the type of password they should set etc