System Security and Software Flashcards
Different forms of attack
malware
phishing
brute force
denial of service
data interception and theft
SQL injection
Malware def
Software written to infect computers and commit crimes
e.g fraud, identity theft
They xploit vulenrabilites in OS software.
Malware examples
Virus
Worm
Trojan
Spyware
Adware
Ransomware
Pharming
what are viruses and worms
Virus: program hidden within another program/file, designd to cause dmg to file systems
Worm: independent self replicaing program that spreads itself between multiple connected systems
what are torjan and spyware
trojan: software that causes damage or allows access for criminals to use the device
Spyware: software that secretly passes info to a criminal without users knowledge.
what is adware and ransomware
Adware: displays targeted adverts and redirects search requests without permission
Ransomware: software that locks access to a users system until a ransom is paid
pharming def
redirecting of a users website by modfiying their DNS entries to a fraudulent site without their permission
phishing
fraud technique.
designed to get you to give away personal info.
achieved by disgusinig themselves as a trustworthy source in an electronic communication e.g email, fake website
brute force attack
trial by error method used by programs to decode encrypted data such as passwords and keys
denial of service attack
flooding a server w/ useless traffic cuasing server o overload and crash. comes from one device.
distributed denial of service attack comes from multiple deivces. these devices are compromsed systems infected with a trojan.
dos attacks have exploited limitations in TCP/IP stack.
data intercpetion and theft
an attacker monitors data streams to and from a target in order to gather sensitive info
can use technique claled ‘sniffing’ - act of monitoring traffic on network to pick out unencrypted passwords and configuration info
SQL injection
code injection technique used to attack data driven apps
makes use of vulnerabilities in poorly coded database apps
code entered into text boxes and eecuted by server
social engineering
using people as the ‘weak point’ in secure systems
threats posed to networks: malware
files are deleted, become corrupt or are encrypted
computers crash, reboot spontaneously and slow down
internet connections become slow
keyboard inputs are logged and sent to hackers
how do infections psread quickly on networks
client is infected, malware then infects the server, then all other clients
