Topic 2 Flashcards
(30 cards)
Malware
Refers to malicious software designed to disrupt, damage or gain unauthorized access to systems
Malware Prevention Methods
- Regular Software Updates
- Antivirus Software
- Network Segmentation
- Educate Users
Malware Prevention Tools and Strategies
- Patch Management Systems
- Endpoint Detection and Response (EDR)
- Regular Backups
- Network Segmentation
Phishing
Involves tricking individuals into providing sensitive information by pretending to be a trusted entity
Phishing Prevention Methods
- Email Filtering
- Employee Training
- Verify Links and Senders
- Multi-Factor Authentication (MFA)
Phishing Prevention Tools and Strategies
- Email Security Gateways
- Phishing Simulations
- Zero Trust Access
- Threat Intelligence Feeds
Social Engineering
This threat exploits human psychology to manipulate individuals into divulging confidential information
Social Engineering Prevention Methods
- Strict Access Control
- Verify Requests
- Awareness Programs
- Incident Reporting
Social Engineering Prevention Tools and Strategies
- Access management
- Strong Internal Authentication
- Verification Protocols
- Social Engineering Defense Training
Software Vulnerabilities
Flaws or weaknesses in code that attackers can exploit to compromise systems, steal data, or gain unauthorized access
Software Vulnerabilities
Common Vulnerabilities
- Buffer Overflow
- Injection Flaws (SQL/Command injection)
- Cross-Site Scripting (XSS)
Hardware Vulnerabilities
- Physical Access Exploits
- Side-Channel Attacks
Network Vulnerabilities
Weaknesses in network protocols, configurations, or infrastructure that can lead to unauthorized access or data interception
Network Vulnerabilities
Common Vulnerabilities
- Weak or Default Credentials
- Man-in-the-Middle (MITM) Attacks
- Unsecured Network Devices
- Denial of Service (DoS) and Distributed Denial of Service (DDos Attacks:
- Outdated or Insecure Protocols
Tools for Prevention and Mitigation For Software Vulnerabilities
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
Tools for Prevention and Mitigation For Hardware Vulnerabilities
- Hardware Monitoring Tools
- Device Integrity Tools
- Penetration Testing Tools
Tools for Prevention and Mitigation For Network Vulnerabilities
- Vulnerability Scanning
- Intrusion Detection and Prevention (IDS/IPS)
Denial of Service (DoS)
Overloading systems of networks to make them unavailable to legitimate users
Man in the Middle (MITM) Attacks
Intercepting communication between two parties to eavesdrop or alter data
Password Attacks
Cracking or steals passwords through brute force, dictionary, attacks, or keylogging
Zero-Day Exploits
Exploiting software vulnerabilities before the vendor releases a patch
Refers to malicious software designed to disrupt, damage or gain unauthorized access to systems
Malware
Involves tricking individuals into providing sensitive information by pretending to be a trusted entity
Phishing
This threat exploits human psychology to manipulate individuals into divulging confidential information
Social Engineering
