Unit 4 - Systems Software and Security Flashcards
(29 cards)
What are some types of software made to harm a computer?
Viruses,
Worms,
Trojans
Ransomware (Malware)
What are some methods to prevent harmful software from harming a computer?
Anti-malware
Anti-virus
Encryption etc…
What is malware?
Malware (Malicious software) is software that is designed to cause harm or damage to a computer such as a computer virus
What is a computer virus?
A malware program which is embedded (hidden) within other files. They replicate themselves and become part of other programs. Viruses often cause damage by deleting, corrupting or modifying data.
What are worms?
A malware program similar to viruses, except that they are not hidden within other files. Worms often spread through emails.
They might cause no damage, but they do slow down computers and networks
What are trojans?
A malware program which pretends to be legitimate but in reality are malware. They are often disguised as email attachments. Trojans cannot spread by themselves - instead they deceive a user into installing the program.
What is a ransomware?
A malware program that attempts to blackmail a user into making a payment to a hacker. Some types of ransomware do little but try to scare users into paying, while others go further - they encrypt documents and will not decrypt them until a ransom is paid.
What are two ways a hacker can exploit technical vulnerabilities?
.Unpatched/Undated Software - if software updates and security updates are not installed, the software would be vulnerable
.Out-of-date antimalware - if antivirus software isn’t regularly updated, it can not detect the latest viruses
What is social engineering?
Social engineering is the ability to obtain confidential information by asking people about it.
What is shoulder surfing?
Type of social engineering: The ability to get info or passwords by observing as someone types them in e.g. looking over shoulder, checking CCTV etc..
What is phishing?
Type of social engineering: emails that pretend to be from a legitimate companies but actually try to gain personal information
What should you look out for in an email to check if it is phishing?
.Greeting: Don’t know your name, so greeting not personalised
.The sender’s address: often a variation on a genuine address
.Forged link: Link may look genuine, but may not link to the website given
.Request for personal info: Genuine organisations never do this
.Sense of urgency: Try to persuade you that something bad would happen if you don’t act fast
.Poor spelling and grammar
What is a DoS attack?
A Denial of Service attack is flooding a server or network with pointless requests so that it fails or slows down
What is a MitM attack?
A Man-in-the-Middle attack allows the attacker to intercept communications between the user and the server. The attacker can then eavesdrop to find passwords and personal information and add different information to a web page or other communication such as email
How can you protect your devices, like your phone, to prevent any attacks from occurring?
Use the password feature and choose a strong password
Make sure the data is encrypted
Do not follow links in sus emails
Think carefully before posting phone number on public websites
Don’tyour install apps before researching
Delete info on phone if throwing away
What is a Brute force attack?
A program which is used to find a password by trying all possible combinations of characters until the correct one is obtained.
What is SQL, and how can SQL injections happen?
SQL (Structured Query Language) is a database query language
SQL Injections use web forms to add SQL instructions to a query that causes data loss or the revealing of personal information
What is penetration testing?
Deliberately trying to find security holes in your systems to identify targets of potential attacks
What is black box testing?
This is where testers are given no more info that any potential hacker may have.
What is white box testing?
This is where testers are given as much info as an insider may have, to identify how much damage a rogue employee could do to the system
What are white hat hackers?
Ethical hackers employed to put their expertise to good use in finding system vulnerabilities before the “black hats” abuse them
What are black hat hackers?
Black Hat Hackers are hackers with malicious intentions who gain unauthorised access to computer networks and systems.
Aims to exploit security vulnerabilities in software or corporate systems.
What are grey hat hackers?
Grey hat hackers often look for vulnerabilities in a system without the owner’s permission or knowledge. If issues are found, they report them to the owner, sometimes requesting a small fee to fix the problem.
What is an audit trail?
Used to maintain security and recover lost data
A chronological record of system activities, often digital, that tracks what has been done and who or what did it.
