1/30
Name | Mastery | Learn | Test | Matching | Spaced |
---|
No study sessions yet.
What is malware?
A program designed to damage a computer system or modify the data by embedding itself into other programs infecting them. It can spread to other users and computers if an infected file is sent to someone else.
Give four examples of malware
Virus
Worm
Trojan
Spyware
Ransomware
Adware
State the difference between worms and trojan horses as types of malware
A worm is a standalone program that doesn't need to attach itself to an existing program in order to self replicate..
A Trojan is a program which pretends to have one legitimate function but actually has another. It is normally spread by email.
State three ways in which computer viruses can enter a computer system:
Removable media e.g. USB memory sticks
Email attachments
Downloaded files e.g. Games or programs
State typical impacts of malware on a computer system.
Spying on user activity or confidential information
Blackmail
Prevent user access to their files
Delete files
Modify files
Slow down performance of your computer
What is meant by social engineering?
Tricking or persuading individuals into revealing confidential or personal information such as passwords or bank details.
What is meant by the term “phishing”?
Use of a technique such as email to trick a user into handing over sensitive or personal information to a supposedly trustworthy entity
Give three examples of how phishing emails can be used.
To steal money by accessing bank account details
Obtain login details
Steal an identity
Reputational damage
Access to high value/confidential data
State three common signs of a phishing email
Usually not addressed to recipient
Poor spelling or grammar
The email address may have an improper/ suspicious domain name
Requiring immediate action
A forged link, may look genuine but might redirect to a different site
State two ways in which users can prevent being compromised by a phishing email.
Check the link you’re clicking on
Look out for the signs - no address, suspicious domain name, forged link
Spam filters
Ignore or delete the email
Look at the following text message. What action should the recipient take?
The URL has an IP address in it, therefore block and delete the message from the sender
Look at the following emails. Which of them are genuine? What would you do in each case?
Email 1 - Threat, No address, Domain name, Link
Email 2 - Threat, Conflicting dates, Domain name, Generic
Email 3 - Domain name, No personalized address
Apart from Phishing emails, complete a list below to illustrate how social engineering (human weaknesses) can result in a “weak point” in secure systems.
Human Weaknesses:
Not installing OS update
Not keeping anti-malware up to date or downloading it
Not locking doors
Not logging off
Leaving printouts on desks
Writing password down on strictly notes
Sharing passwords
Losing memory sticks/ laptops
Using unencrypted / wireless network
Using weak passwords
Incorrect disposal of paper records and confidential data
Social Engineering:
Phishing emails
Blagging - Persuasion by another person to pass on confidential information - e.g. a password
How to prevent social engineering - Ensure staff are properly trained
What is a brute force attack?
A program which exhausts a list of different passwords or letters until access to an account is eventually gained.
How can brute force attacks be prevented?
-Strong passwords
Password lookouts - 3 attempts
-Captcha - preventing automated responses - prove you are a human
What is meant by a denial of service (DOS) attack?
Preventing legitimate users from accessing a website, due to the web server being overwhelmed with a high volume of requests in a short space of time.
How can denial of service attacks be prevented?
Firewall
Malware Protection Software
Email filters
What are the implications of DOS attacks on organisations?
Loss of earnings - Customers cannot access your service
Loss of reputation/Trust - Users are put off by having an unreliable service/ may get nervous about their own data security
List the various means by which data can be stolen or intercepted on computer systems.
Physical theft - Laptop being stolen
Remote hacking - Somebody hacking your device from the other side of the world
Spyware
“Shouldering”
Not logging out
No WiFi encryption
Ineffective disposal of paper documents
Printouts on desks/ in printer
What is a SQL injection attack?
Used to attack websites in which malicious SQL statements are inserted into input fields (e.g. Username and Password)
These SQL statements are then executed against a database.
EXAMPLE 1:
SELECT *
FROM userList
WHERE (Username = $username) OR (1=1)
AND (Password = $password) or (1=1)
The user has typed “OR 1=1” into the username and password text boxes. Since it is always true that 1=1 the hacker will now be able to see all the records in the users table/ data base
EXAMPLE 2:
When searching for products, the user is asked for a product number, but appends on a malicious SQL statement - DROP TABLE Customers
The following query will be ran:
SELECT *
FROM Products
WHERE ProductID=2; DROP TABLE Customers
If the user succeeds, this will delete all customers
How can SQL injection attacks be prevented?
Check that the data entered by the customer does not contain SQL commands
Limiting permissions on the database e.g. Tables such as customer can only be deleted by certain users or administrators
What does a penetration test aim to do?
Identify possible weak points
Attempt to access unauthorised data
Modify/ delete data which the user should not have access to
View confidential information
Report back the findings
State the difference between an internal penetration test and an external penetration test
An internal penetration test puts the user in a position where they have some access to the database to determine how much damage could be done. This is to simulate a disgruntled employee
An external penetration is used to find out if an attacker can get in or not and once they’re in how much damage they can do.
Internal - Standard user with standard access rights, attempting to cause damage to the network from within
External - Trying to gain unauthorised access to the network remotely e.g. bypassing a firewall to give access to a server
Name some possible weaknesses and vulnerabilities that (a) an external penetration test and (b) an internal penetration test might identify
External:
Can you carry out an external SQL attack
Can you bypass a firewall
Can you send an email to an employee with a virus in it
Can you gain access to internal servers from outside the network
Can you carry out a DOS
Internal:
Access unauthorised files e.g. Other users files
Delete/modify unauthorised files
View confidential information
Using removable media with a virus on it
Physical theft of servers, storage media etc
What is the purpose of anti-malware software?
It prevents harmful programs from being installed on the computer e.g. Spyware
It prevents important files such as Operating Systems from being changed or deleted
If a virus does manage to install itself, the software will detect it when it performs regular scans. Any virus detected will be removed
What is a firewall?
Monitors incoming and outgoing packets on a network based on rules.
Protecting a LAN from all the remote threats on the internet.
What type of criteria does a firewall apply to incoming and outgoing packets?
Where the access is from (the computer’s address)
The type of traffic (e.g. .exe files which may carry viruses)
Specific web site addresses
How could a firewall be used on a school network?
Downloading specific file types
Accessing certain websites
Searching using appropriate keywords
Apart from the methods listed above, and encryption, describe two other means of preventing vulnerabilities on a network.
Password Protection:
Prevents anyone accessing your account. Requires validation to confirm who is entering and make sure its you
User Access Level:
Restriction on a certain group of users (e.g. Students) - who are only allowed to access certain folders on the network, or they may have a reduced permission - e.g. Read only instead of read-write
Give examples of how physical security can be used to secure a network.
Security may start at the perimeter of the premises, with a barrier which can only be opened either by a guard or by entering a PIN or other ID
CCTV cameras may be used to detect intruders both inside and outside the building
Security locks at the entrance which can only be unlocked by authorised personnel, including a receptionist to allow visitors to enter, are in common use
Barriers between the reception area and the rest of the building prevent unauthorised access
Map each method of identifying/preventing vulnerabilities to each security threat:
Method of prevention | Associated Threat |
Internal Penetration Testing |
|
External Penetration Testing |
|
Anti-malware software |
|
Firewalls |
|
User access levels |
|
Passwords |
|
Encryption |
|
Physical security |
|
Staff Training / Awareness |
|