1.4.1 Threats to computer systems and networks

0.0(0)
studied byStudied by 3 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/15

flashcard set

Earn XP

Description and Tags

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

16 Terms

1
New cards

What is malware?

  • harmful program that seeks to damage or gain unauthorised access to your computer system

  • virus, worms, trojans, spyware and ransomware

2
New cards

What are the features of computer viruses?

  • embedded within other files

  • only activated when opened by a human

  • replicate their code in other programs

  • infect other copmputers

  • harm by corrupting, deleting or modifying files. the damage may cause the system to stop working

3
New cards

What are the features of worms?

  • not hidden within other files

  • replicates to spread to other computers by finding weaknesses in software / network

  • does not need an infected file or human interaction to spread

  • often spread through email

  • can spread very quickly once it has infiltrated a network

  • slows down networks and computers but it might not cause any other damage

4
New cards

What are the features of trojans?

  • harmful program that looks like legitimate software or a cracked file that a user wants

  • deceives users into installing it

  • do not self replicate or infect other files

  • the program will often work as intended but give an attacker backdoor access to the system

  • might also contain malware that causes damage

5
New cards

What are the features of spyware?

  • monitor and record user activities

  • websites visited, personal information and financial information

  • this is passed to the attacker to use

6
New cards

What are the features of ransomware?

  • holds a computer hostage by locking or preventing access to files on it by encrypting them

  • the attacker demands money to decrypt the files but might not necessarily do this if the user pays them

  • digital currencies make attackers harder to trace

  • encrypted data can only be recovered if back ups are available

7
New cards

What is social engineering?

  • manipulation and exploitation of human behaviour to deceive individuals in order to gain unauthorised access to sensitive information or secure systems

  • phishing, shoulder surfing and poor network policy or people not following it

  • people are the weak point

8
New cards

What is shoulder surfing?

  • obtaining information as someone types it in such as by looking over their shoulder or using CCTV

9
New cards

What is phishing and what are the features of it?

  • deceiving users into entering personal details to an attacker

  • poses as a legit site in email or texts

  • provides a link to fake version of the real site

  • non personalised greeting

  • variation of a genuine web address

  • forged link

  • request for personal info which legit companies do not do through email/text

  • sense of urgency

  • poor spelling and grammar

10
New cards

poor network policy

network does not have security rules in place for users to follow

11
New cards

What is a brute force attack?

  • trying every possible combination of password until the correct one is found

  • slow but can be sped up using a computer program or multiple computer systems

12
New cards

What is a denial of service (DoS) attack?

  • a (sometimes hacked) computer repeatedly sends requests to a server which floods and overloads it

  • server is unable to process and respond to all these requests

  • it will be slowed or unavailable and may take websites offline temporarily

  • others denied use of service - company loses reputation

  • distributed denial of service attack (DDos) is a coordinated attack using a large group of devices controlled and used maliciously by an attacker

13
New cards

What is interception in a network?

  • data packets are eavesdropped on by a third party and copied to a different location than the intended destination

14
New cards

What is a man in the middle attack?

  • attacker intercepts communications between the user and the server

  • uses a packet sniffer to eavesdrop and find personal info

  • can add different info to a web page or email

  • unencrypted WiFi increases the risk

15
New cards

How can data theft happen?

  • loss of a digital device can lead to the loss of the data stored on it

  • man in the middle attacks

  • malware such as trojans may create back doors to allow malicious users to access your device

  • legitmate seeming apps might be malicious and lead to fraudulent charges on your phone bill or theft of info

  • this info can be used for identity theft

16
New cards

What is SQL injection?

  • a malicious SQL query is entered into a web form as an input rather than the expected data

  • this can be interpreted by vulnerable web applications - can give the user unauthorised access to the database

  • an SQL injection can be used to view, modify or destroy information on the database