network security

What are the different types of attack on computer systems and networks?

• Malware

• Social engineering

• Brute-force attacks

• Denial of service (DoS) attacks

• Data interception and theft

• SQL injection

What is the purpose of malware?

To damage or gain unauthorised access to a computer system.

What are the types of malware?

• Virus

• Worm

• Trojan

• Spyware

• Ransomware

How does a virus spread?

It is attached to a file that when opened, activates the virus causing it to replicate itself across the system by attaching itself to other files.

What threats does a virus pose on a computer system?

It can modify and delete data or stop the whole system from working.

How does a worm spread?

It replicates itself from one computer system to another by finding weaknesses across a network.

What threats does a worm pose on a computer system?

It slows down a computer system by consuming network bandwidth and system resources.

How does a trojan work?

It appears like a legitimate program, tricking users into installing it.

What threats does a trojan pose on a computer system?

It steals user data by creating a ‘backdoor’ for attackers.

How does spyware work?

It is installed alongside legitimate software, unknowing to the user.

What threat does spyware pose on a computer system?

It steals personal user data by monitoring user activity.

How does ransomware work?

It is either downloaded by opening phishing emails or by malicious downloads.

What threat does ransomware pose on a computer system?

It encrypts user data so that the user can no longer access it unless a ransom is paid.

How does social engineering work?

A person may pose as a trusted source in order to trick other into revealing their personal information.

For example, someone pretending to be a school IT technician in order to steal a student’s username and password.

What is the purpose and threat of social engineering?

To gain unauthorised access to personal information, enabling the attacker to steal and use the data.

How does a brute-force attack work?

It tests every possible password combination until the correct one is found.

What is the purpose and threat of a brute-force attack?

To gain unauthorised access to a computer system, giving the attacker the ability to steal and use the data for malicious purposes or modify it.

How does a DoS (Denial of Service) attack work?

A computer repeatedly sends requests to a server in order to overload it.

A DDoS (Distributed Denial of Service) attack involves a network of infected computers controlled by the attacker (a botnet) sending requests to the server. 

What is the purpose and threat of a DoS attack?

To slow the performance of the server, meaning the service may become unavailable for a period of time and cause a loss in business revenue.

How does data interception and theft work?

A third party intercepts data packets on a network using a packet sniffer or physical cable and copies it to a different location than the intended one.

What is the purpose and threat of interception and theft?

To gain unauthorised access to data and to steal it, allowing the attacker to steal and use it for malicious purposes.

How does an SQL injection work?

A malicious SQL command is entered into a data input box on a website in order to gain access to the website’s database.

What is the purpose and threat of an SQL injection?

To gain unauthorised access to a website’s database, enabling the attacker to steal user data.

What are common methods of preventing a computer system from vulnerabilities to a threat?

• Penetration testing

• Anti-malware software

• Firewalls

• User access levels

• Passwords

• Encryption

• Physical security