1.4 network security

What are the different types of attack on computer systems and networks?

• Malware

• Social engineering

• Brute-force attacks

• Denial of service (DoS) attacks

• Data interception and theft

• SQL injection

What is the purpose of malware?

To damage or gain unauthorised access to a computer system.

What are the types of malware?

• Virus

• Worm

• Trojan

• Spyware

• Ransomware

How does a virus spread?

It is attached to a file that when opened, activates the virus causing it to replicate itself across the system by attaching itself to other files.

What threats does a virus pose on a computer system?

It can modify and delete data or stop the whole system from working.

How does a worm spread?

It replicates itself from one computer system to another by finding weaknesses across a network.

What threats does a worm pose on a computer system?

It slows down a computer system by consuming network bandwidth and system resources.

How does a trojan work?

It appears like a legitimate program, tricking users into installing it.

What threats does a trojan pose on a computer system?

It steals user data by creating a ‘backdoor’ for attackers.

How does spyware work?

It is installed alongside legitimate software, unknowing to the user.

What threat does spyware pose on a computer system?

It steals personal user data by monitoring user activity.

How does ransomware work?

It is either downloaded by opening phishing emails or by malicious downloads.

What threat does ransomware pose on a computer system?

It encrypts user data so that the user can no longer access it unless a ransom is paid.

How does social engineering work?

A person may pose as a trusted source in order to trick others into revealing their personal information.

For example, someone pretending to be a school IT technician in order to steal a student’s username and password.

What is the purpose and threat of social engineering?

To gain unauthorised access to personal information, enabling the attacker to steal and use the data.

How does a brute-force attack work?

It tests every possible password combination until the correct one is found.

What is the purpose and threat of a brute-force attack?

To gain unauthorised access to a computer system, giving the attacker the ability to steal and use the data for malicious purposes or modify it.

How does a DoS (Denial of Service) attack work?

A computer repeatedly sends (floods it with_) requests to a server which are more than what it can process.

A DDoS (Distributed Denial of Service) attack involves a network of infected computers controlled by the attacker (a botnet) sending requests to the server. 

What is the purpose and threat of a DoS attack?

To slow network access to the server, meaning the service may become unavailable for a period of time and cause a loss in business revenue.

How does data interception and theft work?

A third party intercepts data packets on a network using a packet sniffer or physical cable and copies it to a different location than the intended one.

What is the purpose and threat of interception and theft?

To gain unauthorised access to data and to steal it, allowing the attacker to steal and use it for malicious purposes.

How does an SQL injection work?

A malicious SQL command is entered into a data input box on a website in order to gain access to the website’s database.

What is the purpose and threat of an SQL injection?

To gain unauthorised access to a website’s database, enabling the attacker to steal user data.

What are common methods of preventing a computer system from vulnerabilities to a threat?

• Penetration testing

• Anti-malware software

• Firewalls

• User access levels

• Passwords

• Encryption

• Physical security

What is penetration testing?

A prevention method where a person attempts to break into a computer system in order to identify any vulnerabilities.

What threats does penetration testing limit and how?

It can protect against an SQL injection by identifying vulnerabilities on a computer before attackers do.

What is anti-malware software?

A prevention method in which malware is located and deleted from a computer system.

• scans files for malware

• blocks malicious file downloads

• alerts users if malware is detected

What threats does anti-malware software limit and how?

It protects against malware, spyware and viruses by locating and deleting them.

What is a firewall?

A prevention method where all incoming and outgoing network traffic is monitored to check whether data packets should be given access to the network.

• blocks access to insecure/malicious websites

• blocks certain programs from accessing the internet

• blocks unauthorised downloads

What threats does a firewall limit and how?

It protects against brute-force attacks and DoS attacks by filtering out and blocking unauthorised/unexpected traffic.

What are user access levels?

A prevention method that only allows certain users to access and edit particular files through:

• different user account levels

• file permissions

What threats do user access levels limit and how?

They protect against social engineering and data interception + theft as only authorised users can access and edit files.

What threats do secure passwords limit and how?

It protects against brute-force attacks by minimising the chances of an unauthorised user accessing a system.

What is encryption?

A prevention method where an algorithm scrambles data into an unreadable format so that attackers cannot understand it if intercepted during transmission. 

A key is used to decrypt the data at the correct destination.

What threats does encryption limit and how?

It limits data interception + theft from being effective by making it impossible to understand the data that has been intercepted/stolen.

What is physical security?

A prevention method in which physical security like locks, CCTV footage, keycards are used to prevent unauthorised personnel from accessing data.

What threats does physical security limit and how?

It limits data theft from happening by only allowing authorised users to access the data.