ComSci - Unit 4

Ethics and law, Database considerations, Cybersecurity

Social Engineering

When a web user is tricked psychologically into doing something dangerous online

Phishing

A form of social engineering that tricks users into revealing their personal info

Denial of service (DoS)

an attack aimed to disrupt online services by making them unavailable to users

Distributed Denial of Service (DDoS)

DoS attack that involves flooding a server with excessive traffic, often from multiple compromised devices

Backdoor Attack

gaining unauthorised access to a system by exploiting existing weaknesses and bypassing security measures

IP Spoofing

creation of IP packets with a false source IP address, with the purpose of impersonating another computer system

SQL Injection

Uses malicious SQL code for backend database manipulation to access info that was not intended to be displayed

Man-In-The-Middle (MITM)

secretly intercepts, relays and potentially alters the communications between two parties

Cross-Site Scripting (XSS)

XSS attacks allow injection of client-side scripts into web pages viewed by others, redirect users to websites where their data can be stolen

Zero-Day Vulnerabilities

Vulnerability in a computer system that is either unknown to it’s developers or unable to be fixed

Virus

Malware disguised as harmless that, when executed, produces copies of itself and inserts them into other programs or files

Worm

Malware that transmits itself over a network to infect other computers and does not require an executable code

Rootkits

Malware that modifies the host’s operating system so that malware is hidden from the user

Trojan

Malware that represents itself as a harmless/regular program to persuade a victim into installing it, and begins destructive function when application is opened

Ransomware

Malware that encrypts or locks files, preventing a user from accessing their files until a ransom has been paid

Adware

Malware that results in automated spam which bombards users with unwanted adverts, banners and pop-ups

Spyware

Malware that secretly collects personal info such as browsing data, passwords, PINs and payment info

Privacy Act 1988

Governs the handling of personal info by entities. Consists of 13 Aus Privacy Principles to to ensure individuals have more control about how their data is collected, used and disclosed

APP 11

Requires an APP entity to take active measures to ensure the security of personal info it holds, and to actively consider whether it is permitted to retain personal info

APP 11.1

An entity must take reasonable steps to protect personal info it holds from misuse, intereference, loss, as well as unauthorised access, modification and disclosure

APP 11.2

When an entity no longer needs personal info, the entity must take reasonable steps to destroy/de-identify the info

APP entity

An applicable entity under the Privacy Act, including public organisations and private sectors.

Privacy Amendment (Notifiable Data Breaches) Act 2017

Amended the Privacy Act 1988 to introduce mandatory data breach notification requirements for entities.

Analysis of log files

process of reviewing computer event logs to proactively identify bugs, security threats and other risks

Anti-Malware

Software designed for scanning, detecting, blocking and preventing malware from accessing a system

Firewall filtering

Controls the flow of data to and from a network by using ACLs to determine which packets are accepted or not

Access Control Lists (ACLs)

List of permissions that specify which users/processes are granted access to a resource as well as what operations are allowed

Intrusion Prevention Systems (IPSs)

monitors network traffic for potential threats and actively blocks and prevents attacks from reaching target

Virtual Private Networks (VPNs)

Network architecture that virtually extends a private network by encrypting your internet traffic and creating a “private tunnel”

User Training

educating users on how to effectively utilise a platform, tool or system

ICT Code of conduct

Outlines ethical guidelines and rules for responsible tech use and ensures safe, respectful and productive use of tech

Physical security

Protecting network infrastructure and hardware from unauthorised physical access, damage or tampering