1.4.2 Identifying and preventing vulnerabilities

0.0(0)
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/11

flashcard set

Earn XP

Description and Tags

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

12 Terms

1
New cards

What is penetration testing?

  • ethical hacking done to probe a network for any weaknesses so that they can be resolved

2
New cards

What are internal tests?

  • a penetration test done from within the network to see the damage that could be done by someone employed there

3
New cards

What are external tests?

  • white hat hackers try to infiltrate a compay network from the outside

4
New cards

What are blind tests?

  • done with no inside information to simulate what a real hacker would have to do to infiltrate the system

5
New cards

What are targeted tests?

  • conducted by the company’s IT department and the penetration team cooperating together to find faults in the system

6
New cards

What is the purpose of anti malware software?

  • to scan through all files on a computer and check them against a database of known malware

  • files with similar features to malware are detected and deleted

  • software should be updated regularly so that it can detect the lastest threats

  • other roles of anti-malware software:

    • Checking all incoming and outgoing emails

    • Checking files as they are downloaded.

    • Scanning the hard drive for viruses and deleting them.

7
New cards

What is a firewall and its purpose?

  • a tool to to prevent unauthorised access to computers on a network

  • may run as software or be a dedicated unit built into the hardware

  • all incoming/outgoing traffic is scanned by examining the source and destination addresses of packets

  • packets are subject to filtering criteria which determine whether to allow or block packets. unauthorised packets are filtered out

  • can filter packets from certain IP addresses

  • also used to - block access to insecure or malicious sites, blocking certain programs from accessing the internet, blocking unauthorised downloads, preventing specific users on the network from accessing certain files

8
New cards

What are the features of secure passwords?

  • minimise the chance of unauthorised users accessing a system

  • should be changed regularly

should contain

  • mix upper and lowercase letters

  • numbers

  • special characters

  • 8 characters or more

9
New cards

What do user access levels do?

  • determine the facilities a user has access to

  • important to set access levels so that only authorised users can view and change data.

  • The more users who have access to a file, the more likely it is to be compromised.

10
New cards

How is encryption used?

  • websites may use HTTPS

  • individual file can be encrypted using a password

  • harder for attackers to understand the data when they intercept

11
New cards

What physical security can be implemented?

  • lock to prevent access to server rooms or locations that store confidential data. Only authorised personnel are given the key.

  • Biometric entry to room

  • passcode entry to room

  • Other forms of physical security include keycards, security staff, CCTV cameras and alarms.

12
New cards

What are some acceptable use policies?

  • users should have secure passwords

  • users should not share passwords and change them regularly

  • users should not connect with unauthorised devices (e.g unfamiliar USB drives)

  • regular back up procedures