1.4.1 & 1.4.2 Threats to computer systems and networks

studied byStudied by 1 person
0.0(0)
Get a hint
Hint

What are the forms of attacks to networks?

1 / 76

flashcard set

Earn XP

Description and Tags

77 Terms

1

What are the forms of attacks to networks?

  • malware

  • social engineering

  • Brute- force attacks

  • Denial of service attacks

  • Data interception and theft

  • The concept of SQL injection

New cards
2

What is malware?

-Any kind of malicious program

-installed into a computer with the intention to cause damage and disrupt its functionality or to steal information.

New cards
3

What are some examples of things malware could do?

May delete data, make changes to it, or lock (encrypt) it so it is unusable and make you pay to get it unlocked (decrypted)

New cards
4

Name some types of malware

Viruses, worms and trojans

New cards
5

What is ransomware?

malware that ‘locks’ (encrypts) your data and forces you to pay money to get back in ‘unlock‘ (decrypts)

New cards
6

What are some key feature of malware viruses?

-has harmful affects to the computer

-has the ability to duplicate (copy) itself to other computers and hence spread (like a biological virus)

New cards
7

What is data interception and theft? What are the two types?

As data is conveyed over network is possible to intercept the data stream and capture usable data form it.

There are two types of data interception and theft:

1) man in the middle (MITM) attacks

2) packet sniffing

New cards
8

What is a man in the middle (MITM) attack?

it is a form of data interception.

It involve intercepting a devices connection to the internet. Often by luring users into using a fake Wi-Fi hotspot.

The operator of the fake Wi-Fi network can the sniff all the packets of data to gain personal information and to see which websites are being visited.

This method also allows phone number s to be captured, which can then be used in further attacks

New cards
9

What is a denial of service attack (DoS)?

DoS attacks are designed to bring down server or websites by overloading them with network traffic.

This prevents legitimate users for having access to the website because it uses up internet bandwidth and prevents servers from responding

New cards
10

what is a distributed denial of server (DDoS) attack?

This is when computer form all over the world are innocently hijacked to take part in a DoS attack, each sending only small parts of the entire data flood.

This is done by infecting the computers with malware (usually without the user knowing) - the attack is called a botnet attack

New cards
11

What are the compromised machines in a DDoS referred to as?

zombies or bots

New cards
12

What is a cyber attack?

-Unauthorised access to a computer, or a network, or data held on any digital device or network

-Theft of data form a computer or network

-Damage to a computer or network or data held there

New cards
13

If someone guesses your password what can they do?

They can access your:

  • files

  • data

  • emails

  • on-line accounts (e.g shops like amazon, social media, on-line bank)

New cards
14

If someone guesses your password what can they do with it?

  • look at your files and data, your emails, your social media and shopping history.

  • Alter or delete anything they find

  • Steal anything they find - information, images, videos - or share it with others

  • Take money from your bank; buy things at your expose

  • post social media or send emails in your name

New cards
15

What are the 3 key dangers of your password being guessed?

-Identity theft - to commit fraud

-Theft or information - to sell it on, or threaten blackmail

-Damage to important information or documents

New cards
16

What is a strong password?

A password which is not easily guesses by human or discovered by password-cracking software.

New cards
17

What is a Brute-force attack?

A method of cracking passwords by trying all possible combinations of characters until the correct one is found, to gain entry into a computer or network.

New cards
18

What method do some cracking software’s use?

They use a dictionary. It tries each word on the dictionary in turn until it finds the right one. This is why you should never have a single word as your password

New cards
19

What is a critical factor of password strength?

Length

New cards
20

What things should you password include to be strong and resist a strong attack?

-No short password (8 or more characters is best)

-A password should contain:

  • Upper and lower case letters

    And

  • Digits 0-9

    And

  • Symbols such as $%&*

-It should not contain easily identifiable words or number like:

  • your name

  • your age

  • your birthdays

New cards
21

What does SQL stand for?

Structure Query Language

New cards
22

What is SQL ?

A programming language largely used in database systems.

It is the language used to build ‘database queries’

It can be used for copying, deleting or adding new data

New cards
23

What is a database?

A computer-based structured collection of information

When user data is submitted using a webform, the program code ‘behind’ the webpage processes the inputs and submits them to the database system on the website.

New cards
24

What is the SQL injection?

It involves SQL commands into a web form instead of legitimate data, in order to try to gain control over a website database server.

Instead of entering legitimate data the hacker could try entering SQL programming statements that seek:

  • get further information about the database

  • get unauthorised information from the database

  • alter or delete part or all of the database

New cards
25

What is a web form?

A collection of information that appears on a web page

New cards
26

What is the computer misuse act?

The law which one can be prosecuted under for committing crimes such as hacking.

New cards
27

What is social engineering? Give an example

Where a hacker seeks to gain access to or get data from a network by relying on computer user’s ignorance of the cyber - dangers or carelessness

Spec definition: Exploiting weaknesses in a computer system by targeting people that use or have access to them

New cards
28

Give an example of social engineering

For example; someone could ask to put in a memory stick into your computer with your login in as their login isn’t working. Someone might fall for it and let them. This memory could install a virus into their computer, or they could install a keylogger.

New cards
29

What is a keylogger?

This is a type of malware that can be installed which records each keystroke made at the keyboard and periodically send the information to the hacker. That could include login details or passwords.

New cards
30

What is Phishing?

Phishing uses social engineering - its about trying to deceive someone in order to get them to release information the hacker wants

New cards
31

What does phishing include?

It involves carefully worded email and very carefully built website

New cards
32

How does phishing work?

-The intended victim receives an email which includes a weblink

-the wording of the email is intended to make the recipient believe it is very important to follow the link - perhaps it an urgent message from their bank, or internet provider/ online store.

-the link takes them to a website that looks exactly like the website of their bank/ internet provider/ online store.

-They are prompted to log in as usual

-The fake website ‘harvests’ the details they type in

-And the hacker s now have their login credentials to use s they wish

New cards
33

Is phishing becoming more common?

Yes

New cards
34

What other threat technologies could a phishing attack include?

The website the phishing email take you to may offer a free download of some tempting or urgently needed software like:

  • a game

  • an anti-virus program

  • an ‘ad-blocker’

and its a free download… however what you downloaded isn’t what you thought it was

New cards
35

Name some phishing statistics

  • it is the most common form of cyber- crime.

  • an average of $136 is lost per phishing attack

  • can also be used to deliver ransomware

  • millennials and gen-z internet users are most likely to fall victim to phishing attacks

New cards
36

What are ‘physical’ threats?

computer equipment can be stolen or damaged

an intruder can steal or damage computers, laptops, servers ect

New cards
37

What types of devices are likely to be stolen or broken?

portable devices such as laptops, tablets ect

New cards
38

What are some physical security precautions that must take place?

look after you hardware

An organisation must:

  • make users aware of the dangers that a follow from a lost of devices

  • have clear policies for equipment

  • warn users of the need to take care of any potable devices when away from the office

  • the following requirement is standard practice is many organisations

New cards
39

What is the National Cyber Security Centre

An organisation which provides advice on all aspects of cyber security to large and small organisations and to general public

New cards
40

What are the 6 software and hardware techniques which can be used to protect from cyber attacks?

  • Anti-malware software

  • Firewall

  • Penetration testing

  • Regular software updates

  • Data input validation and sanitising

  • Encryption

New cards
41

anti-malware software? Give 2 examples of what it does

it protects a computer from malware

  • It can be used to scan an external hard drive/ SSD or memory stick before you try and copy ant files form it

  • It can monitor the activity of your computer to detect any active malware activity

New cards
42

What does anti-malware software do?

  • IT should automatically scans any files you download to check they are not harmful

  • Scans for viruses/ spyware/malware

  • Stops the download of viruses

New cards
43

What can anti-virus software protect from?

It protect your computer from spyware, root kicks, worms, trojan ect

New cards
44

What is a firewall?

A firewall is a network security system to prevent unauthorised access to or from a private network

New cards
45

In what type of network are firewalls commonly found?

In a LAN, which is protected by a firewall implemented as a separate specialist hardware device

New cards
46

What are the 3 purposes of a firewall?

-scans incoming traffic and blocks traffic that is unauthorised

-firewalls can inspect both sending IP addresses and file data contained within an IP packet

New cards
47

Can stand alone computers be protected from hacker by a fire wall?

Yes

New cards
48

What does a penetration tester do?

They aim to discover how resilient a network is against an attack, and offer advice on how to improve it

New cards
49

How can penetration testers used to prevent cyber attacks?

It involves authorised specialists who prove the network for potential weaknesses and attempt to access system and data in he same way.

They will write a report on what they find including recommendations for steps to be taken to improve security not the network

New cards
50

Why are regular software update useful for protecting against a cyber attack?

Updates may add new features or improve usability but very often they are for security reasons.

Software updates are very often to fix such security weaknesses. Failures to update leaves a computer at risk.

New cards
51

How does data input validation help protect against cyber attacks?

It ensures that all inputs by the user are acceptable

It is the programmers responsibility to write ‘validation routines’ into their code to void the effect of invalid data entry

New cards
52

What is SQL injection?

It involves entering SQL commands into a web form instead of legitimate data, in order to gain control over a website database server.

It is the programmer’s responsibility to write relevant ‘sanitising routines’ into their code to protect against malicious input

New cards
53

What could happen if erroneous (incorrect) inputs are made (into an SQL database)?

The program could crash or the program might give wrong or meaningless results

New cards
54

What is data sanitation help guard against SQL injection malicious?

We guard against this type of ‘malicious’ user input by writing our program to detect and reject it.

The programmer writes code that ‘sanitises’ the user input - it checks for malicious input and rejects it.

New cards
55

Essentially what do data validation and Sanitising do?

It limits what a user can enter into the software. BUT they have different aims:

New cards
56

What are the differences between data validation and sanitation?

Validation of user input tries to make sure the input is usable by the program, that it will not cause it to crash or output incorrect or meaningless results

Sanitation of user inputs tries to make sure the input does not contain line of malicious code which could allow a hacker to gain entry to a system

New cards
57

What is encryption?

To scramble data in such a way that only the owner of the data or it intended recipient can ‘unscramble’ it (decryption)

New cards
58

When can data be encrypted?

When saved or when transmitted

New cards
59

What is plain text?

The message you want to encrypt

New cards
60

What is cypher text?

The message after you have encrypted it

New cards
61

What is the decryption key?

The plain text is converted into cypher test using the encryption algorithm

New cards
62

What are two things encryption helps with? (Two uses)

1) ensuring that data being transmitted over a network is encrypted, in case of data interception

2) ensuring data is stored, in case of data theft

New cards
63

What are some ways to avoid human error to protect form cyber attacks?

1) User training

2) acceptable user policy

3) Authentication

4) Strong passwords

5) Two-factor authentication

6) Biometric authentication

7) Access control

8) Physical security

New cards
64

How does user training help protect against cyber attacks

All users of computers in an organisation must b trained to understand cyber threats and how it avoid harm.

Users must understand the seriousness of cyber attacks:

  • The organisation could face serious disruption, or even not be able to operate at all

  • They could lose that amounts of money

  • They could lose customers through loss of reputation

New cards
65

How does acceptable user policy help protect against cyber attacks?

A document that state clearly what use of the computer system network is and it snot permitted.

All users must follow it

New cards
66

What is user authentication?

The process of checking the identity of a user before letting them use the network/ system / app

New cards
67

What is a common way of authentication?

  • finger prints

  • face recognition

  • logins and passwords (strong passwords)

New cards
68

How does enforcing strong passwords help prevent against a cyber attack?

Networks managers should set up their network system to that users cannot set weak passwords

There should be system-enforced requirements for passwords

New cards
69

What is a two-factor authentication?

It is a two step authentication, which is a security system that requires two distinct forms of identification in order to access something.

Commonly you for login with user name and password then you use a one-time PIN sent then and there to your phone

New cards
70

What is biometric authentication?

A security system that users one or more unique features to the individuals body to guarantee they are who they are

New cards
71

What are common biometric authenticator?

  • fingerprints

  • voice recognition

  • handwriting

  • face recognition

  • eye-scanners

New cards
72

Give an example for why biometric authentication won’t always work?

-finger prints for examples won’t work well if hands are wet - so no good in a swimming pool

-face recognition is not so successful where hats/ masks/ helmets/ glasses are worn

New cards
73

What is access control?

It is all about controlling who ca do what on a network

  • Who can access data

  • Who can edit/ delete data

  • Who can use what system/ software/ database

Not everyone should be able to do everything

New cards
74

What are the levels of access control?

1) Ready only - can open and view files only

2) read-write - can open and make changes

3) read-write-delete - can also delete the file

4) no access at all - hidden, invisible to the user

New cards
75

What is physical security?

Refers to keeping computer equipment safe from theft or physical damage.

Its all about protecting hardware, such as:

  • fixed items: desktop computers, servers, switches etc

  • Portable items: laptops. tablets. phones; as well as removable hard drives and memory sticks

New cards
76

How can physical security ONSITE be used to protect against cyber attacks?

-lock rooms with computer equipment in when not in use

-lock the server room; only authorised personal are allowed the key or keycode

-control access to building: key-cards, receptionists ect

-buildings/ rooms should have a intrusion detection

New cards
77

What physical security OFF SITE must be used to protect against cyber attacks?

keep portable devices safe:

-they must not be left where they can be interfered with or stoleN by members of of the public

New cards

Explore top notes

note Note
studied byStudied by 2 people
... ago
5.0(1)
note Note
studied byStudied by 26467 people
... ago
4.5(126)
note Note
studied byStudied by 14 people
... ago
5.0(2)
note Note
studied byStudied by 55 people
... ago
5.0(1)
note Note
studied byStudied by 1 person
... ago
5.0(1)
note Note
studied byStudied by 17 people
... ago
5.0(1)
note Note
studied byStudied by 158 people
... ago
5.0(1)
note Note
studied byStudied by 7 people
... ago
5.0(1)

Explore top flashcards

flashcards Flashcard (20)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (29)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (98)
studied byStudied by 23 people
... ago
4.0(1)
flashcards Flashcard (161)
studied byStudied by 8 people
... ago
5.0(1)
flashcards Flashcard (67)
studied byStudied by 16 people
... ago
5.0(1)
flashcards Flashcard (43)
studied byStudied by 9 people
... ago
5.0(1)
flashcards Flashcard (41)
studied byStudied by 4 people
... ago
5.0(1)
flashcards Flashcard (48)
studied byStudied by 9 people
... ago
5.0(1)
robot