information security

avatar
Created by
Jabulile Dhlamini

Cards (35)

  • Website Spoofing
    1. A highly prevalent form of spoofing attack usually used in tandem with spoofed emails containing links to the site
    2. Involves designing a fake website that closely resembles a trusted or well-known website
    3. Spoofed websites prompt victims to enter credentials or sensitive information and can be used to distribute malware
  • Worms
    A type of malicious software program that infects other computers while remaining active on infected systems
  • Malware
    1. Software that is written for malicious purposes
    2. Viruses replicate or copy themselves and have a detrimental effect
    3. Trojan Horse is often disguised as legitimate software
    4. Spyware covertly obtains information about computer activities
    5. Keylogger monitors and records each keystroke typed on a specific computer’s keyboard
  • Basic security terminology
    • Malware
    • Spoofing attacks
    • Network-based attacks
    • Social engineering attacks
    • How to protect/mitigate against these attacks
  • Users are considered the weakest component of a security system
  • Malware is software written for malicious purposes
  • Social Engineering
    A type of attack that targets the weakest components of a security system, the users
  • Keylogger monitors and records each keystroke typed on a specific computer’s keyboard
  • Website Spoofing involves designing fake websites resembling trusted sites to prompt victims to enter sensitive information
  • Denial of Service (DoS) attack floods a server or network with traffic to deny legitimate users access
  • Trojan Horse is a type of malware often disguised as legitimate software
  • Baiting attacks tempt victims into traps that steal personal information
  • Other types of spoofing attacks
    • DNS Spoofing
    • IP Spoofing
    • MAC Spoofing
  • Email Spoofing
    1. The victim is targeted using email communication
    2. The sender looks like a trusted source with an email address that closely resembles the original address
    3. Spoofed emails can be used to distribute adware, ransomware, Trojans, cryptojackers, or malware
  • Malware
    • Viruses
    • Trojan Horses
    • Spyware
    • Key-loggers
  • “CIA” triad of security requirements
    • Confidentiality
    • Integrity
    • Availability
    • Authenticity
    • Non-repudiability
  • Viruses replicate or copy themselves and have a detrimental effect on systems or data
  • Types of Social Engineering
    • Baiting
    • Scareware
  • Worms infect other computers while remaining active on infected systems
  • Email Spoofing targets victims using email communication with a sender that appears as a trusted source
  • Spyware covertly obtains information about computer activities
  • Denial of Service (DoS) attack
    When a server or network is flooded with traffic to deny legitimate users access
  • Scareware involves bombarding victims with alarming messages to trick them into taking harmful actions
  • Social Engineering targets users as the weakest component of a security system
  • Scareware
    • Users are deceived to think that their system is infected with malware or that some files are corrupted, prompting them to install software that has no real benefit to them but is beneficial to the perpetrator
  • Pretexting
    • The scam usually involves the perpetrator pretending to need sensitive information so as to perform a critical task
  • How do we protect ourselves against security attacks?
    1. Use a firewall
    2. Apply the latest updates
    3. Use an up-to-date Antivirus
    4. Don’t open files of unknown origin
    5. Use Passwords
    6. Use multifactor authentication
  • Baiting
    • The most common type of baiting is leaving a malware-infected flash drive in an area where the intended victim will see it and most likely use it
  • Social Engineering
    • Baiting attacks tempt a victim into a trap that steals their personal information
    • Scareware involves bombarding the victim with false alarms and fictitious threats
    • Pretexting involves obtaining information through a series of cleverly crafted lies
    • Phishing attempts to steal money or identity by getting victims to reveal personal information
    • Spear Phishing is a targeted version of phishing where attackers tailor messages based on victims' characteristics
  • For example, if you want to access your Gmail account
    You need your login credentials plus access to your phone, where a verification code will be sent
  • Spear Phishing attack

    • An attacker tailors messages based on the characteristics, job position, and contacts of their victims to make their attacks more difficult to detect
  • Phishing attack
    • Attackers attempt to steal money or identity by getting victims to reveal personal information such as credit card numbers, bank information, passwords
  • Two-Factor Authentication (2FA) is a common example of multifactor authentication
  • Using multifactor authentication
    Helps ensure your account’s protection in the event of system compromise
  • Multi-factor authentication is an authentication method that requires the user to provide two or more verification factors to access a system