Network Security Threats

avatar
Created by
ali G

Cards (58)

  • Government agencies sometimes use data interception for cyber security purposes - this is called Lawful Interception
  • Network attacks come in different forms
  • A passive attack is where someone monitors data travelling on a network and intercepts any sensitive information they find
  • Someone performing a passive attack uses network-monitoring hardware and software such as packet sniffers
  • Passive attacks are hard to detect as the hacker is quietly listening
  • The best defense against passive attacks is data encryption
  • An active attack is when someone attacks a network with malware or other planned attacks. They're more easily detected
  • The main defence against active attacks is a firewall
  • In an insider attack someone within an organisation exploits their network access to steal information
  • A brute force attack is a type of active attack used to gain information by craking passwords through trial and error
  • Brute force attacks use automated software to produce hundreds of likely password combinations
  • Hackers may try lots of passwords againts one username or vice versa
  • Simple measures like locking accounts after a certain number of attemps and using strong passwords will reduce the risk of a brute force attack
  • A denial-of-service (DoS) is where a hacker tries to stop users from accessing a traffic, making the network extremely slow or completely inaccesible
  • Malware is software that can harm devices
  • Malware (malicious software) is installed on someone's device without their knowledge or consent
  • Typical actions of malware include:
    • Deleting or modifying files
    • Scareware - e.g. it tells the user their computer is infected with loads of viruses to scare them into following malicious links or paying for problems to be fixed
    • Locking files - ransomware encrypts all the files on a computer. The user receives a message demanding a large sum of money be paid in exchange for a decryption key
  • Typical actions of malware include:
    • Spyware - secretly monitors user actions, e.g. key presses, and sends info to the hacker
    • Rootkits alter permissions, giving malware and hackers administrator-level access to devices
    • Opening backdoors - holes in someone's security which can be used for future attacks
  • Malware can access your device in many ways:
    • Viruses attach (by copying themselves) to certain files, e.g. .exe files and autorun scrips. Users spread them by copying infected files and activate them by opening infected files
    • Worms are like viruses but they self-replicate without any user help, meaning they can spread very quickly. They exploit weaknesses in network security
    • Trojans are malware disguised as legitimate software. Unlike viruses and worms, Trojans don't replicate themselves - users install them not realising they have a hidden purpose
  • A lot of the time, security threats arise because organisations fail to properly secure their network - they might neglet to encrypt their data or use bad code. Other instances are a result of hackers manipulating employees
  • People are often the weak point in secure systems
  • Social engineering is a way of gaining sensitive information or illegal access to networks by influencing people, usually the employees of large companies
  • A common form of social engineering takes place over the phone - someone rings up an employee of a company and pretends to be a network administrator or somebody else within the organisation. The social engineer gains the employee's trust and persuades them to disclose confidential information
  • Another type of social engineering is phishing
  • Phishing is when criminals send emails or texts to people claiming to be from a well-known business, e.g. a bank or online retailer
  • Phishing emails often contain links to spoof versions of the company's website. They then request that the user update their personal information
  • In phishing, when the user inputs data into a spoof website they hand it over to the criminals, who can then access their genuine account
  • Phishing emails are often sent to thousands of people, in the hope that someone will read the email and believe its content is legitimate
  • Many email programs, browsers and firewalls have anti-phishing features that will reduce the number of phishing emails received. There are often giveaways that you can spot, e.g. poor grammar
  • Emails asking users to follow links or update personal details should always be treated with caution
  • The best way for companies to prevent social engineering attacks is by educating employees on the risks and what to look out for - even the best software can't stop someone from giving away a password
  • SQL injections give criminals easy access to insecure data
  • Networks which make use of databases are vulernable to SQL injection attacks
  • SQL stands for Structured Query Language - it's one of the main coding languages used to access information in databases
  • SQL injections are pieces of SQL typed into a website's input box which then reveal sensitive information
  • A website may allow you to view your account information, as long as you enter your password into an input box
  • If the website's SQL code doesn't have strong enough password validation, then someone may be able to enter a piece of SQL code which allows them to access other people's account information as well as their own
  • SQL injection pt.1
    • E.g., to access an online retail account you may need to put in a PIN. When you put in your PIN, 12345, the website's SQL code may be executed like this:
    • SELECT name, address, account number WHERE pin = 12345
    • However, this SQL code does not have strong validation because it doesn't specify that the PIN value has to be numerical. This can be exploited by entering the code "12345 OR 1=1". This code is an SQL injection. Now the SQL query looks like this instead...
  • SQL injection pt.2
    • SELECT name, address, account number WHERE pin = 12345 OR 1=1
    • 1=1 is always true in SQL, so rather than just showing your details, the website instead shows the details of everyone on the website's database
  • If a website's SQL code is insecure, this can be an easy way for hackers to get past a website's firewall