1.4 Network Security
Cards (28)
- Malware: software that is designed to perform malicious actions on your computer
- The 3 types of malware:
- Viruses: attached to normal programs and spread though a system causing harm to your computer
- Worms: spread from device to device. They are self replicating and can spread around a network
- Trojan: pretends to be a sage and normal program when it will cause harm to your computer
- Social engineering: using humans as the weak point to a computer system
- Types of Social Engineering:
- Phishing - emails are sent acting as legitimate business to trick people into giving private information.
- Shouldering - looking over someones shoulder and seeing them enter a password.
- Blagging - attacker offers an unrealistic promise in order to gain private information.
- Brute Force Attack: Different passwords are tried repetitively in order to crack a password. These can use a dictionary of words or phrases to gain access to a computer system or network
- DDOS: A network of infected machines send a huge amount of data and requests to slow down a network so it becomes unstable
- Data Interception: Packet singers are used to analyse data that is sent around a network, the data is then sent to the hacker.
- Penetration Testing: Ethical hacker would apply the same techniques as a hacker would, in order to highlight any gaps in security.
- Black box penetration testing is used to simulate an external attack whereas white box hacking is used to simulate a malicious insider
- Penetration Testing Prevents:
- SQL Injection
- Anti-Malware Software: Scans your computer to check for any known defined malware, in order to remove it.
- Firewalls: Manages incoming and outgoing transmissions from a network. There are rules that are followed to allow acceptable communication, which are known as the firewall policy
- Firewalls Prevent:
- Phising
- DDOS
- User Access Levels: The permissions a user has on a network.
- User Access Levels Prevent:
- SQL Injection
- Secure Passwords: Passwords are codes that are used to authenticate a user and enable access to systems or accounts. A secure password reduces the likelihood of unauthorised access, and includes a combination of uppercase, lowercase, number and special characters
- Secure Passwords Prevent:
- Brute Force Attacks
- Social Engineering
- Encryption: The process of scrambling data so that it wouldn’t make sense to someone reading it. The sender and receiver exchange keys in order to decrypt the message
- Encryption Prevents:
- Data interception
- Physical Security: Ensuring that servers are inaccessible, and that the physical environment is secure.
- Physical Security Prevents:
- Data Interception
- SQL Injections are prevented by:
- Penetration Testing
- User Access Levels
- Input Validation
- Data interception is prevented by:
- Encryption
- Physical security
- Strong passwords
- Training staff to make sure they lock their computers
- Phishing is prevented by:
- Firewalls
- Training staff to notice phishing emails
- Malware is prevented by:
- Anti-Malware software
- Firewall
- Spam filter
- Brute Force Attacks are prevented by:
- Strong Passwords
- 2 factor authentication
- Progressive delays
- DDOS are prevented by:
- Firewalls, to stop packets of data sent by the attacker
- Configuring web server
- Threats to networks:
- Malware
- Social Engineering
- Brute Force Attacks
- DDOS
- Data Interception
- SQL Attacks