1.4

    avatar
    Created by
    KP

    Cards (23)

    • Define malware. (1)
      Software designed to disrupt, damage or gain unauthorised access to computer system.
      View source
    • Identify 6 examples of malware. (7)
      - Viruses
      - Trojan horses
      - Worms
      - Ransomware
      - Spyware
      - Adware
      View source
    • Describe how malware harms a computer. (4)
      - Files deleted, corrupted or encrypted
      - Computers crash, spontaneously reboot & slow down.
      - Internet connections slower
      - Keylogging - inputs e.g. passwords logged + sent to hackers
      View source
    • Identify 6 ways to prevent against malware. (6)
      - Take caution when opening attachments or downloading software
      - Firewall
      - Antivirus
      - Anti-spyware
      - Spam filter
      - Back up files in case ransomware encrypts them
      View source
    • Define social engineering. (1)
      Psychologically manipulating people into divulging private information.
      View source
    • Define phishing. (4)
      - Fraudulent practice of sending emails
      - disguised as trustworthy source
      - to trick users into revealing personal information
      - e.g. passwords & credit card details
      View source
    • Describe how phishing harms a user & a company. (4)
      User:
      - Hacker accesses victim's bank account to withdraw & spend money
      - Via cashing illegitimate cheques or buying services

      Company:
      - Hacker gains access to high-value corporate data
      - Financial services can blacklist company, damaging reputation
      View source
    • Identify 5 ways how people can be 'the weak point' in the system. (5)
      - Not updating anti-malware
      - Not logging off comp.
      - Not encrypting data
      - Leaving printouts with sensitive info around
      - Sharing passwords
      View source
    • Describe how to prevent against phishing. (3)
      Train to:
      - Spot fake emails & websites
      - Not disclose personal information
      - Disable browser popups
      View source
    • Define brute-force attack. (3)
      - Trial & error method
      - where software iterates many password/PIN attempts
      - e.g. trying every word in dict.
      View source
    • State the purpose of brute-force attacks. (2)
      - Crack password of account/company
      - to access sensitive information & steal data
      View source
    • Describe how to prevent against brute force attacks. (4)
      - Lock account after certain amount of unsuccessful password attempts
      - Progressive delays e.g. 1 hour locked
      - Use complex passwords e.g. "th1s!sn0tmYP@ssw0rdBtW"
      - Challenge-response authentication e.g. reCAPTCHA
      View source
    • Define denial of service (DoS) attack. (2)
      - Flooding server with useless traffic
      - so becomes overloaded & unavailable
      View source
    • Define distributed denial of service (DDoS) attack. (2)
      - Multiple compromised comps. (zombies) often infected with trojan.

      - Botnet targets victim, causing DoS attack.
      View source
    • Describe how a DDoS/DoS attack harms a company. (4)
      - Loss of access to service for customers
      - so lost revenue
      - Lower productivity
      - Damaged reputation
      View source
    • Describe how to prevent against DDoS/DoS attacks. (4)
      - Firewall

      - Packet filters on router

      - Configure server w/ modules to halt unwanted traffic

      - Log systems to identify & manage traffic
      View source
    • Define data interception and theft. (3)
      - Stealing data from unaware victim
      - with intent of obtaining private info
      - often with packet sniffers to log data transmitted on network
      View source
    • Describe how data interception and theft harms a user. (3)
      - Usernames & passwords compromised
      - allowing unauthorised access to accounts
      - leading to disclosure & theft of data
      View source
    • Describe how to prevent against data interception and theft. (3)
      - Encryption via VPNs
      - Lock computer when logging off with secure password
      - Investigate network vulnerabilities
      View source
    • Define SQL injection. (3)
      - Inserting malicious SQL code into input box
      - so code executed by server
      - allowing vulnerable database to be viewed/edited
      View source
    • Describe how an SQL injection can be harmful. (4)
      - Database contents returned, revealing private data
      - e.g. usernames & passwords
      - Database dropped
      - causing mass data loss
      View source
    • State 3 ways to prevent against SQL injections. (3)
      - Input sanitisation
      - Parameter queries
      - Penetration testing
      View source
    • State how 7 prevention methods can protect a network. (7)
      - Penetration testing - people hack own database to identify & fix vulnerabilities

      - Anti-malware - prevents viruses from infecting system

      - Firewall - prevents unauthorised access

      - User access levels - users have restricted access

      - Secure passwords - harder to guess/crack by brute force

      - Encryption - intercepted data rendered useless

      - Physical security e.g. cameras, alarms - identifies intruder
      View source