1.4

avatar
Created by
KP

Cards (23)

  • Define malware. (1)
    Software designed to disrupt, damage or gain unauthorised access to computer system.
  • Identify 6 examples of malware. (7)
    - Viruses
    - Trojan horses
    - Worms
    - Ransomware
    - Spyware
    - Adware
  • Describe how malware harms a computer. (4)
    - Files deleted, corrupted or encrypted
    - Computers crash, spontaneously reboot & slow down.
    - Internet connections slower
    - Keylogging - inputs e.g. passwords logged + sent to hackers
  • Identify 6 ways to prevent against malware. (6)
    - Take caution when opening attachments or downloading software
    - Firewall
    - Antivirus
    - Anti-spyware
    - Spam filter
    - Back up files in case ransomware encrypts them
  • Define social engineering. (1)
    Psychologically manipulating people into divulging private information.
  • Define phishing. (4)
    - Fraudulent practice of sending emails
    - disguised as trustworthy source
    - to trick users into revealing personal information
    - e.g. passwords & credit card details
  • Describe how phishing harms a user & a company. (4)
    User:
    - Hacker accesses victim's bank account to withdraw & spend money
    - Via cashing illegitimate cheques or buying services

    Company:
    - Hacker gains access to high-value corporate data
    - Financial services can blacklist company, damaging reputation
  • Identify 5 ways how people can be 'the weak point' in the system. (5)
    - Not updating anti-malware
    - Not logging off comp.
    - Not encrypting data
    - Leaving printouts with sensitive info around
    - Sharing passwords
  • Describe how to prevent against phishing. (3)
    Train to:
    - Spot fake emails & websites
    - Not disclose personal information
    - Disable browser popups
  • Define brute-force attack. (3)
    - Trial & error method
    - where software iterates many password/PIN attempts
    - e.g. trying every word in dict.
  • State the purpose of brute-force attacks. (2)
    - Crack password of account/company
    - to access sensitive information & steal data
  • Describe how to prevent against brute force attacks. (4)
    - Lock account after certain amount of unsuccessful password attempts
    - Progressive delays e.g. 1 hour locked
    - Use complex passwords e.g. "th1s!sn0tmYP@ssw0rdBtW"
    - Challenge-response authentication e.g. reCAPTCHA
  • Define denial of service (DoS) attack. (2)
    - Flooding server with useless traffic
    - so becomes overloaded & unavailable
  • Define distributed denial of service (DDoS) attack. (2)
    - Multiple compromised comps. (zombies) often infected with trojan.

    - Botnet targets victim, causing DoS attack.
  • Describe how a DDoS/DoS attack harms a company. (4)
    - Loss of access to service for customers
    - so lost revenue
    - Lower productivity
    - Damaged reputation
  • Describe how to prevent against DDoS/DoS attacks. (4)
    - Firewall

    - Packet filters on router

    - Configure server w/ modules to halt unwanted traffic

    - Log systems to identify & manage traffic
  • Define data interception and theft. (3)
    - Stealing data from unaware victim
    - with intent of obtaining private info
    - often with packet sniffers to log data transmitted on network
  • Describe how data interception and theft harms a user. (3)
    - Usernames & passwords compromised
    - allowing unauthorised access to accounts
    - leading to disclosure & theft of data
  • Describe how to prevent against data interception and theft. (3)
    - Encryption via VPNs
    - Lock computer when logging off with secure password
    - Investigate network vulnerabilities
  • Define SQL injection. (3)
    - Inserting malicious SQL code into input box
    - so code executed by server
    - allowing vulnerable database to be viewed/edited
  • Describe how an SQL injection can be harmful. (4)
    - Database contents returned, revealing private data
    - e.g. usernames & passwords
    - Database dropped
    - causing mass data loss
  • State 3 ways to prevent against SQL injections. (3)
    - Input sanitisation
    - Parameter queries
    - Penetration testing
  • State how 7 prevention methods can protect a network. (7)
    - Penetration testing - people hack own database to identify & fix vulnerabilities

    - Anti-malware - prevents viruses from infecting system

    - Firewall - prevents unauthorised access

    - User access levels - users have restricted access

    - Secure passwords - harder to guess/crack by brute force

    - Encryption - intercepted data rendered useless

    - Physical security e.g. cameras, alarms - identifies intruder