1.4 network security

avatar
Created by
anisah

Cards (20)

  • Ways a computer system or network can be attacked
    • Malware
    • Social engineering
    • Brute force attacks
    • Denial of service attacks
    • Data interception
    • SQL injection
  • Virus
    Is hidden inside, or attached to, another file or program. Deletes or corrupts data and files.
  • Worm
    Is self-replicating. Slows the computer and creates back doors.
  • Trojan
    Looks like legitimate software
  • Ransomware
    Denies a user access to their system until a ransom is paid.
  • Spyware
    Is often bundled with free software. Logs activity and keystrokes and sends these back to a criminal.
  • Pharming
    Redirects a user to a spoof website without their knowledge by modifying DNS entries.
  • Types of malware
    • Virus
    • Worm
    • Trojan
    • Ransomware
    • Spyware
    • Pharming
  • Ways of preventing malware
    • Install anti-virus and anti-spyware software
    • Ensure that the operating system is up to date
    • Implement user access levels to prevent standard users from being able to install software
    • Only download programs from trusted websites
    • Educate users about the risks of opening emails and attachments from unknown sources
  • Social engineering
    Tricking or manipulating people into giving away critical information or access details
  • Methods of social engineering
    • Phishing
    • Pretexting
    • Shouldering
  • Ways to prevent social engineering
    • Educate users so that they are aware of the tactics of criminals and can guard against them
    • Ensure that network and security policies are followed
  • Ways to prevent brute force attacks
    • Use long passwords that include special characters
    • Use complex passphrases rather than single words
    • Use a password manager
    • Limit the number of login attempts allowed
    • Use two-factor authentication
  • Denial of service attack
    Flooding a server with bogus requests in order to bring it down
  • Ways to prevent denial of service attacks
    • Install a firewall to reject packets that originate from the same source or that have identical contents
    • Configure a firewall to restrict the number of packets that can be accepted within a particular time frame
  • SQL injection
    Using SQL commands entered into input fields on online forms to gain access to databases
  • Ways to prevent SQL injection
    • Use input validation to set password and username rules that don't permit characters which can be used in SQL injection attacks
    • Use input sanitisation to remove special characters and SQL command words from an input before processing it
  • Data interception
    Intercepting network communications on their way to their destinations
  • Ways to prevent data interception
    • Use strong encryption, especially on Wi-Fi networks
    • Do not use unencrypted free public Wi-Fi networks
    • Use MAC address authentication on networks so that only known devices can connect
    • Ensure that websites are using HTTPS connections so that if data is intercepted it cannot be read
  • Penetration testing

    Used to identify weaknesses and vulnerabilities in computer systems so that they can be addressed