defences

avatar
Created by
yana

Cards (20)

  • Penetration tests

    Carried out as part of ethical hacking to review the system's security, find any risks or weaknesses, and fix them
    View source
  • Types of penetration tests
    • Internal tests
    • External tests
    • Blind tests
    • Targeted tests
    View source
  • Internal tests
    To see how much damage could be done by somebody within the company with a registered account
    View source
  • External tests
    For white hat hackers to try and infiltrate a system from outside the company
    View source
  • Blind tests
    Done with no inside information, to simulate what a real attacker would have to do to infiltrate the system
    View source
  • Targeted tests
    Conducted by the company's IT department and the penetration team cooperating together to find faults in the system
    View source
  • Anti-malware software

    Used to locate and delete malware, like viruses, on a computer system
    View source
  • How anti-malware software works
    1. Scans each file on the computer and compares it against a database of known malware
    2. Identifies and deletes files with similar features to malware in the database
    View source
  • New forms of malware are created each day by attackers, so anti-malware software must be regularly updated to keep systems secure
    View source
  • Roles of anti-malware software
    • Checking all incoming and outgoing emails and their attachments
    • Checking files as they are downloaded
    • Scanning the hard drive for viruses and deleting them
    View source
  • Firewall
    Manages incoming and outgoing network traffic by processing each data packet to check whether it should be given access to the network
    View source
  • Roles of a firewall
    • Blocking access to insecure / malicious web sites
    • Blocking certain programs from accessing the internet
    • Blocking unexpected / unauthorised downloads
    • Preventing specific users on a network accessing certain files
    View source
  • Rules for choosing a strong password
    • Contains a mix of uppercase and lowercase letters, punctuation and numbers
    • Is of a substantial length (at least 8 characters)
    • Is regularly changed
    View source
  • Types of access levels
    • Read-Only
    • Read and Write
    • No access
    View source
  • Read-Only access
    User can only view a file and is not allowed to change any data
    View source
  • Read and Write access
    User can read and edit the data in a file
    View source
  • Encryption
    The process of scrambling data into an unreadable format so that attackers cannot understand it if intercepted during transmission
    View source
  • How encryption works

    1. The original data (known as plaintext) is converted to scrambled ciphertext using an encryption key
    2. Only at the correct destination will the encryption key be used to convert the ciphertext back into plaintext to be understood by the receiving computer
    View source
  • Forms of physical security
    • Locks
    • Biometric devices
    • Keycards
    • Security staff
    • CCTV cameras
    • Alarms
    View source
  • Biometric devices
    Require the input of a human characteristic (such as fingerprint, iris or voice) that is checked against previously inputted data in a database
    View source