defences

avatar
Created by
yana

Cards (20)

  • Penetration tests

    Carried out as part of ethical hacking to review the system's security, find any risks or weaknesses, and fix them
  • Types of penetration tests
    • Internal tests
    • External tests
    • Blind tests
    • Targeted tests
  • Internal tests
    To see how much damage could be done by somebody within the company with a registered account
  • External tests
    For white hat hackers to try and infiltrate a system from outside the company
  • Blind tests
    Done with no inside information, to simulate what a real attacker would have to do to infiltrate the system
  • Targeted tests
    Conducted by the company's IT department and the penetration team cooperating together to find faults in the system
  • Anti-malware software

    Used to locate and delete malware, like viruses, on a computer system
  • How anti-malware software works
    1. Scans each file on the computer and compares it against a database of known malware
    2. Identifies and deletes files with similar features to malware in the database
  • New forms of malware are created each day by attackers, so anti-malware software must be regularly updated to keep systems secure
  • Roles of anti-malware software
    • Checking all incoming and outgoing emails and their attachments
    • Checking files as they are downloaded
    • Scanning the hard drive for viruses and deleting them
  • Firewall
    Manages incoming and outgoing network traffic by processing each data packet to check whether it should be given access to the network
  • Roles of a firewall
    • Blocking access to insecure / malicious web sites
    • Blocking certain programs from accessing the internet
    • Blocking unexpected / unauthorised downloads
    • Preventing specific users on a network accessing certain files
  • Rules for choosing a strong password
    • Contains a mix of uppercase and lowercase letters, punctuation and numbers
    • Is of a substantial length (at least 8 characters)
    • Is regularly changed
  • Types of access levels
    • Read-Only
    • Read and Write
    • No access
  • Read-Only access
    User can only view a file and is not allowed to change any data
  • Read and Write access
    User can read and edit the data in a file
  • Encryption
    The process of scrambling data into an unreadable format so that attackers cannot understand it if intercepted during transmission
  • How encryption works

    1. The original data (known as plaintext) is converted to scrambled ciphertext using an encryption key
    2. Only at the correct destination will the encryption key be used to convert the ciphertext back into plaintext to be understood by the receiving computer
  • Forms of physical security
    • Locks
    • Biometric devices
    • Keycards
    • Security staff
    • CCTV cameras
    • Alarms
  • Biometric devices
    Require the input of a human characteristic (such as fingerprint, iris or voice) that is checked against previously inputted data in a database