System Security
- Created by: 15j.price
- Created on: 03-06-19 10:05
View mindmap
- System Security
- Forms of attacks
- social engineering
- a person is tricked into giving away info that gives others access
- passive
- spying on a system to identify vulnerabilities
- insider
- an employee, former employee, contractor or business associate that has access to the system may steal sensitive information or give away access details to others
- active
- using software (e.g. virus) or other technical methods to gain access
- social engineering
- Passwords
- One of the most common ways that a cyber-criminal can gain entry to a computer system if the user does not have an adequate password or does not keep the password secret
- Removable media
- there are 2 threats with removable media:
- the removable media getting infected with malware
- the removable media getting in the wrong hands
- there are 2 threats with removable media:
- Software patches
- fix known security problems in software but also notify cyber-criminals that there was a problem so anybody NOT uploading the latest patch is vulnerable
- Penetration testing
- black-box
- outside person test to find faults e.g. hacker
- white-box
- inside person test to find faults e.g. employee
- black-box
- Types of attacks
- phishing
- when a criminal sends an email or text message pretending to be a bank or official account to ask for personal information
- data interception
- when the cyber-criminal spies on the network traffic and gathers the information they need or alters information as it moves around the system
- brute force attack
- a method used to obtain information such as a user password or personal identification number (PIN) through trial and error
- SQL injection
- when a cyber-criminal inputs SQL code into an online form to side-step the need to enter a valid user ID or password it is known as SQL injection
- malware
- a term to describe a variety of hostile or intrusive software
- Denial of Service (DoS)
- when they cyber-criminal sends loads of messages flooding the targeted server with messages to overload the system and stop legitimate customers and users from accessing the server
- phishing
- Security solutions
- firewalls
- a filter between a network and the internet. it does not stop everything from entering the network bu allows a filtered amount through
- network policy
- should include rules for: generating passwords, user access levels, responsibility of training, use of removable media, firewall setting, installing and updating anti-malware software and software patches and details of penetration testing
- network forensics
- a specialist area that involves monitoring and examining data to discover the source of security attacks and other illegal activities
- encryption
- a method of altering the original message using a secret code that only authorised computers on the network know
- access rights
- define who has permission to access data on the computer system
- firewalls
- Forms of attacks
Comments
No comments have yet been made