Network security

Malware

Viruses

Well-known type of malware.

Self-replicating pieces of code.

Sends copies across networks.

Damages files and takes up memory space.

Trojans

Pieces of malware disguised as legitimate programs.

Once they are inside a system they can do as much damage as a virus,

Convinces the computer or user that they are supposed to be on the system.

Adware

Annoying more than harmful.

Intrusive.

Monitors browser behaviour.

Spyware

Same as adware but collects passwords and credit card numbers.

Information can be forwarded across a network.

Social engineering

Blagging

Tricking a person into handing over information.

Phishing

Sending a link via email or social media that takes the user to a site that looks like what it's masquerading as.

Steals a copy of their username and password when they try to log in.

Pharming

User is tricked into entering confidential data.

Does not need the user to clock on a link.

User is redirected having typed in the correct URL.

Shouldering

Least high tech.

Looking over a person's shoulder to see as they're typing in their passwords.

Active attacks

Brute force attack

Cycles alphabetically using computer software.

Can easily be defended against through long complex passwords that can require trillions of years to crack.

Denial of service attack

If computer B requests a file from computer A, a little of computer A's bandwidth and computing capability is used up.

If many computers access computer A at the same time a lot of its resources are used up.

This makes the computer system seize up.

This means that legitimate requests cannot be serviced.

Lots of big companies have been subject to this.

SQL injection

SQL stands for structured query language, and it is used to read and manipulate the contents of databases.

In poorly designed systems it's possible for a hacker to enter an SQL command into a publicly accessible program such as a text box.

This could instruct a database to provide the hacker with an entire copy of itself or delete the entire database.

This is known as an SQL injection.

Passive attacks

Interception

When you use a network, data passes between your computer and others, and it is possible to intercept this.

This includes passwords and other sensitive data.

Misconfigured access rights

Allows staff to manipulate data that customers can only read.

If this is set up incorrectly the customer might be able to manipulate & damage data accidentally or maliciously.

Employee threat

Already have a password so breaching security is easier.

Access rights need to be correctly configured.

Remedied by blocking email and data transfer & removing USB ports from computers.