Please enable JavaScript.
Coggle requires JavaScript to display documents.
1.6 System Security (Malware (anti-malware software may be installed, but…
1.6 System Security
(MIM) Data Interception
-
Strong computer policies and training can prevent the former. Encryption, VPNs and network forensics can prevent the later
-
Prevention: Encryption, Virtual Private Networks(VPN), Passwords, logging off, network forensics
-
Malware
anti-malware software may be installed, but it may not be up to date
viruses and worms are similar- both an self replicate and spread, both cause damage. Viruses require a 'host' file to spread..whereas worms can spread by themselves
'fools' engaging in web surfing, shopping, banking, email, insatnt messaging, and gaming without proper protection are the target
Trojans disgusie themselves as legit software, after installed take over key system functions
-
Prevention: Up to date software...Strong Firewall...Training(caution of opening emails)...Backup files regularly
SQL Injection
-
By entering SQL code into search text boxes of a database, you may be able to output or change records in a database if it has not been programmed using modern techniques
the file uses a database to store the username/password combinations so could be susceptible to a SQL injection attack.
DoS(Denial of Service)
Malware distributes software to zombie computers that send many requests to a server to bring it down
-
-
Prevention:Strong firewall...Packet filters on routers..Well configured web-server..Good network policy:Audits,l ogs&monitoring
Brute Force Attack
A trial and error method of attempting passwords. Automated software is used to generate a large number of consecutive guesses
A dictionary hack attempts every every word in the dictionary and is an effective technique because many people use passwords that are ordinary words
You can try repeated trial and error of username/password combinations. This may work if any of the passwords are weak. You do not have time to write code to speed this process up
Prevntion: Lock account after3 incorrect password attempts....Strong Passwords....Use i am not a robot.....Two-Factor Authentication
Phishing
Social Engineering: anything that relies on social skills to trick people into revealing info or act in a way that breaks normal security procedures.
-
Prevention: Up to date security software...Training in: Awareness of spotting fake emails and websites...Not disclosing personal or company info....disabling pop-ups
-