Please enable JavaScript.
Coggle requires JavaScript to display documents.
1.4 Network security - Coggle Diagram
1.4 Network security
1.4.2 Identifying and preventing vulnerabilities
Common prevention methods
Penetration testing
Testing to make sure the system is secure from hackers
Discovers weaknesses or vulnerabilities
Black-box penetration testing
Mimics external attack on system
Unauthorised tester tries to get access to system
White-box penetration testing
Mimics attack from insider who has access to system
Helps safeguard against malicious employees
Anti-malware software
Detects, quarantines and removes malware
Can have real-time checker that scans files before they are used to make sure they are safet
Can have scheduled scans preforming checks on a regular basis
Methods of detection
Compares files on computer to a list of known malware to find matches
Monitor files for suspicious activity
When malware detected the software can:
Clean the file
If a programme is infected but you still need the file it is possible remove the malware
Quarantine the file
If you're unsure if the file contains malware, you can quarantine it
Delete the file
Firewalls
Sits between two networks - usually a trusted and untrusted network
Attempts to prevent malicious traffic entering the network
Can be configured to prevent certain types of data leaving the network
Most operating systems include basic firewall functionality
Firewalls are built into network access devices
User access levels
User access to specific files within the system can be restricted
Helps prevent unauthorised access to sensitive data
Possible to restrict level of access a user has
Viewing certain files
Editing certain files
Deleting certain files
Database management systems allow restrictions to be put in place
If a user changes jobs, access rights should be reviewed and updated if necessary and if user leaves the organisation, access right must be removed
Passwords
Passwords are most basic form of authentication
When trying to sign into system, user prompted to enter password
When password entered it is checked by system
If valid - user will be granted access to system
If invalid - access will be denied
Strong passwords are essential to protect data. Strong passwords include:
Upper-case letters
Lower-case letters
Minimum length
Numbers
Special characters
Steps to ensure password safety
Don't use the same password for more than one account
Change your passwords regularly
Don't write passwords down or share passwords
Use a password manager
Use default system passwords if the option as provided
Encryption
Keeps data and communications secret from interceptors
Caesar cipher has been used for centuries to encrypt and decrypt messages using a shared key
Other cipher techniques are asymmetric (sender and recipient use different keys to encrypt and decrypt messages)
Physical security
Most buildings are protected by security mechanisms to control access
Security guards checking only authorised people enter building
Doors or barriers that require a key or access code
CCTV recording movement around site and inside buildings
Servers and communication equipment should be secured in locked areas
1.4.1 Threats to computer systems and networks
Forms of attack
Malware
Created to cause damage or steal data
3 forms of malware
Viruses
Self replicating software
Attaches itself to other programs or files
Designed to send spam, steal data, infect other computers, or corrupt files
Trojans
Software that appears to be legitimate to trick the user
Preforms malicious actions such as data theft, redirecting search requests, installing malware, allowing remote control of computer
Not self replicating
Do not infect other files
Worms
Self replicating and cause damage
Do not require host program to spread
Can damage software
Typically designed to spread and infect devices to waste system resources
Can use up bandwidth and slow down the network
3 purposes of malware
Spyware
Tracks use of computer system
Keyloggers
Capture and transmit data in computer systems
Ransomware
Prevents user from accessing their files
Social engineering
Techniques employed by cybercriminals to deceive users into giving away sensitive information
Types of techniques
Phishing
Victim recieves a message (email or text)
Disguised as a reputable source (bank)
Message includes link and when clicked tricks user into revealing personal information or installing malware
Indicators of phishing
Unexpected request for information
Spelling errors
Suspicious links
Blagging
Perpetrator invests a scenario to convince the victim to give money or data
Indicators of blagging
Suspicious code in email ('Dear <name?>')
Unusual use of language
Spelling mistakes
Attempt to start or continue a conversation
Pharming
User being sent to a fake website the seems real
User tricked into submitting personal information (password or username)
Indicators of pharming
Spelling errors or incorrect logos
Broken or missing links
Browser notification that webpage is insecure
Shouldering
Designed to steal victim's personal information
Attacker watching victim while they provide personal information
Examples
PIN at cash machine
Code to access a secure area
Password whitest they type it in
Brute-force attacks
Computer program generates all combination of characters until it finds the combination matching the password
Dictionary attack
Uses list of passwords (dictionary) to check the password matches the dictionary
Denial of service attacks (DoS)
Servers can cope with a certain volume of traffic
Server is bombarded with requests until it cannot cope with them
Anyone trying to access the server will not be able to get their request processed
Distributed denial of service (DDoS)
Attack comes from network of distributed computer systems (botnet)
Botnet is a network of computers under the control of a single operator
Data interception and theft
Difficult to gain access to a wired network without gaining access to building
Easy to get access to wireless channels if you are close by
Wireless data must be encrypted
SQL injection
Manipulates SQL statement to benefit attacker
SQL (Structure Query Language) is used to use data in a database
Attackers can log into systems by manipulating poorly written queries
SQL injections can do the following
Extract sensitive data
Delete data
Update data
Insert data
Execute commands and install malicious software
Can be avoided by good code and input validation