Please enable JavaScript.
Coggle requires JavaScript to display documents.
Topic 4- Network Security - Coggle Diagram
Topic 4- Network Security
Malware
General term used for any malicious software that can cause harm to a computer system
Includes: Viruses, Worms, Trojans
Virus- Installed without the users knowledge. It is a program that embeds itself in other programs. The virus is spread through users sending files.
Worm- a standalone program that does not need to attach itself to an existing program.
Trojan- Named after the greek Myth of the Trojan Horse. It pretends to be a program that is legitimate but actually contains ways that might invite the user to create a 'backdoor' to the system. This is often done by the user clicking on what they think is genuine link.
Can be prevented and stopped through the use of an antivirus
Social Engineering
Social Engineering is when a person is tricked into sharing confidential or private information. It may allow the perpetrator to access back accounts or clone an identity.
Includes: Phishing, Blagging and taking advantage of human error
Phishing- Phishing is one of the most common forms of social engineering and are often presented as emails that have links in that are designed to steal personal information or login details. They often contain links to fraudulent websites that look similar to genuine ones but is actually there to log the personal details
Blagging- This is the act of 'knowingly or recklessly obtaining or disclosing personal data or information without the consent of the controller (owner of the data). This may result in someone been given access to files or rights to which they should not have allowing them to potentially delete, alter and add malware to a system.
Blagging is commonly used via social media sites with quizzes and surveys that are designed to gather information such as birth dates, first pets or favourite colours; these are all common security questions used by financial institutions!
Human Error- Humans are more often than not the weakest point in a security system. By not taking precautionary measures such as resetting passwords, entire systems can be put in jepoardy.
Prevented through education of the users of a system
Brute Force Attacks
Brute force attacks are when a list of different passwords or letters are gone through until access to the account is gained. Many passwords, despite advice otherwise, still relate to personal information such as birth dates, family names pets etc and these are relatively simple to work through using a dictionary attack.
Prevented using systems where only 3 passwords can be entered before being locked out for an amount of time. Also prevented through the use of strong ungessable passwords.
Denial of Service Attacks
An attempt to prevent legitimate users from accessing a website. This might occur when a company's network is flooded with traffic that it might not normally expect. This can give the appearance of the website having crashed or being unresponsive.
This is often used to cause financial harm to companies so customers cannot access websites
DDoS
This is when a system is 'attacked' by a number of 'bots' simultaneously leading to a specifically timed attack to cause disruptions to a service.
Can be prevented by using firewalls