Zusammenfassung der Ressource
1.6 system security
- forms of
attack
- Malware
- includes viruses, worms
and trojan horses
- worms
- replicate itself in order to spread across a network
- in order to do this it exploits vulnerabilities in a network
- torjan horse
- designed to access a computer by
misleading the user of its intent
- malicious software is designed to cause
damage to a network or computer system
- it attaches itself to files and programs on a computer system
- phishing
- designed to acquire sensitive information
- commonly sent through email
- telephone phishing
- direct phone calls that pretend
to be an official service
- brute force
- trial and error
- can be used for gaining access to
password-based entry systems
- consists of an attacker entering possible
passwords and phrases until one is correct
- data interception and theft
- packets that travel over networks can be intercepted
- if packets are encrypted a key will be needed
- packets reassembled by using a signature
- SQL detection
- social engineering
- relies on human interaction
- involves tricking users into breaking
normal security procedures
- DDOS
- overloading a website with unwanted traffic
- uses a number of computers over a network of infected machines
which send requests to a website which would bring it offline
- preventing attacks
- penetration testing
- tests conducted in a controlled envirmoent
- network forensics
- involves the examination of data
sent across a network
- packet sniffing
- helps a user understand what is being sent
across the network all the time
- packet sniffing without written
permission is a breach of the law
- network policies
- outline rules for network access
- acceptable use policy (AUP)
- anti malware software
- aims to prevent malware from
entering the system
- firewalls
- software that performs as a barrier
- not 100% effective
- can be held on a server or a
stand alone computer
- passwords
- encryption
- data is translated into code
- julius ceasr
- the key tells how many places along
the alphabet the real letter is
- user access levels
- allows a system administrator to set up a hierarchy of users
- lower level users = limited access
- threats posed to networks
- poor network policy
- can expose a network to many threats
- most networks restrict users to
what they can and cant do