System Security

  • Created by: 15j.price
  • Created on: 03-06-19 10:05
View mindmap
  • System Security
    • Forms of attacks
      • social engineering
        • a person is tricked into giving away info that gives others access
      • passive
        • spying on a system to identify vulnerabilities
      • insider
        • an employee, former employee, contractor or business associate that has access to the system may steal sensitive information or give away access details to others
      • active
        • using software (e.g. virus) or other technical methods to gain access
    • Passwords
      • One of the most common ways that a cyber-criminal can gain entry to a computer system if the user does not have an adequate password or does not keep the password secret
    • Removable media
      • there are 2 threats with removable media:
        • the removable media getting infected with malware
        • the removable media getting in the wrong hands
    • Software patches
      • fix known security problems in software but also notify cyber-criminals that there was a problem so anybody NOT uploading the latest patch is vulnerable
    • Penetration testing
      • black-box
        • outside person test to find faults e.g. hacker
      • white-box
        • inside person test to find faults e.g. employee
    • Types of attacks
      • phishing
        • when a criminal sends an email or text message pretending to be a bank or official account to ask for personal information
      • data interception
        • when the cyber-criminal spies on the network traffic and gathers the information they need or alters information as it moves around the system
      • brute force attack
        • a method used to obtain information such as a user password or personal identification number (PIN) through trial and error
      • SQL injection
        • when a cyber-criminal inputs SQL code into an online form to side-step the need to enter a valid user ID or password it is known as SQL injection
      • malware
        • a term to describe a variety of hostile or intrusive software
      • Denial of Service (DoS)
        • when they cyber-criminal sends loads of messages flooding the targeted server with messages to overload the system and stop legitimate customers and users from accessing the server
    • Security solutions
      • firewalls
        • a filter between a network and the internet. it does not stop everything from entering the network bu allows a filtered amount through
      • network policy
        • should include rules for: generating passwords, user access levels, responsibility of training, use of removable media, firewall setting, installing and updating anti-malware software and software patches and details of penetration testing
      • network forensics
        • a specialist area that involves monitoring and examining data to discover the source of security attacks and other illegal activities
      • encryption
        • a method of altering the original message using a secret code that only authorised computers on the network know
      • access rights
        • define who has permission to access data on the computer system

Comments

No comments have yet been made

Similar Computing resources:

See all Computing resources »See all security resources »