Computing - System Security (OCR 1.6) - Flashcards in GCSE Computing

What is blagging?

Blagging is an example of social engineering where the criminal contacts the victim (face-to-face or by telephone or by computer) and invents a scenario to get the victim to divulge information, such as pretending to be a bank employee

1 of 26

What is phishing?

Phishing is an example of social engineering where the fraudster send emails claiming to be from a financial institution or e-commerce site to find out your personal and financial information.

2 of 26

What is shouldering?

Shouldering is an example of social engineering finding login names, passwords, PIN numbers by direct observation – looking over the victims shoulder.

3 of 26

Define malware

Malware is malicious software and is designed to gain unauthorised access to a computer system in order to disrupt its functioning or collect information without the user’s knowledge.

4 of 26

Give some examples of how to prevent attacks

Install latest security updates; install antivirus (anti-spyware / adware removal) software and check it is constantly updated; install a firewall to ensure software isn’t downloaded without your knowledge; ensure the operating system is up to date.

5 of 26

What is pharming?

Pharming uses malware to change the IP address of the domain name in the DNS cache ( which holds IP addresses of previously visited websites) to direct the user to a bogus site when the user attempts to visit a site.

6 of 26

Define Virus

A Virus is a computer program that is hidden within another program or file. It can replicate itself and insert itself into other programs or files, spreading by a user to other computers. It has a harmful effect like deleting data.

7 of 26

What is a worm?

A worm is malware which has an independent existence. It makes copies of itself and can travel to other computers without human action e.g. through a network, consuming bandwidth affecting network performance.

8 of 26

What is a Trojan?

A Trojan is malware so called because it disguises itself as something legitimate. It does not replicate itself. It is installed by a user who thinks they are installing good software or by opening an email attachment.

9 of 26

What is a brute force attack?

A trial-and- error method of obtaining login names and passwords to allow a hacker to access a network. It can be automated to guess combinations very quickly.

10 of 26

What is a DoS attack?

A type of attack designed to make a website or network grind to a halt by flooding it with requests. The criminals may use malware to take control of lots of computers (zombies) to all send login requests at the same time.

11 of 26

What is data interception?

Criminals use ‘packet sniffers’ to intercept, analyse and decode packets being send across a network. Criminals then steal sensitive data like logins, passwords and PINs

12 of 26

What is an SQL injection?

Websites use databases to store user’s data. A user types in their username and password on a site and this is sent in an SQL command to check the username and password and login. This can be hijacked to extract user info.

13 of 26

What is a zero-day attack?

When new software is released it may have a security fault and this hole can be exploited by a hacker. The day the hole is discovered is known as ‘day zero’ and the is a race between hackers to exploit it and the software developers to fix it.

14 of 26

Give some examples of Physical Security

CCTV, burglar alarms, chains & locks to equipment or RFID tags to the equipment.

15 of 26

How can a company improve user security?

Network access controls set so users’ access rights restrict what files they can Read, Update and Delete. Adopt good password policy

16 of 26

Define Encryption

Encryption is the scrambling of data into a form such that it cannot be understood by any unauthorised people.

17 of 26

What is public/private key encryption?

All users have a public and private key. The public key is available to all but the private key is only known to the owner. messages are encrypted with B’s public key and then decrypted using the B’s private key when the message is received.

18 of 26

What is a firewall?

Firewalls are hardware and/or software that protect against unauthorised access to a network from the Internet and can prevent programs/users from accessing parts of the Internet from within the network. What is a f

19 of 26

Define network forensics

the monitoring, recording and analysis of network events to help guard against attacks on the security of the network

20 of 26

Define network policy

Network administrators need policies and procedures to prevent problems and to recover from problems should they occur. E.g. Acceptable Use Policy, Backup Policy, Disaster recovery policy

21 of 26

What is an acceptable use policy?

a set of conditions or rules that a network user must agree to comply with before they are allowed to use the network.

22 of 26

Give some examples of acceptable use policy

‘Users must not install software’; ‘must not use their own devices on the network;’ must not attempt to by-pass security’; must comply with the Law’ etc.

23 of 26

Give some important points when forming a backup policy

***

24 of 26

What is a Disaster Recovery Policy?

A Disaster Recovery Policy is a set of procedures to be followed in the event of a natural or man-made disaster.

25 of 26

What is penetration testing?

Penetration testing tests a computer system or network to find vulnerabilities that an attacker could exploit. It is needed to see how effective an organisation’s security controls are.

26 of 26

Get Revising

Computing - System Security (OCR 1.6)

Other cards in this set

Card 2

Front

Back

Card 3

Front

Back

Card 4

Front

Back

Card 5

Front

Back

Comments

Similar Computing resources:

Other cards in this set

Card 2

Front

Back

Card 3

Front

Back

Card 4

Front

Back

Card 5

Front

Back

Comments

Related discussions on The Student Room

Similar Computing resources: