12936700
Description
Mind Map by Casey Morris, updated more than 1 year ago
|
|
Created by Casey Morris
about 6 years ago
|
|
1.6 System Security
- Forms of
Attack
- Malware
- Brute Force
- Trial and error is a brute force
attempt to access a computer
system.
- Trial and error is a brute force
attempt to access a computer
system.
- Phising
- Denial
Of
Service
- It is a type of attack when multiple
compromised systems which are often
infected with trojan and uses it to target a
single system.
- It is a type of attack when multiple
compromised systems which are often
infected with trojan and uses it to target a
single system.
- SQL
injection
- Data interception
and theft
- Data interception and theft is a hacker has stole data from a
computer. They can do this by tapping a connection, intercepting
wireless traffic, or plugging into a network and monitoring traffic.
- Data interception and theft is a hacker has stole data from a
computer. They can do this by tapping a connection, intercepting
wireless traffic, or plugging into a network and monitoring traffic.
- Malware
- Phising is usually disguised as a used popular
website or spammed messages so you provide your
email address and other personal details. It pretends
to be trustworthy.
- Encryption
- where data is translated into code
so that only authorised users, or
users with the key can decrypt it.
- where data is translated into code
so that only authorised users, or
users with the key can decrypt it.
- Encryption
- What is system
security and
cyber attacks?
- A cyber attack is an attempt to gain
unauthorised access to or control of a
computer and the network which it is
connected to
- Security is a set of
measures taken to
protect a computer
from harm to the
data and software.
- A cyber attack is an attempt to gain
unauthorised access to or control of a
computer and the network which it is
connected to
- Reasons for Network security
- Confidental data
- Data Theft
- Data Loss
- Data Changes
- Legal obligations
- Confidental data
- Worms are a network
threat as they are hard to
get rid of as they copy
themselves over networks to
external storage and other
computers
- Spyware collects your information
and sends it to somebody.
- A keylogger can be either hardware or software. It is designed to
record every key that is pressed on a keyboard, therefore giving
access to all the data that is entered into a computer such as
usernames, passwords or websites visited.
- A trojan is a program which
is designed to deliberately
trick a user in to downloading
and installing malicious
software.
- Identifying and
preventing
vulnerabilities
- Passwords
- Encryption
- Firewalls
- Network
policies
- Network forensics
- Penetration testing
- User access levels
- Passwords
- Social Engineering
- Relies on human interaction
- Commonly involves tricking
users into breaking normal
security procedures
- Relies on human interaction
- Malware
- It is malicious software that
causes identify theft,
financial loss and
permanent file deletion.
- It is malicious software that
causes identify theft,
financial loss and
permanent file deletion.
- Virus
- A virus harms your computer in some way. It
usually deletes or begins altering files and
stops programs from running.
- Around 82,00 viruses are made each day
- Can affect all components of an
operating system
- Around 82,00 viruses are made each day
- A virus harms your computer in some way. It
usually deletes or begins altering files and
stops programs from running.
- DDOS
- Overloads a website
with unwanted traffic
- Overloads a website
with unwanted traffic
- The effects of a successful
attack
- Execute queries, exposing
data
- Delete
data
- Altering data, resulting
in data integrity issues
- Bypass
authentication
procedures and
impersonate
specific user
- Execute queries, exposing
data
- Anti malware
software
- Software with the aim of preventing
malware from entering the system.
- Software with the aim of preventing
malware from entering the system.
- Firewalls
- Software that performs a
'barrier' between a
potential attack and the
computer system
- Monitor application and
network usage
- Can be held on a server, or a
standalone computer
- Software that performs a
'barrier' between a
potential attack and the
computer system
- Network Policies
- Defines how a system can be
secured through specific rules or
requirements.
- Explains how particular a user should access
and treat a system
- Defines how a system can be
secured through specific rules or
requirements.
- User Access Levels
- also known as system access rights
- allows a system
administrator to set up a
hierarchy of users.
- Lower level users would have
access to limited information and
settings.
- Higher level users can access
the most sensitive data on the
system
- also known as system access rights
- Biometric security
- Can be used in
addition to 'standard'
password entry
- Examples - retina scan,
fingerprint, voice and facial
recognition.
- Can be used in
addition to 'standard'
password entry
- SQL
injection
- attacks could access
systems containing
customer data, intellectual
property and other
sensitive information
- Malicious code to be user in an SQL
query when it is run in order for the
injection attack to take place.
- attacks could access
systems containing
customer data, intellectual
property and other
sensitive information
- Network Forensics
- A branch of digital
forensics
- Covers the forensic
investigation of networks and
their devices attached to them
- primarily involves the
examination of data
sent across a network
- May involve the user of
various forensic techniques
including 'packet sniffing'
- Packet sniffing involves the interception
of packets across the network
- Packet sniffing tools
can help users
understand what is
being sent around the
network at the time.
- Packet sniffing tools
can help users
understand what is
being sent around the
network at the time.
- Packet sniffing involves the interception
of packets across the network
- A branch of digital
forensics
- Penetration Testing
- Tests performed under a
controlled environment by a
qualified person
- Checks for current vulnerabilities and explores
potential ones in order to expose weaknesses in
the system so they cannot be maliciously
exploited.
- Tests performed under a
controlled environment by a
qualified person
Want to create your own Mind Maps for free with GoConqr? Learn more.