Professional Documents
Culture Documents
- Passive attack = data is monitored whilst it is travelling on a network, any sensitive information if intercepted.
They may use software’s like packet sniffers. – passive attacks = hard to detect, best defence = data encryption
- Active attack = network is attacked with malware – main defence = firewall
- Insider attack = person in an organisation exploits their network access to steal info.
- Brute force = automated software produces possible passwords combinations – defence = locking an account
after multiple failed password attempts
- Denial of service attack (DoS) – hacker tries to stop users from accessing a part of a network. – Most DoS involve
flooding a network with traffic – makes the network slow
SQL injections:
- Networks that use databases are vulnerable to this attack. SQL = structured query language
- SQL injection = pieces of SQL typed into a websites input box – revealing sensitive info
Example:
Website lets you view your account info if u enter your password. – if the websites SQL does not have a strong
input validation, then someone may be able to enter some SQL code that lets them access other people’s
account info.
Penetration testing = Systems are tested for vulnerabilities to reveal any weaknesses in the system which can be
fixed.
Firewall = An application that prevents unauthorised connections to and from the Internet.
User access levels = a large company or school, many people will be using computers on the same network. A
network manager will normally control the level of access people have to the network. General users will not have
the ability to download any software they want or to make changes to any part of the system, as that could affect
other users.
Encryption is the process of encoding data or a message so that it cannot be understood by anyone other than its
intended recipient.