Understanding and Preventing Malware

Questions and Answers

Which of the following actions is LEAST likely to protect against malware infections?

• Regularly backing up your files.
• Enabling automatic operating system updates.
• Disabling your spam filter to ensure you receive all emails. (correct)
• Installing a firewall and anti-virus software.

How do cybercriminals typically employ phishing techniques?

• By disguising themselves as trustworthy entities to trick users into revealing personal information. (correct)
• By directly hacking into bank servers.
• By physically installing malware on users' computers.
• By exploiting vulnerabilities in network routers.

What is the defining characteristic of a brute force attack?

• Using sophisticated algorithms to bypass security measures.
• Systematically attempting all possible combinations to crack encrypted data. (correct)
• Tricking users into divulging their passwords.
• Exploiting known software vulnerabilities.

How does a Denial of Service (DoS) attack typically impact a targeted server?

It floods the server with excessive traffic, preventing it from responding to legitimate requests. (D)

Which measure is MOST effective in preventing data interception during network communication?

Using strong data encryption methods. (A)

What is the primary goal of SQL injection attacks?

To gain unauthorized access to and manipulate database contents. (C)

In the context of security, why are people often considered the 'weak point' in secure systems?

They are easily manipulated through social engineering tactics. (B)

Which security measure can best mitigate the risk of a brute force attack succeeding?

Using complex passwords in conjunction with an account lockout policy. (B)

What is the MOST immediate consequence of a successful Denial of Service (DoS) attack on an e-commerce website?

The website becomes slow or inaccessible, leading to potential revenue loss. (C)

Which practice offers the BEST protection against SQL injection vulnerabilities in a web application?

Validating and sanitizing all user inputs before querying the database. (D)

What is the primary difference between a virus and a Trojan horse?

A virus replicates itself to spread to other computers, while a Trojan disguises itself as legitimate software. (A)

How can companies MOST effectively mitigate the risk of employees being exploited through phishing attacks?

By providing regular security awareness training to recognize phishing attempts. (A)

Which of the following is the MOST effective measure to prevent data theft from lost or stolen laptops?

Encrypting the laptop's hard drive. (A)

Why is 'input validation' crucial in preventing SQL injection attacks?

It filters out malicious code inserted into input fields. (C)

What is the role of a 'packet filter' in preventing Denial of Service (DoS) attacks?

It identifies and blocks malicious or malformed network packets. (B)

Which of the following is an example of social engineering?

Tricking an employee into divulging their password over the phone. (C)

What is the primary purpose of using virtual private networks (VPNs) in preventing data interception?

To encrypt network traffic and mask the user's IP address. (B)

To effectively defend against malware, why is it important to update your operating system regularly?

Updates provide the latest security patches, which helps to resolve known vulnerabilities. (D)

What is the main goal of a 'network lockout policy' in preventing brute-force attacks?

To temporarily disable an account after a specified number of failed login attempts. (B)

A company suffers frequent website crashes due to sustained high traffic volumes. Which security measure would BEST address this issue?

Implementing a content delivery network (CDN) and DDoS mitigation services. (D)

Flashcards

Malware

Software designed to infect computers and facilitate cybercrimes like fraud and identity theft.

Trojan Horse

Malicious programs disguised as legitimate files (games, etc.) that can compromise your computer.

Phishing

An online fraud technique used to trick individuals into revealing personal information.

Brute Force Attack

A trial and error method used to decode encrypted data by exhaustively trying all possible combinations.

Denial of Service (DoS) attack

An attack that floods a server with useless traffic to prevent legitimate requests from being processed.

Distributed Denial of Service (DDoS)

A DoS attack using multiple compromised systems to target a single system.

Data Interception

Monitoring data streams to or from a target to gather sensitive information.

SQL Injection

A code injection technique used to attack data-driven applications by inserting malicious SQL code.

Social Engineering

Exploiting human psychology to gain access to systems or information.

Firewall

Security software that monitors and controls incoming and outgoing network traffic.

Network lockout policy

A security measure that automatically blocks user accounts after a specified number of failed login attempts.

Challenge response tests (e.g., reCAPTCHA)

A test to differentiate human and machine input, typically involving distorted text or images.

Network Forensics

A technique for examining network traffic to identify security incidents and collect digital evidence.

Penetration Testing

A method of evaluating the security of a computer system by simulating attacks.

Validation of input fields

The process of verifying the integrity and format of user-supplied data to prevent malicious input.

Using Parameterised Queries

A technique to securely pass parameters to SQL queries, preventing SQL injection attacks.

Using database permissions

Controlling access rights to database objects like tables and views.

Spam Filter

A program to detect and block unwanted unsolicited email.

Study Notes

• Malware is software designed to infect computers and facilitate cybercrimes like fraud and identity theft.

Malware Risks

• Web surfing, online shopping, banking, email, instant messaging, and gaming without protection greatly increases the risk of being victimized by malware.
• Malware exploits operating system and browser vulnerabilities to install malicious Trojan horse programs.
• Trojans can be disguised as legitimate files (games, music, etc.) or spread through file sharing networks.
• Trojans are increasingly found in instant messages and mobile phones, not just email.

Effects of Malware

• Computer crashes, spontaneous reboots, or unexplained slowdowns can occur.
• Worm infections can slow down internet connections.
• Files may be deleted, corrupted, or encrypted.
• Keylogging malware records keystrokes, allowing hackers to steal passwords and access accounts.

Preventing Malware

• Use strong security software, including firewalls, spam filters, anti-virus, and anti-spyware programs.
• Enable operating system updates.
• Train staff to be cautious about opening attachments.
• Regularly back up files.

Phishing Explained

• Phishing is a fraudulent technique where criminals pose as trustworthy entities in electronic communications to steal personal information.
• It's a rapidly growing method for stealing financial information and committing identity theft.
• Phishers use emails and websites that mimic legitimate institutions.

Effects of Phishing

• Phishers can access accounts, withdraw money, or make purchases.
• They may open new accounts in the victim's name for fraudulent purposes.
• Phishing can lead to access of high-value corporate data.
• Reputational damage can occur since financial damage can blacklist institutions.

Preventing Phishing

• Employ strong security software (firewall, spam filter, anti-virus, anti-spam).
• Educate staff to recognize fake websites and emails.
• Train staff never to disclose personal or financial information.
• Disable pop-ups.

Brute Force Attacks

• A brute force attack attempts to decode encrypted data, like passwords, through trial and error.

Effects of Brute Force Attacks

• Data theft and unauthorized access to corporate systems can result.

Preventing Brute Force Attacks

• Implement network lockout policies that limit login attempts.
• Use software with progressive delays after failed attempts.
• Train staff to create strong passwords with symbols and numbers.
• Use challenge-response tests like reCAPTCHA.

Denial of Service (DoS) Attacks

• A DoS attack floods a server with useless traffic, preventing it from responding to legitimate requests.
• Distributed Denial of Service (DDoS) attacks use multiple compromised systems to target a single system.

Effects of DoS Attacks

• Revenue losses occur from downtime.
• Productivity is lost when critical network systems are shut down.
• Reputation damage occurs if customers cannot access a site or experience a data breach.

Preventing DoS Attacks

• Implement strong security software (firewall).
• Use packet filters on routers.
• Properly configure the web server.
• Employ good network policies, including audits, logs, and monitoring.

Data Interception and Theft

• Attackers monitor data streams to gather sensitive information, often by sniffing network traffic.
• Sniffing involves monitoring network traffic for data, such as passwords.

Effects of Data Interception and Theft

• Usernames and passwords can be discovered.
• Unauthorized system access is granted.
• Corporate data may be disclosed or stolen.

Preventing Data Interception and Theft

• Use strong encryption.
• Use virtual private networks (VPNs).
• Train staff on password security, locking computers, and using portable storage devices securely.
• Employ network forensics.

SQL Injection

• SQL injection is a code injection technique targeting data-driven applications.
• Attackers can inject code into text boxes that is then executed by the server.

Effects of SQL Injection

• Database contents can be exposed.
• Data can be modified or deleted.
• Rogue records can be added.

Preventing SQL Injection

• Validate input fields.
• Use parameterized queries.
• Use database permissions.
• Conduct penetration testing.

People as the Weak Point (Social Engineering)

• Security risks stem from:
  • Not logging off or locking computers and doors.
  • Improper use of memory sticks and portable storage media.
  • Loss or theft of laptops.
  • Weak passwords.
  • Lack of awareness about phishing.
  • Failure to conduct network forensics or penetration testing.
  • Not installing updates to anti-malware and operating systems.
  • Poor server and firewall configuration.