Passive - monitoring activity on a network to steal data
active attack - attacking with malware
insider attack - employee steals data
brute force - use a computer program to try hundreds of combinations of user names and passwords
denial-of-service - flooding a network with useless information making the network slow or inaccessible
malware - any malicious software - viruses, worms, Trojans
phishing - fake emails sent to users to get them to reveal things like passwords
people as the ‘weak point’ in secure systems (social engineering)
brute force attacks - computer programs tries thousands of combinations of username/password to try to find right one
denial of service attacks - multiple computers used to flood a network or website with multiple requests so it can't respond to real requests
data interception and theft
SQL injection - SQL code types into a websites input box which gives the hacker access to the underlying database
poor network policy
penetration testing - hackers employed to find weaknesses
network forensics - investigations to find what caused an attack
network policies - rules and procedures organisations follow to try to reduce risk
anti-malware software - software designed to find and kill malware (not just viruses)
firewalls - these block unauthorised access to the network
user access levels - users are limited to what they can access depending on their role. This limits access to sensitive information
passwords - prevent unauthorised users access the system
encryption - data is turned into code. You need the key to access it. Prevents passive attacks