Beginners Reference Guide to CompSci

Malware is malicious software that is designed to infect a users computer, and disrupt or damage a computer system. Malware is a heading for different types of software:

If you are web-surfing or on a network without proper protection, malware can infect your machine and cause issues for users.

A payload is the malicious activity that a virus executes. This could be causing the system to run slowly, deleting or modifying files, or even tracking user activities such as keyboard inputs.

Phishing is an online fraud technique. A hacker will pretend to be a website that the user wants to access, with an accurate looking login screen. Once the user types in their password, the phishing site saves this information, and redirects the user to the correct website, to make it seem as if nothing had gone awry.

Another method is to spam the user with fake messages, in order to trick them into giving up personal information.

This is often used to commit identity theft.

A brute force attack is a method of trial and error, usually used to try and break into an encrypted file or account. This tries multiple different password combinations to unlock the intended item.

A denial of service attack is when a computer requests packets of data from a server or computer, repeatedly (without the want for data return), so the user cannot connect online (due to the bandwidth being taken up by the other computers). This is useless traffic, that blocks other users from using a service.

A distributed denial of service attack, or DDoS, is when many computer systems request data from the server. This means that it is spread out from across the country. These computer systems are usually compromised machines, via malware, and these are called zombies.

As packets travel across the internet, a “man in the middle” attack can occur. People can “sniff” these packets, intercepting the data before ever reaching the intended recipient. This is eaves-dropping on network traffic, to find personal or sensitive information.

An SQL injection attack is a code injection method, where a user has an input field, and inserts malicious code that will run on the server (due to poorly implemented web traffic). This can sometimes reveal sensitive data.

Malware can spread easily over a computer network. As such, if one machine is infected with malicious code, it can easily look for other computers on a network, and spread. This makes some networking implementations, especially those without any anti-malware protection, vulnerable.

Malware is usually spread by vulnerabilities in software. As such, automatic updates are important to make sure software exploits are patched without user intervention.

Social engineering is the act of preying upon a user, and deceiving them to complete a task, usually to give over personal information. A part of this could be phishing, with malicious websites designed to look official.

The results of these attacks can be extremely negative; identity theft can occur, where a hacker has enough information to impersonate you. This means they can sign up for accounts in your name, including taking loans out, and burning bridges with your contacts. As such, this is an extremely lucritive business for hackers.

For companies, this can cause damage to the brands reputation, whether that be due to a negative impression via an impersonator, or whether that be through damaging relations with key business partners.

Brute force attacks, if done successfully, can give hackers access to personal information. This means that trade secrets can be leaked. Otherwise, key accounts with unsecure passwords can be accessed, allowing access to the entire network.

If a denial of service attack is taking place, then customers won’t be able to access the machine. As such, customers won’t have access to paid resources, causing lost revenue.

Alternatively, on a network, users can lose productivity, if the resource required is not available, leading to downtime.

A companies reputation can be damaged by lack of up-time.

If data is intercepted over a network, key information can be leaked. If a password is intercepted, this gives access to an entire network. Similarly, if trade secrets are transferred, this can lead to brand damage.

Contents of databases can be given to hackers, if the SQL forms are not properly sanitised. This means that private data from these databases can be stolen.

In a similar vein, information in databases can be changed, added or deleted, leading to incorrect or malicious data being used within a system.

Most network insecurities are created from a user as a weak-point; this means that once a virus enters the network, or once one computer has been compromised on a network, the whole network is at risk.

Oftentimes, users do not complete security checkups, leading to weak points that hackers can use:

Proper network policies, and proper user training, can help protect a network.

Penetration testing is when a professional company purposely tests a systems security, to make sure that it is secure.

This allows the company to test the network before being rolled out, meaning any issues can be found and removed prior to the network or software being public.

Network forensics is when an adminitrator monitors the traffic on a network. The data packets are copied at regular intervals, for analysis later. This information can identify any traffic that could be harmful, for instance, analysing where data is being sent and if it is intended.

Policies allow a network administrator to set certain permissions, so that the network is more resilient to threats. For instance:

Anti-malware software is designed to constantly run in the background, and analyse what software is being downloaded and opened. If it detects something malicious, it will block it from executing.

Firewalls block unauthorised packets of data to transfer over the network.

This means that the network is more secure, as only authorized programs can download data, that could be software that may contain compromised code.

User access levels is a method of giving certain users specific permissions. For instance, a standard user on a network should not be able to access operating system files, or install new software. However, a network manager should be able to access most tools, including diagnostic tools.

Implementing different access levels can protect a network. Blocking executable files for standard users can block downloads containing malware. Blocking certain websites for users can stop vulnerabilities from being attacked.

Utilizing strong passwords, that do not have any dictionary words, are long in length, uses letters/numbers/symbols, and are not written down in any easy-to-see areas (for example, not leaving it attached to the monitor with a sticky note).

This means only the correct user can login and modify files, or use installed software.

Encryption is when you hash data, so it is no longer plain text. The user will need a key to decrypt the data into its raw form.

This allows the network to be more secure, as data is not stored in raw text, meaning that if anyone does get hold of the data, they will have to spend time decrypting the data, running either a brute force, or a dictionary attack on the data.