1. 1.3.2 Identify common types of Social Engineering: Pretexting, Phishing and Vishing Pretexting: Form of social engineering where attackers focus on creating a good pretext, or a fabricated scenario, that they use to try and steal their victims’ personal information. Phishing:Scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. Vishing:known as "voice phishing", is the criminal practice of using social engineering over a telephone system to gain access to private personal information.
2. 1.1.3 Types of Security Threats • unstructured threats -Inexperienced individuals using easily available hacking tools • structured threats - Hackers that are more highly motivated and technically competent . • external threats -Arise from individuals or organizations working outside of a company. • internal threats-Someone has authorized access to the network with either an account on a server or physical access to the network.
3. 1.3 Methods of security attack Reconnaissance Attack - An adversary (enemy) tries to learn information about your network.Unauthorized information gathering on network system and network services. Access Attack -Someone tries to gain unauthorized access to a component, tries to gain unauthorized access to information on a component, or increases their privileges on a network component. Denial of Service attack- Disables the network by flooding useless network traffic. Distributed Denial of Service (DDOS)-Attack utilises many computers and many connections.known as a botnet (zombie army).
4. 1.1.2 Goals of Security: Confidentiality; Integrity; Availability Confidentiality:Only approved individuals are able to access important information. Integrity:Ensures information is correct and no unauthorized person or malicious software has altered the data. Availability:Ensuring timely and reliable access to and use of information.
5. Malicious Code Attack-Program that inserted onto a host to damage a system, corrupt a system, replicate itself or deny services or access to networks systems or services. • Malicious code attacks refers to viruses, worms, Trojan horses, logic bombs, and other uninvited software.
6. 1.1.1 Information Security: Information security is frequently used to describe the tasks of securing information that is in a digital format.Goal of information security: Is to ensure that protective measures are properly implemented to defend against attacks and prevent the total collapse of the system when a successful attack does occur.
