- [Craig] In this sequence of videos, we explore network security and the variety of threats to computers and servers today. What are the forms of attack, what is the threat and how can you identify and prevent vulnerabilities? (uplifting piano jingle) So, in this specific video, we outline all the different forms of attack. It's not intended to be an extensive list but the specific examples that examiners are looking for at GCSE. These include malware, phishing, brute-force attacks, denial of service, data interception and theft, and SQL injection. Malware is software written to infect computers and commit crimes such as fraud and identity theft, and it has become big business in the cyber underworld. As a result, if you use a computer for web surfing, shopping, banking, email, instant messaging and gaming without proper protection, you are putting yourself at high risk of being victimised. By exploiting vulnerabilities in operating systems and browsers, malware can sneak malicious trojan horse programs onto unsecured PCs. Unsuspecting and unprotected users can also download trojans thinking they're legitimate games, music players, movies and greeting card files. Trojans can also lurk in files shared between friends, family and co-workers using peer-to-peer file sharing networks. Trojans have traditionally hidden in worms and viruses spread by email, but they're increasingly showing up in instant messages and mobile phones. Organised crime rings have devised new ways of delivering trojans, and consumers must stay informed of the latest tricks. Phishing is an online fraud technique used by criminals to entice you to disclose personal information such as usernames, passwords and credit card details by disguising themself as a trustworthy entity in electronic communication. It's the fastest-rising ongoing crime method used for stealing personal financial information and perpetrating identity theft. Phishers use many different tactics to lure you including email and websites that resemble well-known, trusted institutions. A common phishing practice involves spamming recipients with a fake message under the name of a trusted source. The purpose of this fake message is to trick you into providing your personal information. Brute-force attacks are a trial-and-error method used by programs to decode encrypted data such as passwords or data encryption standard keys through exhaustive effort rather than employing any sort of intellectual strategy or algorithm. A denial-of-service attack is flooding a server with useless traffic, causing the servers to become overloaded and preventing them from responding to legitimate client-server requests. Many DoS attacks such as the ping of death and the teardrop attacks exploited limitations in the TCP-IP protocols. DDoS is a type of attack where multiple compromised systems, which are known as zombies, are often infected with a trojan. They are then used to target a single system, causing a denial-of-service attack. With data interception and theft, an attacker monitors a data stream to or from a target in order to gather sensitive information. This attack usually involves sniffing network traffic. Sniffing or eavesdropping is the act of monitoring traffic on the network for data such as plain-text passwords or configuration information. With a simple packet-sniffer program, an attacker can easily read all of your plain-text traffic. SQL injection is a code injection technique used to attack data-driven applications. If a database application has not been coded in a secure way then code can be entered into input text boxes and will then be executed by the server. So, here on the screen is a summary of the forms of attack we've just talked about; malware, phishing, brute force, data interception and theft, and SQL injection. (uplifting piano jingle)