07 - Cyber Security Flashcards
define cybersecurity
processes or technologies designed to protect networks/computers or programs from attack, damage, or unauthorised access
what is a brute force attack (passwords)
guessing the password manually until you get access
why is social engineering preferred by cyber criminals compared to hacking a system?
as it is easier, and people are the ‘weakest’ link
define a cyber threat
any threat to a computer system from an internet source
define hacktivism
the act of hacking or breaking into a computer system for politically or socially motivated purposes
what is the aim of hacktivists?
- to promote their view of thinking/cause
- to challenge organisations/companies who are against their pov
define social engineering
the art of manipulating individuals to break security procedures to give information away
what is blagging?
creating an invented scenario to engage targeted victim to directly give away information (passwords)
give an example of blagging
an employee is called and asked for login details and password to fix a security bug, they give it away, system is hacked
what is phishing?
sending emails (pretending to be a genuine company), to gain personal details
what are signs of a phishing email?
- spelling errors/ bad grammar
- informal writing
- impersonal (dear customer)
- deadline (if you don’t do this then account closes)
- email is unrealistic
what is pharming?
when your computer has been infected so it changes valid hyperlinks to malicious websites
how can you be directed to a pharming website?
- modifying certain files
- hacking domain name server
what is shouldering?
direct observation of a user entering their security details (passwords/pins)
what is another word for shouldering?
shoulder surfing
define malware
software that is designed to disrupt or harm a user’s computer
what does a virus do?
- self-replicates
- cause damage to computer system by corrupting data
- or using all available memory
what does a trojan horse do?
- disguised as harmless file/download
- malware loaded with download
- attack performed once downloaded
describe spyware
(computer program)
- gathers data about people without knowledge
- records key pressers on computer (can gather passwords/ usernames)
describe adware
- inject adverts to websites/ programs on computer
- aim that the creator would generate advertising revenue
- not usually too bad (but can contain worse malware like viruses and spyware)
how do you prevent threats from downloaded software?
- have anti-virus software
- only download from a reputable source
what is penetration testing?
finding out whether there are any security vulnerabilities in a network or system by stimulating potential attacks and reporting vulnerabilities
which kind of penetration testing has knowledge of the internals of the system?
white box testing
what is the role of white box testing?
to stimulate an attack from someone with detailed insider knowledge of the system (rogue employee)
what is the aim of black box testing?
go stimulate a full-on cyber warfare attack
what kind of penetration testing does not have any knowledge of the system?
black box testing
what is black-box testing used to stimulate?
full on cyberwardare attack (flood servers with more requests they can handle)
what is a denial of service attack?
flooding the servers with more requests they can handle
state examples of biometric authentication
fingerprints, iris scanning, facial recognition,
how can an authentication system add extra security?
two-factor authentication
what are email confirmations used for?
- ensure person signed up is using a valid email address
- prevent unnecessary strain on the computer’s servers (mass signing up)
what is CAPTCHA for?
- stop bots from automatically signing up to a website and overloading the server
what is an alternative to penetration testing?
automatic software updates (software is updated every time a new vulnerability is detected) - instead of right at the start
what is the point of a virus?
- slow down computer
- consume memory usage
what is the aim of spyware?
steal your passwords
