3.6 Cyber Security

Question 1

What is cyber security

Answer 1

Cyber security consists of the processes, practises and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access

Question 2

Social engineering is?

+ 3 examples

Answer 2

Social engineering is manipulating people into handing over confidential information such as a PIN or password. There are several forms:

• blagging
• phishing
• shouldering
  (–pharming, but is it)

Question 3

Define blagging

Answer 3

Blagging is the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.

Question 4

Example of blagging

Answer 4

For example, a person may receive an email that appears to be from a friend telling them that they’re in trouble and asking them to send money.

Question 5

What’s phishing

Answer 5

Phishing is a technique of fraudulently obtaining private information, often using email or SMS, by pretending to be a business

Question 6

How to spot phishing (2)

Answer 6

They can often look convincing, but may contain spelling errors or URLs that do not match the business’s website.

Question 7

What can phishing emails have (2) - bad

Answer 7

When a person clicks on these links and logs in, it sends their username and password to someone who will use it to access their real accounts.
This information might be used to steal a person’s money or identity, or the email may contain malware.

Question 8

What to do if receives phishing email

Answer 8

Banks will never send emails asking for personal information or usernames and passwords. If someone receives an email that they think might be phishing, they should report it to the business the sender is claiming to be.

Question 9

What’s shouldering

Answer 9

Shouldering is observing a person’s private information over their shoulder eg cashpoint machine PIN numbers.

Question 10

How shouldering prevented (2)

Answer 10

A person can prevent this by using their hand to cover the keypad as they type their PIN, or being aware of people around them when typing in PINs.

Software helps protect against shouldering by masking what is typed, showing an asterisk on the screen instead of the symbol that was entered.

Question 11

What’s pharming

Answer 11

Pharming is a cyber attack intended to redirect a website’s traffic to a fake website.

Question 12

What happens when a person logs in to a fake site - pharming

Answer 12

When a person logs in, it sends their username and password to someone who will use it to access their real accounts.

Question 13

1 way that a pharming cyberattack can redirect traffic from a genuine website to a fake one.

Answer 13

One example is if the Domain Name Servers (DNS) of the website, which match the website address with the IP address of the webserver, are hacked and the IP address is changed to become the address of the pharming site.

Question 14

3 different threats to computer systems include:

Answer 14

social engineering
malicious code
human error

Question 15

What’s a cyber threat

Answer 15

Any risk posed to a computer system from an internet source is considered a cyber threat. These threats are often combined to increase the probability of harm to a system. By taking steps to understand what the potential risks are, people and businesses are able to better protect their systems and data.

Question 16

Blagging also known as

Answer 16

Pretexting

Question 17

Shouldering also known as

Answer 17

Shoulder surfing

Question 18

Malicious code/malware

• what
• purpose (2)

Answer 18

• Malicious code is software written to harm or cause issues with a computer.
• This is also referred to as malware and comes in a number of different forms.
• In all its forms, the code has been written to either harm or steal data from your computer system.

Question 19

There are a number of types of malware, which include: (5)

Answer 19

viruses
trojans
ransomware
spyware
adware

Question 20

What’s a virus

Answer 20

A virus is a piece of malware that infects a computer, and then replicates itself to be passed onto another computer.

Question 21

Trojan

Answer 21

A Trojan appears to be a piece of harmless software, often given away for free, that contains malicious code hidden inside. This only appears once the gifted software is installed. It was named after the Greek myth of the Trojan horse.

Question 22

Ransomeware

Answer 22

Ransomware hijacks the data on a computer system by encrypting it and demanding that the owners pay money for it to be decrypted.

Question 23

2 - how to protect against ransomware

Answer 23

Having up-to-date anti-virus software and educating users to not open suspicious attachments will help protect from ransomware.

Question 24

Spyware

Answer 24

Spyware is a type of malware that collects the activity on a computer system and sends the data it collects to another person without the owner being aware.

Question 25

What data can spyware collect

Answer 25

If a computer has been infected by spyware, it could be sending back everything that is typed, or the sites that are visited, or even where the user is clicking on their screen.

Question 26

Spyware that records what is being typed is known as a __.

- tell about it

Answer 26

Spyware that records what is being typed is known as a keylogger. Keyloggers attempt to find out usernames and passwords by collecting everything that is entered into the system, which allows the hacker to search for personal data.

Question 27

To protect against spyware

Answer 27

Most anti-virus software will also look for spyware in the same way as viruses. Specialist anti-spyware software is also available.

Question 28

Adware

Answer 28

Adware is software that either causes pop-ups or windows that will not close. Generally, the pop-ups or windows display advertisements.

Question 29

To protect against adware

Answer 29

Many anti-virus programs will detect and prevent adware infecting a computer system, but specialist anti-adware programs also exist.

Question 30

List of 7 cyber security threats - on spec

Answer 30

• social engineering
• malicious code (malware)
• pharming
• weak and default passwords
• misconfigured access rights
• removable media
• unpatched and/or outdated software

Question 31

Tell me about weak/default passwords

Answer 31

Some of the most common passwords are surprisingly simple. Examples include 123456 and qwerty. Most computer systems will provide a default password when first set up. If these are not changed, this puts computers at risk.

Question 32

There are some simple rules to follow to make it harder for a computer to crack a password:
(5)

Answer 32

• have a password that is six or more characters long
• include upper and lower letter case letters
• include numbers
• include symbols
• avoid information that may be easy to guess such as relatives’ names or birthdays

Question 33

Another way to make a password more difficult for computers to crack ?

Answer 33

Another way to make a password more difficult for computers to crack is to combine multiple random words that have personal significance, but are not related. In the example below, the password could be horseguitar.

Question 34

Tell about misconfigured access rights

Answer 34

• Access rights set up what can and cannot be seen when someone logs into a system.
• If these are not set up correctly in an email server, a person may be able to see someone else’s emails.
• If a person accesses an account that they do not have permission to see, they might be breaking the law.

Question 35

What does removable media refer to

Answer 35

Removable media refers to storage devices that can be removed from the computer system.

Question 36

4 examples, removable media

Answer 36

USB memory sticks
CD-ROMs
DVDs
external hard drives

Question 37

How removable media can lead to cyber security threats

2

Answer 37

• If removable media contain malware, it will attempt to move onto a system when connected to a computer, and then onto any other connected devices.
• If a computer is connected to others on a network, this could mean that the virus reaches hundreds of machines.

Question 38

What is patching

Answer 38

Patching is the process of updating software to fix a problem or add a new feature.

Question 39

How patching can reduce vulnerability of a computer system

Answer 39

Many programs will automatically update to make sure they have the latest patches installed. This helps to ensure the program runs correctly and protects the computer from new threats. Most anti-virus software will frequently update itself so that it is able to recognise the latest computer viruses and malware.

These updates will always be one step behind the people creating the malware, but regularly updating and patching software will reduce the vulnerability of a computer system.

Question 40

Problems for a company if a system if breached (2)

Answer 40

When a system is breached, this can cause bad financial and reputational damage for the company involved.

Question 41

Define penetration testing (spec)

Answer 41

The process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access

Question 42

Aim of penetration techniques

Answer 42

Penetration testing uses the same techniques a hacker would try, but the aim is to identify the weaknesses, rather than stealing data or damaging the system.

Question 43

Aim of a white-box penetration threat (spec)

Answer 43

To stimulate a malicious insider who has knowledge of and possibly basic credentials for the target system

Question 44

Aim of a black-box penetration threat (spec)

Answer 44

To stimulate an external hacking or cyber warfare attack where the attacker has no knowledge of any credentials for the target system

Question 45

Define malware - spec

Answer 45

Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software

Question 46

3 forms of malware - spec

Answer 46

Computer virus
Trojan
Spyware

Question 47

5 security measures

Answer 47

• biometric measures (particularly for mobile devices)
• password systems
• CAPTCHA
• using email confirmations to confirm a user’s identity
• automatic software updates

Question 48

The security methods used to access computer accounts are known as factors of authentication. These are ways to prove that people are who they say they are. These factors can be divided into three sections:

Answer 48

something a person is - fingerprint or other biometric detail

something a person knows - passwords, PINs, secret answers

something a person has - a phone, a smart card

Question 49

Biometrics.

• what
• Examples (2)

Answer 49

• Biometric security makes use of unique physical characteristics and features to identify people when they are using a computer system.
• This form of security could be a scan of a fingerprint using the sensor built into a button on a mobile phone, or facial recognition to unlock a mobile device.

Question 50

Password

• it is important to what?
• what some password systems have, and how this helps

Answer 50

Keeping passwords safe is important, especially when the password allows access to sensitive or valuable information.

Some password systems help to keep passwords safe by only asking for certain characters of a password instead of the whole thing. This helps to prevent spyware like keyloggers from stealing passwords.

Question 51

CAPTCHA stands for

Answer 51

Completely automated public Turing test to tell computers and humans apart.

Question 52

What captcha forms do? + why

Answer 52

CAPTCHA forms challenge humans to prove that they are indeed human. Computers are very good at looking at text and numbers, but people are much better at understanding images.

(This is a way of working out if a user is a human or robot by asking them to identify image features.)

Question 53

Examples of CAPTCHA

• basic
• sophisticated

Answer 53

Basic CAPTCHA forms often ask people to type in the words they see in a picture.

More sophsicated tests may ask people to solve a puzzle, for example, finding all of the images that contain cats in a gallery of animals.

Question 54

Tell me about email confirmations

• what
• its use

Answer 54

When a person signs up for a new account, they often receive an email asking them to confirm that they asked for the account to be created by clicking a specific link.

This security feature alerts them that their email is being used to create an account and acts as a way for them to prove their identity to the company they are creating the account with.

Question 55

Automatic software updates
- why
- what this means (does)
—- - if not then

Answer 55

By regularly updating the software on a computer, users are as protected as they can possibly be.

Setting automatic updates means a computer system will attempt to install patches or fixes as soon as they are available by searching for them on a regular basis. If this task was left to users, it would be easier for them to forget or ignore the updates.