3.6 Cyber Security Flashcards

1
Q

What is cyber security

A

Cyber security consists of the processes, practises and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Social engineering is?

+ 3 examples

A

Social engineering is manipulating people into handing over confidential information such as a PIN or password. There are several forms:

  • blagging
  • phishing
  • shouldering
    (–pharming, but is it)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define blagging

A

Blagging is the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Example of blagging

A

For example, a person may receive an email that appears to be from a friend telling them that they’re in trouble and asking them to send money.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What’s phishing

A

Phishing is a technique of fraudulently obtaining private information, often using email or SMS, by pretending to be a business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How to spot phishing (2)

A

They can often look convincing, but may contain spelling errors or URLs that do not match the business’s website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What can phishing emails have (2) - bad

A

When a person clicks on these links and logs in, it sends their username and password to someone who will use it to access their real accounts.
This information might be used to steal a person’s money or identity, or the email may contain malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What to do if receives phishing email

A

Banks will never send emails asking for personal information or usernames and passwords. If someone receives an email that they think might be phishing, they should report it to the business the sender is claiming to be.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What’s shouldering

A

Shouldering is observing a person’s private information over their shoulder eg cashpoint machine PIN numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How shouldering prevented (2)

A

A person can prevent this by using their hand to cover the keypad as they type their PIN, or being aware of people around them when typing in PINs.

Software helps protect against shouldering by masking what is typed, showing an asterisk on the screen instead of the symbol that was entered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What’s pharming

A

Pharming is a cyber attack intended to redirect a website’s traffic to a fake website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What happens when a person logs in to a fake site - pharming

A

When a person logs in, it sends their username and password to someone who will use it to access their real accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

1 way that a pharming cyberattack can redirect traffic from a genuine website to a fake one.

A

One example is if the Domain Name Servers (DNS) of the website, which match the website address with the IP address of the webserver, are hacked and the IP address is changed to become the address of the pharming site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

3 different threats to computer systems include:

A

social engineering
malicious code
human error

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What’s a cyber threat

A

Any risk posed to a computer system from an internet source is considered a cyber threat. These threats are often combined to increase the probability of harm to a system. By taking steps to understand what the potential risks are, people and businesses are able to better protect their systems and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Blagging also known as

A

Pretexting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Shouldering also known as

A

Shoulder surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Malicious code/malware

  • what
  • purpose (2)
A
  • Malicious code is software written to harm or cause issues with a computer.
  • This is also referred to as malware and comes in a number of different forms.
  • In all its forms, the code has been written to either harm or steal data from your computer system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

There are a number of types of malware, which include: (5)

A
viruses
trojans
ransomware
spyware
adware
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What’s a virus

A

A virus is a piece of malware that infects a computer, and then replicates itself to be passed onto another computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Trojan

A

A Trojan appears to be a piece of harmless software, often given away for free, that contains malicious code hidden inside. This only appears once the gifted software is installed. It was named after the Greek myth of the Trojan horse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Ransomeware

A

Ransomware hijacks the data on a computer system by encrypting it and demanding that the owners pay money for it to be decrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

2 - how to protect against ransomware

A

Having up-to-date anti-virus software and educating users to not open suspicious attachments will help protect from ransomware.

24
Q

Spyware

A

Spyware is a type of malware that collects the activity on a computer system and sends the data it collects to another person without the owner being aware.

25
Q

What data can spyware collect

A

If a computer has been infected by spyware, it could be sending back everything that is typed, or the sites that are visited, or even where the user is clicking on their screen.

26
Q

Spyware that records what is being typed is known as a __.

- tell about it

A

Spyware that records what is being typed is known as a keylogger. Keyloggers attempt to find out usernames and passwords by collecting everything that is entered into the system, which allows the hacker to search for personal data.

27
Q

To protect against spyware

A

Most anti-virus software will also look for spyware in the same way as viruses. Specialist anti-spyware software is also available.

28
Q

Adware

A

Adware is software that either causes pop-ups or windows that will not close. Generally, the pop-ups or windows display advertisements.

29
Q

To protect against adware

A

Many anti-virus programs will detect and prevent adware infecting a computer system, but specialist anti-adware programs also exist.

30
Q

List of 7 cyber security threats - on spec

A
  • social engineering
  • malicious code (malware)
  • pharming
  • weak and default passwords
  • misconfigured access rights
  • removable media
  • unpatched and/or outdated software
31
Q

Tell me about weak/default passwords

A

Some of the most common passwords are surprisingly simple. Examples include 123456 and qwerty. Most computer systems will provide a default password when first set up. If these are not changed, this puts computers at risk.

32
Q

There are some simple rules to follow to make it harder for a computer to crack a password:
(5)

A
  • have a password that is six or more characters long
  • include upper and lower letter case letters
  • include numbers
  • include symbols
  • avoid information that may be easy to guess such as relatives’ names or birthdays
33
Q

Another way to make a password more difficult for computers to crack ?

A

Another way to make a password more difficult for computers to crack is to combine multiple random words that have personal significance, but are not related. In the example below, the password could be horseguitar.

34
Q

Tell about misconfigured access rights

A
  • Access rights set up what can and cannot be seen when someone logs into a system.
  • If these are not set up correctly in an email server, a person may be able to see someone else’s emails.
  • If a person accesses an account that they do not have permission to see, they might be breaking the law.
35
Q

What does removable media refer to

A

Removable media refers to storage devices that can be removed from the computer system.

36
Q

4 examples, removable media

A

USB memory sticks
CD-ROMs
DVDs
external hard drives

37
Q

How removable media can lead to cyber security threats

2

A
  • If removable media contain malware, it will attempt to move onto a system when connected to a computer, and then onto any other connected devices.
  • If a computer is connected to others on a network, this could mean that the virus reaches hundreds of machines.
38
Q

What is patching

A

Patching is the process of updating software to fix a problem or add a new feature.

39
Q

How patching can reduce vulnerability of a computer system

A

Many programs will automatically update to make sure they have the latest patches installed. This helps to ensure the program runs correctly and protects the computer from new threats. Most anti-virus software will frequently update itself so that it is able to recognise the latest computer viruses and malware.

These updates will always be one step behind the people creating the malware, but regularly updating and patching software will reduce the vulnerability of a computer system.

40
Q

Problems for a company if a system if breached (2)

A

When a system is breached, this can cause bad financial and reputational damage for the company involved.

41
Q

Define penetration testing (spec)

A

The process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access

42
Q

Aim of penetration techniques

A

Penetration testing uses the same techniques a hacker would try, but the aim is to identify the weaknesses, rather than stealing data or damaging the system.

43
Q

Aim of a white-box penetration threat (spec)

A

To stimulate a malicious insider who has knowledge of and possibly basic credentials for the target system

44
Q

Aim of a black-box penetration threat (spec)

A

To stimulate an external hacking or cyber warfare attack where the attacker has no knowledge of any credentials for the target system

45
Q

Define malware - spec

A

Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software

46
Q

3 forms of malware - spec

A

Computer virus
Trojan
Spyware

47
Q

5 security measures

A
  • biometric measures (particularly for mobile devices)
  • password systems
  • CAPTCHA
  • using email confirmations to confirm a user’s identity
  • automatic software updates
48
Q

The security methods used to access computer accounts are known as factors of authentication. These are ways to prove that people are who they say they are. These factors can be divided into three sections:

A

something a person is - fingerprint or other biometric detail

something a person knows - passwords, PINs, secret answers

something a person has - a phone, a smart card

49
Q

Biometrics.

  • what
  • Examples (2)
A
  • Biometric security makes use of unique physical characteristics and features to identify people when they are using a computer system.
  • This form of security could be a scan of a fingerprint using the sensor built into a button on a mobile phone, or facial recognition to unlock a mobile device.
50
Q

Password

  • it is important to what?
  • what some password systems have, and how this helps
A

Keeping passwords safe is important, especially when the password allows access to sensitive or valuable information.

Some password systems help to keep passwords safe by only asking for certain characters of a password instead of the whole thing. This helps to prevent spyware like keyloggers from stealing passwords.

51
Q

CAPTCHA stands for

A

Completely automated public Turing test to tell computers and humans apart.

52
Q

What captcha forms do? + why

A

CAPTCHA forms challenge humans to prove that they are indeed human. Computers are very good at looking at text and numbers, but people are much better at understanding images.

(This is a way of working out if a user is a human or robot by asking them to identify image features.)

53
Q

Examples of CAPTCHA

  • basic
  • sophisticated
A

Basic CAPTCHA forms often ask people to type in the words they see in a picture.

More sophsicated tests may ask people to solve a puzzle, for example, finding all of the images that contain cats in a gallery of animals.

54
Q

Tell me about email confirmations

  • what
  • its use
A

When a person signs up for a new account, they often receive an email asking them to confirm that they asked for the account to be created by clicking a specific link.

This security feature alerts them that their email is being used to create an account and acts as a way for them to prove their identity to the company they are creating the account with.

55
Q

Automatic software updates
- why
- what this means (does)
—- - if not then

A

By regularly updating the software on a computer, users are as protected as they can possibly be.

Setting automatic updates means a computer system will attempt to install patches or fixes as soon as they are available by searching for them on a regular basis. If this task was left to users, it would be easier for them to forget or ignore the updates.