3.6 Cyber Security Flashcards
What is Cyber Security?
Cyber Security covers the different processes, practices and technologies the protect the following from attacks, damage or unauthorised access:
-Networks
-Computers
-Programs and data
What is a computer vulnerable to?
Malware (Including viruses)
Social Engineering
Pharming
Misconfigured access rights
Unpatched or outdated software
Removable media
What is a default password?
The password that was set at the point of manufacture on a piece of hardware such as a router
Why are default passwords a potential security risk?
Attackers can easily identify and access internet-connected devices that use shared default-passwords
What is meant by user access levels?
Each user in an organisation is assigned individual access rights, according to their role. This will limit their ability to carry out certain tasks on the network
What happens if user access levels are not configured correctly?
The user will be able to gain access to restricted areas of the network or be able to write to files. This could allow them to view/edit/delete sensitive or confidential information.
What happens when a DNS system is hacked?
When your computer requests for a website such as barclays.co.uk, it asks a DNS (Domain Name System) server for the IP address.
The DNS Server replies with the IP address
If the server has been hacked then the hacker may have changed the website’s IP to a fake one that looks similar to the legitimate one.
You then enter your login details and the hacker steals them from you.
If this was a fake bank then the hacker can now transfer money to themselves.
What is removable media?
Removeable media is any storage device that can be inserted and removed from a computer
Why is removeable media an issue?
Removable media can be used to:
-Steal documents and files from a company
-Introduce malware
What is unpatched software?
Software that has not been updated to close a security flaw(s) which could potentially be exploited by hackers
What is the most important software to update?
-OS (Operating System)
-Antivirus/Anti-malware
What is social engineering?
Manipulating someone to give away personal information
What is blagging (or pretexting)?
Setting up a scenario that encourages someone to give away personal information
How is blagging done?
It makes use of psychological confidence tricks to get the target to give information or do something they wouldn’t do under normal circumstances
What is a pretext?
The scenario which contains personal information (often found on social medial)
What is shouldering/shoulder surfing?
The ability to get information or passwords by observing as someone types them in.
How is phishing done?
Emails, texts or phone calls are sent to users commonly pretending to be from a bank or website
The ‘From’ email address may be forged
The message will contain a link to a website that closely resembles the banks website.
The website will then collet personal information such as:
-Usernames
-Passwords
-Credit Card details
-Other personal information
What are the key things to look out for in a phishing email?
- Greeting: The phishers don’t know your name so the email is not personalised
- The sender’s address is often a variation on a genuine address
- Forged link: The link looks genuine, but it may not link to the website given.
- Request for personal information: Genuine organisations never do this
- Sense of urgency
Poor spelling and grammar
How can you protect yourself against Blagging?
Check the identity of the person you are speaking to
Update social media accounts so that personal information is no longer available
How can you protect yourself against Shouldering?
Cover PIN/Passwords when entering them
Check over your shoulder to see if anyone is around or if there are any cameras/reflective surfaces
Go somewhere private when making personal phone calls
How can you protect yourself against Phishing?
Examine the correspondence carefully, checking out the key features of phishing
Don’t click on links
Go directly to an organisation’s website through a browser
What is malware?
Software that is specifically designed to disrupt, damage or gain unauthorized access to a computer system
What is a virus?
Computer viruses infect computers
Normally attached to an executable file
They replicate their code in other programs
They infect other computers
They harm the computer by deleting, corrupting or modifying files
They cannot spread without human interaction (i.e. running the program)
What is a worm?
Worms are very similar to viruses except that they do not require human interaction to travel and execute.
A work takes advantage of file or information transport features on your system, which allows it to travel unaided.
A worm replicates itself in order to spread to other computers.
They might cause no damage to the attacked computers
They may slow down networks and computers
