3.6 Cyber Security

Question 1

What is cyber security ?

Answer 1

cyber security is an approach to computer security, covering processes, practises, technology, designed to protect networks, computers, programs and data from attack, damage and unauthorised access

Question 2

What are the different cyber security threats ?

Answer 2

• social engineering
• malicious code
• weak and default passwords
• misconfigured access rights
• removal media
• unpatches or outdated software
• pharming

Question 3

Why are weak and default passwords a cyber security threat ?

Answer 3

• using weak and default passwords on network devices provides an easy way in for hackers

Question 4

Why are misconfigured access rights a cyber security threat ?

Answer 4

As users change roles, access rights are often unmodified, with ‘lower’ access not removed, allowing information leakage

Question 5

Why is removal media a cyber security threat ?

Answer 5

Removable media pose 2 main risk to network security:
- they allow users the bring malware onto the network
- they allows users to take data out of the network

They are also small and easy to lose

Question 6

Why is unpatched or outdated software a cyber security threat?

Answer 6

• Outdated system software, can leave devices vulnerable to attack through known exploits in that software.
• antivirus software must keep up-to-date to be able to provide protection against the latest viruses and malware

Question 7

Why is pharming a cyber security threat ?

Answer 7

Pharming is intended to redirect a websites traffic to a fake website

Question 8

What is the purpose of penetration testing ?

Answer 8

• it is an authorised test performed against a network to test: vulnerabilities by mimicking an attack in order to identify opportunities for improving the security by implementing new polices, practises and technologies

Question 9

What are the 2 types of penetration testing ?

Answer 9

Black box penetration testing:
- simulates an external attack
- no information is given to the hacker about the organisation
- this tests for a way in
White box penetration testing:
- determines what data and systems are accessible to malicious insiders e.g spy or member of staff
- the hacker has knowledge of systems, including login credentials, Wi-Fi passwords

Question 10

What is social engineering ?

Answer 10

Social engineering - the art of manipulating people so that they divulge confidential information, often no matter how sophisticated technical protection is, people are the weak points.

Question 11

What are the different types of social engineering ?

Answer 11

• Blagging(pretexting)
• phishing
• pharming
• shouldering

Question 12

What is blagging(pretexting)

Answer 12

• using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information that would be unlikely in ordinary circumstances.
• basically creating believable circumstances that leads to someone giving away confidential information

Question 13

What is phishing ?

Answer 13

• phishing is the technique of fraudulently obtaining private information, often via email or sms
• involves attempts to convince people to divulge their private information e.g bank details by clicking links which take them to fake versions of websites
• they may threaten negative consequences if victims fail to act, or claim the victims account is at risk to make them panic and increase the likelihood of them clicking links

Question 14

What is shouldering ?

Answer 14

• shouldering is the means of obtaining someone’s private information (such as their bank cards PIN number) by looking over their shoulder
• shouldering requires close proximity to the victim and cannot be carried out remotely

Question 15

What are some way to protect against social engineering ?

Answer 15

1) educate people about the risks and methods of hackers
2) implement effective user access levels
3) use 2 FA
4) don’t reuse the same password and use password managers

Question 16

What is malware ?

Answer 16

Malware - is an umbrella term used to refer to a variety of forms of hostile or intrusive software

Question 17

How can malware be protected against ?

Answer 17

• using antivirus and anti malware software
• keeping operating systems up to date
• educate users about the risk of following linking in phishing emails

Question 18

What are the different types of malware ?

Answer 18

• computer viruses
• trojan
• spyware

Question 19

What is a computer virus ?

Answer 19

viruses are small computer programs, often hidden inside other computer programs (the host program)
- they often cause damage to the host system like deleting files and opening backdoors to allow remote access
- viruses spread when users copy infected files to other devices
- worms are when viruses are written to self-replicate across all devices on a network

Question 20

What is a trojan ?

Answer 20

• Trajan’s are any from of malware disguised as useful software, which users willingly install on their computers
• pretending to be an update to a web browser plug-in is a classic example of a Trojan

Question 21

What is spyware ?

Answer 21

Spyware - gathers information about users and devices without the users knowledge

• this can include: tracking the users location, recording the users screen, activating their webcam
• key logging the process of recording every key press in order to capture login details

Question 22

What are biometric systems ?

Answer 22

biometric systems authenticate or verify an individual’s identity using biophysical data unique to that individual, e.g fingerprint or by recognising their face

Question 23

What are the benefits of biometric systems ?

Answer 23

• no extra devices
• quick to enter
• not vulnerable to shoulder surfing
• difficult to fake
• not able to forget it

Question 24

What are CAPTCHA systems ?

Answer 24

CAPTCHA - stands for: completely automated public turning to tell computers humans apart

• They were designed to protect against automated sign-ups by bots
• Confirms the system is being access by a person not a robot