5.3 cyber security Flashcards
1
Q
Brute-Force Attack
A
- a trial-and-error method used to crack passwords by trying every possible combination until the correct one is found
- Can be carried out manually or automatically by software
2
Q
Aim of Brute-Force Attack
A
Steal/view/access data
Delete data
Change data
3
Q
Solution for Brute force attack
A
- Use stronger passwords with more characters and symbols (strong/complex passwords)
- Setting a limit for login attempts
4
Q
Data Interception
A
This involves stealing data by tapping into a wired or a wireless transmission line
5
Q
Data Interception aim
A
steal sensitive information, such as passwords, credit card numbers, or personal data for personal gain
6
Q
Data Interception is done by Packet Sniffing
HOWWWW? -
A
Uses Packet sniffers to examine packets sent over a line, all the data collected is sent back to the attacker
7
Q
How to prevent data interception?
A
Encryption
strong Passwords
firewall
8
Q
What does DDoS stand for?
A
Distributed Denial of Service (DDoS) Attack
9
Q
DDos definition (4marks)
A
- A DDoS attack is where multiple computers are used as bots
- They flood a server with lots of requests at the same time which the server can’t respond to; causing it to crash or become unavailable to users
10
Q
Aim of DDos
A
to disrupt the normal functioning of a system or network by denying users access
11
Q
How can u prevent a DDoS attack?
A
firewall OR proxy server
12
Q
Hacking
A
the act of gaining illegal access to a computer system without the user’s permission.
13
Q
Effect of Hacking (what happens)
A
data can be deleted, passed on, changed or corrupted
14
Q
How to prevent Hacking
A
- Firewalls
- Strong passwords/ user IDs
- Use of anti-hacking software
15
Q
Malware
A
Malware is malicious software
16
Q
VIrus
A
- is a malware that attaches itself to a legitimate program or file and then
- replicates itself to spread to other programs or files on the computer.
- It can cause damage to the system, including deleting data or damaging hardware and causing it to malfunction
17
Q
Where viruses are found and how to prevent them
A
- On email attachments, infected software or websites.
Prevention:
* run up-to-date virus checkers.
* use a firewall
* use a proxy server
* Dont download unoriginal software,
* dont click on unknown links
18
Q
Worms
A
- is similar to a virus but is a standalone program that can spread and replicate itself over computer networks.
- takes up storage space
- with the intention of corrupting the entire network
19
Q
How to prevent worms (1)
A
Run up-to-date anti-virus programs.
20
Q
Difference between worms and viruses
A
Viruses require active hosts and for each end user to initiate the virus, worms dont
21
Q
Trojan horse
A
a program that disguises itself as a legitimate program or file, but when installed, it can delete data or damage hardware
22
Q
How to prevent trojan horse
A
Very hard as it involves user tricking, so even firewalls and anti-virus software can be useless
23
Q
Spyware
A
a software that records all key presses and transmits these to a third-party
24
Q
Adware
A
a type of software that displays unwanted advertisements on the computer without the user’s consent. Some of these may contain spyware and some may link to viruses when clicked
25
Ransomware
* Software that stops a user from accessing their computer/data by encrypting the files and demands a ransom (fee) payment to decrypt them.
* It can cause data loss, and financial damage and disrupt business operations
26
Examples of malware (6)
1. Viruses
2. Worms
3. Trojan horse
4. Spyware
5. Adware
6. Ransomware
27
Phishing
*Legitimate-looking email sent to user
* encourages user to click a link that directs user to a fake website
* User encouraged to enter personal details into a fake website
28
Aim of phishing
to steal sensitive information for personal gain
29
How to prevent Phishing
1. Don’t open links from unknown receivers
2. Use anti-phishing tools
3. Block pop-up ads
4. Have an up-to-date browser
30
Pharming
Malicious code is downloaded without users' knowledge that redirects the user to a fake website where they’re encouraged to enter their personal details
31
How to prevent Pharming
* Using anti-virus software
* Checking the spelling and the weblink carefully
* Make sure that the green padlock is present in the URL bar
32
Social Engineering
manipulating individuals to gain access to confidential information
33
Common types of social engineering
1. posing as someone else to gain trust or access to sensitive information
2. Phising/emails
3. Scareware - done using a pop-up message claiming a computer is infected
4. Baiting- leaving a malware-infected stick somewhere that a curious person plugs into their computer
34
Cyber security threats (8)
1. Brute force attacks
2. Phishing
3. Pharming
4. DDoS attacks
5. Malware
6. Social engineering
7. Data interception
8. Hacking
35
Accidental Damage
* Liquids being spilt
* Software failure- Make sure it is always up to date
* Pressing delete by mistake
* Not saving data
* Not shutting down the computer correctly
36
Access Levels
Having Different levels of access for different people
(for example - Only doctors can have access to patient’s data)
37
Anti-Malware
prevent and remove malware
38
Examples of anti-malware
anti-virus
anti-spyware
39
How does Anti-malware work?
1. scans the computer’s files
2. If any malware is found, it is quarantined to prevent the spread
3. The malware is then deleted
40
Authentication
* ensure that only authorised users can access data
* process of Users Proving Who They Are
* prevent unauthorised access and protect sensitive data
41
Passwords
1. Strong password should be complex, unique, and not easily guessed
2. Passwords should be changed regularly
3. Users should avoid reusing passwords across multiple accounts.
42
How can authentication be done (3)
1. Passwords
2. Biometrics
3. Two-step verification
43
Biometrics
biological data for authentication by identifying unique physical characteristics of a human such as
* fingerprints,
* facial and voice recognition,
* iris scans.
44
Why is biometric authentication more secure than using passwords?
* A biometric password cannot be guessed
* It is very difficult to fake a biometric password
* A biometric password cannot be recorded by spyware
* A perpetrator cannot shoulder surf to see a biometric password
45
Two-factor authentication
**requires users to provide two forms of authentication before accessing data, such as a password and a verification code sent to a mobile device**
46
What does Two-factor authentication (2FA) do
This provides an extra layer of security and reduces the risk of unauthorised access. 2FA is widely used to protect online accounts, such as email or banking.
47
Automating Software Updates
* ensures that software systems are up-to-date with the latest security patches, which helps to prevent security threats
* important for operating systems and software that are frequently targeted by hackers
48
Communications
Checking the spelling and tone of communications is important to prevent phishing attacks
49
URL
* Checking the URL attached to a link is another way to prevent phishing attacks.
* Hackers often use fake URLs to trick users into visiting fraudulent websites
----e.g. http://amaz.on.co.uk/ rather than http://amazon.co.uk/
50
Firewalls
Type of hardware or software that stands between the user and external networks. It filters and monitors incoming and outgoing traffic.
blocks unauthorised access
51
Tasks Firewall does
* The user sets criteria for the traffic (this is called the whitelist/blacklist)
* The firewall will monitor the incoming and outgoing traffic
* It will accept or reject the traffic based on the criteria and if data does not meet the criteria it rejects it and an alert can be sent to the user
* It can help prevent hacking and malicious software that could be a threat to the security of the data
52
Privacy Settings
* used to control the amount of personal information that is shared online
* important measure to prevent identity theft and other forms of online fraud
* Users should regularly review their privacy settings and adjust them as needed
53
Proxy-Servers
* used to hide a user's IP address and location, making it more difficult for hackers to track them
* act as a firewall and can also be used to filter web traffic by setting criteria for traffic
* Malicious content is blocked and a warning message can be sent to the user
* divert attack away from the server
* can stop website from falling into DoS attack
54
Secure Socket Layer (SSL)
* a security protocol which is used to encrypt data transmitted over the internet
* SSL is widely used to protect online transactions, such as those involving credit card information or other sensitive data
55
Process of SSL
1. – Web browser requests web server to identify itself/view the (SSL) certificate
2. – the web server sends copy of the (SSL) certificate to the browser and browser checks if SSL certificate is authentic/trustworthy
3. – sends signal back to webserver that the certificate is authentic/trustworthy
4. – starts to transmit data once connection is established as secure
5.- encryption method will be agreed and a session key is generated
7. – if website is not secure browser will display an open padlock/warning message
56
ad and dis of fingerprint scans
ad-
* One of the most developed biometric techniques.
* Very easy to use
dis-
* Very intrusive for some, since it is still related to criminal identification.
* Can make mistakes if the skin is dirty or damaged
(for example, cuts).
57
ad and dis of retina scans
ad-
● Very high accuracy.
● No known way to replicate a person’s retina
dis-
● Can be relatively slow to verify a retina scan using stored scans.
● Very expensive to install and set up
58
ad and dis of Face recognition
ad-
● Non-intrusive.
● Relatively inexpensive
dis-
● Can be affected by changes in lighting, the person’s hair, change in age, and if the person is wearing glasses
59
ad and dis of Voice recognition
ad-
● Verification takes less than five seconds.
● Relatively inexpensive
dis-
● Low accuracy.
● Illness, such as a cold, can change a person’s voice,
making absolute identification difficult or impossible.
