5.4 User Security Flashcards
Define social engineering (2)
Invovles manipulating of people
occurs when cybercriminal creates a social situation that can lead to a victim dropping their gaurd
What are the 5 types of social engineering (5)
Instant messaging
Scareware
Email/Phishing scams
Baiting
Phone calls
What is instant messaging (1)
Malicious links embedded into instant messages
Features of scareware (2)
pop-up message claiming that user’s computer is infected with a virus
user is told to download anti-virus that looks real (fake)
How is baiting carried out (2)
cybercriminal leaves malware infected memory stick somewhere
curious user plugs memory stick into computer and downloads the malware
What human emotions is social engineering exploiting (3)
fear
curiosity
empathy and trust
Purpose of access levels (2)
different levels of access for different people
have a hierarchy of access levels
What are the 4 access levels (4)
Public access
friends
customs
data owner
Define public access (1)
data that the general public can access
Define friends (1)
(only people identified as “friends” by the owner of the data can see certain data
Define customs (1)
user can exclude certain content from selected people
Define data owner (1)
data only owner can see
2 types of anti-malware (2)
anti-virus
anti-spyware
Define anti-spyware (1)
Detects and removes spyware programs
How does anti-spyware remove spyware using the rules method (2)
software looks for typical features which are usually associated with spyware
identifying any potential security issues
How does anti-spyware remove spyware using the file structure method (1)
looks for certain file structures associated with spyware
Define authentication (1)
Ability of a user to prove who they are
Common factors used in authentication (3)
Something you know (password or PIN code)
Something you have (mobile phone or tablet)
Something unique to you (biometrics)
two Methods of authentication (2)
Passwords
biometrics
Function of passowords (1)
restrict access to data or systems
What should strong passwords contain (3)
-at least one capital letter
-at least one numerical value
-at least one other keyboard character
Function of biometrics (1)
Relies on certain unique characteristics of human being
Examples of biometrics (4)
fingerprint scans
retina scans
face recognition
voice recognition
How do fingerprint scans work? (3)
Images of fingerprints compared against previously scanned fingerprint images stored in a database.
System compares patterns of ‘ridges’ and ‘valleys’ that are unique.
If they match, then a user is correctly recognised
Benefits of fingerprint scans (5)
Unique
Can’t be misplaced
Easy to use
Small storage
Most developed biometric technique
Disadvantages of fingerprint scans (3)
Expensive to set up
Affect scanning accuracy if finger is damaged
Some may consider it as infringement of civil liberties
Function of retina scans (1)
Uses infrared light to scan unique pattern of blood vessels in the retina (back of the eye)
Advantages of retina scans (2)
secure as there is no way to duplicate the blood vessels patterns
very high accuracy
drawbacks of retina scans (3)
can be intrusive
slow to verify retina scans with stored scans
expensive to set up
Disadvantages of face recognition (1)
can be affected by change facial features
Benefits of voice recognition (3)
not intrusive
quick to verify
relatively cheap technology
Disadvantages of voice recognition (3)
voice can be easily recorded and used for unauthorised access
low accuracy
voice can change
Define two step verification (1)
Requires two methods of authentication to verify who a user is
Where is two step verification often used? (1)
online purchases
How does two step verification work? (2)
1st step is entering username and password
2nd step is when an 8 digit pin is sent to device’s email or text message. And user enters the 8 digit pin
Define automatic software updates (2)
updating software on user computer
improves software performance and security
2 Actions to take before opening emails (2)
spelling in email
tone used in emails
Different ways of protecting against cyber security threats (10)
access levels
anti-malware
authentication (username and password
biometrics, two-step verification)
automatic software update
checking the spelling and tone of
communications
checking the URL attached to a link
firewalls
privacy settings
proxy servers
Secure socket layer (SSL) security protocol
Purpose of firewall (1)
security system designed to prevent unauthorised access to or from your computer or private network.
How do firewalls work? (3)
sit between the user and the external network, examining both the incoming and outgoing traffic
checks what is received and requested to ensure that traffic (data) meets a given set of criteria (rules).
Any traffic (data) that doesn’t meet the criteria is filtered and stopped.
Purpose of proxy servers
intermidiary between user and web server
Benefits of proxy servers(3)
Anonymity: IP address given to web server is the IP address of the proxy server (not user)
Security: IP is hidden so hacker cannot target user
Improved control: Large organisation can control what content is allowed to be accessed by employees, students etc
Purpose of SSL
allows data to be sent and received securely over the internet
Define SSL
Set of rules used by computers to communicate with each other over a network
Are firewalls hardware based, software based or both
Can be hardware or software based
Are proxy servers hardware based or software based or both
Can be hardware or software based
