6 Fundamentals Of Cyber Security Flashcards
What are the different forms of attacks?
Insider attack
Active attack
Passive attack
Social engineering
What is Social engineering?
When a person is exploited into giving away critical information that gives access to the network or accounts
What is an insider attack?
When someone in an organisation gives away access details or sensitive information
What is an active attack?
When someone uses malware or other technical methods to compromise a network’s security
What is a passive attack?
When a hacker eavesdrops on a network by ‘sniffing’ the data packets
What do hackers do to overcome authentication mechanisms?
Hackers mainly crack passwords
What is cracking the password?
Finding people’s passwords to overcome authentication is called cracking the password
What is the brute force attack?
A brute force attack tries to crack a password by trying every single combination of letters and numbers until the correct one is found.
This can take a very long time, although special software is used to do this which makes it possible to make millions of attempts per second
What is the Dictionary attack?
A quicker form of the brute force attack is the dictionary attack.
Rather than attempting every single combination, a dictionary attack tries words from a predetermined list:
A common dictionary to use would be a list of common passwords
How do you protect against cracking?
Writing a network policy which enforces strong passwords can protect against dictionary attacks.
Using two-factor authentication can prevent the hacker from logging in, even if they have the password.
Restricting the number of failed password attempts before an account is ‘locked’ for a fixed period of time can deter hackers
What is a Denial of Service attack?
A denial of service (DoS) attack tries to bring down a server by flooding it with useless traffic
The attack aims to overload the server. This stops the server responding to legitimate traffic
How do you protect against Denial of Service (DoS) attacks?
To protect against DoS attacks, a server’s firewall can blacklist (ban) any traffic from an IP address which is known to perform DoS attacks.
Firewalls can also monitor traffic in real time. So if a new IP address starts to send too much traffic then traffic limits can be set.
What are Distributed DoS attacks?
Distributed DoS (DDos) attacks are commonly used to overcome the blacklisting of an IP address because of a high number of requests
In a DDoS attack, the requests are sent from an army of compromised machines, known as a botnet
Botnet machines are infected with malware which allows a hacker to send requests from their computer
The botnet can launch a huge number of simultaneous requests. The owners of the devices in the botnet might not even realise they are taking part
What is Authentication?
Authentication is the name for any methods which allow users to prove that an account is theirs
What is Penetration testing?
Penetration testing identifies vulnerabilities in a network’s security by attempting a controlled attack on the network
This usually involves carrying out multiple types of attack to see which is most successful
Penetration testing is done by the organisation itself, or an external organisation or contractor they have hired
What is a good penetration test?
A good penetration test will check:
Technical vulnerabilities
Likelihood of social engineering
A test of damage recovery
Why do organisations perform penetration tests?
Organisations choose to perform penetration testing to try to find vulnerabilities before criminals do
If an organisation can find and fix a bug before it is exploited, it can save time and money
What are the two types of Penetration testing?
Black-box penetration testing
White-box penetration testing
What is black-box penetration testing?
A black box penetration test is done outside of an organisation
A system administrator might pay an outside organisation to attempt to gain access to their systems in a controlled way
This will allow the system administrators to experience a ‘practice’ attack which is very similar to a real attack
What is White-box penetration testing?
A white box penetration test is done inside an organisation
In a white box penetration test, system administrators will test how vulnerable the system is against someone with knowledge of the system, and possibly a user account with low access rights
This will help to prevent insider attacks
What is Cold calling?
Social engineers often cold call victims and pretend to be from an organisation such as a bank
The social engineer will then ask a victim to confirm their details, so that they can use these details to access their account later
Why do social engineers use fear?
Fear is often used to put people off-guard and make them more likely to comply
Social engineers know that people will make irrational decisions when panicked
A common attack would be to call someone pretending to be a bank, and ask why they have emptied out their account:
This would panic the victim, who would then want to sign into their account straight away over the phone
What is the weakest point in most networks?
People
What are the tactics used to help prevent Social Engineering?
Education and Training
Public Awareness Campaigns
Company Security Policies
What are the types of Social engineering attacks?
Pharming
Shouldering
Blagging
What is Pharming?
Pharming is where an attacker will set up a fake website, and try to redirect people to it
This is often done through attacks on DNS servers, or by using common misspellings of links
What is Shouldering?
Shouldering is where an attacker will gain information by physically watching a user.
Shouldering can be done in two ways:
Watching someone in person, e.g. someone entering a password.
Using screen capture software
What is Blagging?
Blagging is where an attacker will pretend to be involved with an organisation in order to gain information
For example, an attacker may pretend to be an employee and ask a fellow employee what a code for a door is because they are new and have forgotten
What is Phishing?
Phishing uses fake emails and websites to trick people into giving away their sensitive data
Emails are sent to thousands of people, claiming to be from a known service such as a bank or utility provider
Victims are taken to a realistic looking but fake version of the site where they log in. This gives their details to the attackers
How do you protect yourself against phishing?
Never click a link in an email that asks you to update or enter your account details.
Check that the sender’s email address is correct.
Look for clues that the email is not legitimate such as spelling mistakes or generic greetings
What is Malware?
Malware is any kind of malicious software that is installed without your knowledge or intent
What are Viruses?
Small pieces of code injected into other programs which spread from computer to computer
What are Worms?
Small pieces of code which spread across a network, similar to viruses but without a host program
What are Trojan horses?
Any form of malware which tricks the user into installing it by pretending to be a different program
What is Ransomware?
Ransomware encrypts files on an infected system and only decrypts files once a payment has been made to the hacker
What is Spyware?
Gathers information about a user by tracking their activity
What are Rootkits/
Rootkits:
Malware which modifies the computer’s operating system to avoid detection by antivirus software
What are Backdoors?
Malware which opens up an access channel to a computer that other malware can use to take over the machine
What techniques are used by malware to spread across a network as fast as possible?
Installations
Replication
Attachments
How do Installations help spread Malware across a network?
Users often willingly install malware if they are tricked into thinking that they are installing a different piece of software
Common ‘disguises’ for malware include:
Security updates
Software drivers
How does Replication help spread Malware across a network as fast as possible?
Once one device on a network has been infected with a worm or a virus, then it becomes very easy for it to spread to other devices on the network
The process of spreading to other computers is called self-replication
How do Attachments help spread Malware across a network?
Opening attachments in emails such as Word and Excel documents can include ‘macros’
A macro is a small program that is given permission to run on the computer
The macros can be set up to install malware
What is a Macro?
A macro is a small program that is given permission to run on the computer
Why do we use Anti Virus/Malware Software?
These pieces of software can help to identify and quarantine malware.
Quarantining a piece of software prevents it from running and allows users to decide whether to:
Attempt to remove a virus from the software.
Destroy the software
What is Anti-Virus Software?
Anti-virus software provides real-time ‘on-access’ scans of files to detect if they have been infected by a virus
That means that when a file is opened, the anti-virus checks that it has not been infected
Waht is Anti-Malware Software?
Anti-malware software performs periodic scans of the system
Anti-malware software detects unknown pieces of malware, and removes them from the computer
What are Firewalls?
A firewall is either a hardware device or a piece of software which sits between a device and the Internet
Firewalls inspect and filter incoming and outgoing data packets
They try to stop hackers gaining access to the network and stop malware getting into the network
What is IP-address Filtering?
The firewall only allows traffic from certain known sources
This can be used to prevent denial of service attacks
What is Port-Blocking?
Firewalls can block access to certain ports
One important port is port 22, which allows remote access via the Internet. By blocking this port, we can prevent hackers trying to take over the server
How methods are used to prevent Cyber Attacks?
Email Verification
Biometric authentication
Automatic Updates
CAPTCHA
What is Email Verfication?
Email verification is a tool used on many websites to ensure that a certain email address really does belong to a user
This is usually done during registration, where a user will sign up and then have to click a special verification link in an email to confirm their email
This prevents people from using other people’s email addresses to create accounts
What is Biometric Authentication?
Biometric devices are a method of authentication which scan a part of the user’s body to authenticate them
Biometric devices include:
Fingerprint scanners
Retina scanners
Facial recognition
Biometric devices can sometimes be inaccurate, and either allow an attacker into the system, or not allow a valid user to access their system
Biometric devices do not require anything to be memorised
How do Automatic Updates help prevent Cyber Attacks?
Automatic updates can either be for software or security definitions
Security definitions are used by antimalware and antivirus software to identify specific pieces of malware.
These updates are usually automated to make sure that as many users as possible are protected at all times
How does CAPTCHA help prevent Cyber Attacks?
CAPTCHA is a computer program designed to determine if a user of a system is a human or a machine
It usually does this by asking the user to solve a problem such as selecting images where a certain item appears from different angles
CAPTCHA is often used on websites to avoid spam content by bots
What are Access rights?
Users of a computer system can be given different access rights for different files on the system
For example, for each file on the system we might keep a record of whether each user can:
Read the file
Write to the file
Execute the file
What are User Access Levels?
Network users can be arranged into user groups
Each group can then be given different access rights
This makes it easy to manage the access rights of a large group of people (e.g. employees)
What are the advantages of User Access Levels?
We can limit the access rights of ‘normal’ users on the network. For example:
Not allowing them to install software
Not allowing them to create new user accounts
Not allowing them access to confidential information
These rights can be limited to the administrators only
When are passwords effective?
Passwords are effective when:
They are kept secret
The password is strong enough against Brute Force attacks
What is the purpose of passwords?
Passwords help to prevent unauthorised users from accessing a device or network
Passwords are one of the simplest authentication methods
What should a strong paaword be like?
A strong password should: Be long Use letters, numbers, and symbols Be changed regularly Never be written down
What is Encryption?
Encrypting data is the process of scrambling data according to a specific algorithm so that it cannot be read by third parties
Only the intended recipient will know how to decode the data
What are keys for encryption?
A lot of encryption depends upon keys, which are shared secrets
Keys are made up of a pair of very large prime numbers, either 256 or 1,024 bits long
It would take an impractical amount of time to guess the key. So we say that the encryption is secure
What are the first three sections of a URL?
Protocol
Path
Domain
What does CAPTCHA stand for?
Completely Automated Public Turing test to tell Computers and Humans Apart.
