6 - Fundamentals of Cybersecurity Flashcards
hackerman 4300000
Cybersecurity
A series of processes, practices and technologies that protect networks, computers, software and data from damage, loss and unauthorised access
Social engineering
Forms of cyberattack that focus on people, rather than pieces of tech, as the weak point in any system. There are diff ways to manipulate ppl to surrender confidential info
Pretexting//Blagging
Involves fabricating a scenario in order to gain unauthorised access to a system. A person might pretend to be from IT support in order to persuade an employee of a company to divulge their password
Shoulder surfing//shouldering
Simply watching, over someone’s shoulder, as they type in their password on PIN
Pharming
Involves redirecting users to an unsafe website. They might type in the web address of their bank and be taken to a website that looks very much like their bank’s real site. The fake website will then collect the user’s login credentials
Phishing
Uses emails to lure ppl to convincing but fake web pages. They believe they’re logging in, but they’re really transmitting their login details to an unknown person.
- The victim receives an email with a hyperlink. Email tells the user they need to click on the link, often saying their security has been compromised in order to motivate them
- They will be taken to a screen that asks them to enter personal info. This screen will usually look identical to a screen with which they are familiar
- When they have entered their info, they are usually forwarded to the genuine page. In the meantime, the info they entered has been forwarded to a hacker
Malware
Any program that works against the interest of you or your comp. Viruses, trojans, adware and spyware are types of malware, although there are others
Computer viruses
Self replicating pieces of code that can damage data or software. They are often spread via email attachments or removable media such as USB flash drives
Trojans//trojan horses
Are legitimate programs developed with the intention of hiding malicious code within. Since they are largely legit, they are oft not recognised as malware
Adware
Downloads unwanted internet adverts, often observing your online behaviour in order to target specific adverts
Spyware
Covertly obtains sensitive data, such as credit card n.os and passwords, transmitting the data to a hacker across the internet
Other threats: Weaker passwords
Passwords that are easy to guess
Default passwords can be a problem
A router’s new owner might not change the pass from ‘admin’ or ‘password’ when they buy it, leaving their network vulnerable
Other threats: Misconfigured access rights
Access rights are rules that tell a computer system which user should have access to which files and other resources. If these access rights are not set up properly, employees and other users could access data that they should not be able to access
Other threats: Removable media
Any storage device that is highly portable can easily be used to steal data or introduce malware onto a system
Other threats: Unpatched software
When a security risk is identified in a program, the dev will release a patch, which is an add-on program that fixes the security risk. If a user does not install the patch, their computer is not secure
