6 - Fundamentals of Cybersecurity Flashcards
hackerman 4300000
Cybersecurity
A series of processes, practices and technologies that protect networks, computers, software and data from damage, loss and unauthorised access
Social engineering
Forms of cyberattack that focus on people, rather than pieces of tech, as the weak point in any system. There are diff ways to manipulate ppl to surrender confidential info
Pretexting//Blagging
Involves fabricating a scenario in order to gain unauthorised access to a system. A person might pretend to be from IT support in order to persuade an employee of a company to divulge their password
Shoulder surfing//shouldering
Simply watching, over someone’s shoulder, as they type in their password on PIN
Pharming
Involves redirecting users to an unsafe website. They might type in the web address of their bank and be taken to a website that looks very much like their bank’s real site. The fake website will then collect the user’s login credentials
Phishing
Uses emails to lure ppl to convincing but fake web pages. They believe they’re logging in, but they’re really transmitting their login details to an unknown person.
- The victim receives an email with a hyperlink. Email tells the user they need to click on the link, often saying their security has been compromised in order to motivate them
- They will be taken to a screen that asks them to enter personal info. This screen will usually look identical to a screen with which they are familiar
- When they have entered their info, they are usually forwarded to the genuine page. In the meantime, the info they entered has been forwarded to a hacker
Malware
Any program that works against the interest of you or your comp. Viruses, trojans, adware and spyware are types of malware, although there are others
Computer viruses
Self replicating pieces of code that can damage data or software. They are often spread via email attachments or removable media such as USB flash drives
Trojans//trojan horses
Are legitimate programs developed with the intention of hiding malicious code within. Since they are largely legit, they are oft not recognised as malware
Adware
Downloads unwanted internet adverts, often observing your online behaviour in order to target specific adverts
Spyware
Covertly obtains sensitive data, such as credit card n.os and passwords, transmitting the data to a hacker across the internet
Other threats: Weaker passwords
Passwords that are easy to guess
Default passwords can be a problem
A router’s new owner might not change the pass from ‘admin’ or ‘password’ when they buy it, leaving their network vulnerable
Other threats: Misconfigured access rights
Access rights are rules that tell a computer system which user should have access to which files and other resources. If these access rights are not set up properly, employees and other users could access data that they should not be able to access
Other threats: Removable media
Any storage device that is highly portable can easily be used to steal data or introduce malware onto a system
Other threats: Unpatched software
When a security risk is identified in a program, the dev will release a patch, which is an add-on program that fixes the security risk. If a user does not install the patch, their computer is not secure
Prevention: Biometric
Using some part of a person’s biology to access a system instead of a password. E.g:
- Fingerprint scanners on tablets and phones
- Doors that unlock when a person’s iris or retina is scanned
- Voice recognition
- Face recog
Prevention: Password systems
Automated procedures that ensure that sound password policies are followed:
- Strong passwords that include many different char types
- Passwords that must be changed on a regular basis
Users that try not to adhere to the policies are simply not allowed into the system until they do
Prevention: CAPTCHA
Blurry text is presented to the reader, which is easy for a human to read but difficult for a computer. This tech is used to ensure that a human is using the system, not simply a comp program trying to guess a pass at a rate of millions of attempts per second
Prevention: Email Confirmation
Often, when a pass is changed, a user might verify this change by clicking on a link sent to a registered email address. This can prevent third parties changing passwords unnoticed
Prevention: Auto software updates
When a new version of software, which might have updated security measures, is released, a computer can be configured to auto download this new version
Prevention: Penetration testing
Someone tries to hack into a system, but as an employee or contractor of the system’s owner. Their aim is not to steal or corrupt data, but to identify weaknesses so that they can be resolved
