Chapter 14 Flashcards
Define social engineering.
Psychologically tricking people into divulging information or doing things.
-Blagging
-Phishing
Define blagging
Hacker speaks to victim directly and creates a scenario to get the victim to divulge info.
e.g. pretending to be a bank employee
Define Phishing
Mass sending hoax emails falsely claiming to by a service. Usually contains a URL link to a fake website to collect personal info
Qualities of phishing emails…(5)
-Create urgency
-Poorly written (spelling/grammar)
-Impersonal
-Fake URL Links/sus attachments containing malware
-Suspicious sender email address trying to look genuine
Define Malware
Malicious software that..
-Gains unauthorized access to the network
-Gathers information to ransom/sell
List 6 types of malware
-Pharming
-Virus
-Worms
-Trojan
-Spyware
-Adware
Define Pharming
Malware that changes the DNS cache on a computer so the user thinks they have been taken to a genuine website, but the website is actually fake
Define Pharming
Malware that changes the DNS cache on a computer so the user thinks they have been taken to a genuine website, but the website is actually fake
How to prevent pharming
Check the http address
Check for secure https connection
check site’s security certificate
Define Virus
Programs that hide within another file. They replicate and spread into other files which can be passed on to other computers. Can corrupt data on a disk
Define worms
program that replicates and spreads to other computers independently.
Can produce 1000s of copies, taking up a processor and network bandwidth, reducing performance.
Define trojan
Malware disguised as a genuine program.
Installed by a user who thinks that it is real.
Define spyware
Malware that spies on a computer to send data back to hacker.
Could contain keyloggers.
Define adware
Programs that display pop up adverts and redirect search requests to advertising website.
Collects advertising data.
How to protect your computer(9)
-Install anti-(malware) software
-Install a firewall
-Ensure OS is up to date
-Ensure anti-(malware) software can scan email attachments
-Use adware removal software
-Avoid opening attachments from unknown sources
-Avoid clicking on email links
-Read t+cs of free software. Don’t click on pop-ups, only close them
What is brute force attack?
Trial and error method of obtaining authentication details generated by software
What is Distributed denial of service attack?
Spamming login attempts to to bring down an online service. Hackers can recruit other computers using malware aid in the attack.
What is Data interception and theft attack?
Intercepting data as it travels across a network by using packet sniffers.
What is SQL injection?
Using SQL commands which bypass login requirements and gain access to the database
What is penetration testing?
A company using white-hat hackers to form mock attacks to identify security weaknesses and the ability to respond to their attack.
What is Black box testing?
Penetration testing done but with no information about the network. This provides a more realistic scenarios and weaknesses
What is white box testing?
Penetration test done with knowledge of the network.
What are network policies?
Rules to follow if an attack occurs.
e.g. installing and keeping up to data anti malware software.
What are heuristics?
Recognizing behaviors of a malware program, rather than just comparing it against a malware list
Physical countermeasures to cyberthreats?
-setting user access levels depending on employees responsibilities.
-Long, complicated and regularly changed passwords with numbers + symbols.
-Hiring security guards
How does network encryption work?
1) Receiver generates large number with 2 factors assigning a public key and a private key.
2)Receiver broadcasts public key.
3)Sender encrypts message with public key.
4)Only the sender know the private key and can decrypt the message.
