cyber security

Question 1

cyber security

Answer 1

the process and technologies that protect from attack, damage or unauthorised access
(protects networks, computers programs and data)
companies can be fined for not protecting your data

Question 2

password policy

Answer 2

• upper case
• lower case
• special characters
• numbers
• over 8 characters
• change it often

Question 3

misconfigured access rights

Answer 3

rights are assigned to the wrong person so they can access things they shouldnt be able to - security breach
- eg a student can see the grades of all other students - data leak

Question 4

pharming attack

Answer 4

a cyber attack that redirects a user to a fake website

Question 5

pharming attack process

Answer 5

• when your device requests a website it asks a DNS server for the IP address
• DNS gives the IP
  -your device sends a HTTP address to that IP address
• a hacker can change the entry on the DNS and make it point to their fake website - DNS is poisoned
• fake website appears real but collects personal data eg bank login

Question 6

DNS server

Answer 6

Domain Name System server

Question 7

removable media

Answer 7

a storage device that can be inserted/removed eg USB/SD card
- can be used to introduce malware/steal data/files
- malware can be present on the comp and infect the media
OR - a hacker can leave an infected USB which someone puts in a comp

Question 8

unpatched software

Answer 8

• updates fix know security issues
• comps not updated are an easy target for hackers that know about a vulnerability
• software needs to be patched/updates to protect against this weakness
  most important to update
• OS - has full control over comp
• anti-virus software - detect new malware

Question 9

social engineering

Answer 9

the ability to obtain confidential info by manipulating people for it - give info willingly

Question 10

phising

Answer 10

using an email/SMS (with links in) to obtain info
send an email pretending to be from bank etc to try and get info
- not personalised/ wrong sender address/ fake link/ request personal info/ poor spelling/ urgency

Question 11

blagging/pretexting

Answer 11

use an invented personal scenario to target someone
- know personal details eg name/friends
- from social media/hacked email/official records/dumpster diving

Question 12

shouldering

Answer 12

observe info as its entered (camera, over shoulder, reflection, overhearing)

Question 13

advice to avoid social engineering

Answer 13

• be wary of links
• check its httpS
• cover pins/passwords
• dont give out personal info

Question 14

trojan horse

Answer 14

• program presents itself as something the user wants
• the user downloads it thinking its helpful
• gives OS permission to instal what is actually malware
• the program causes damage/ takes control/provides access to a computer

Question 15

malicious code vs social engineering

Answer 15

malicious code takes info
in social engineering people give it willingly

Question 16

malware

Answer 16

malicious software
- executable programs that run on a comp
- viruses/trojan horse/ spyware/ransomeware/ worms/ backdoors

Question 17

virus

Answer 17

A virus is a piece of malware that infects a computer, and then replicates itself to be passed onto another computer.

Question 18

ransomware

Answer 18

Ransomware hijacks the data on a computer system by encrypting it and demanding that the owners pay money for it to be decrypted.

Question 19

spyware

Answer 19

collects the activity on a computer system and sends the data it collects to another person without the owner being aware.

If a computer has been infected by spyware, it could be sending back everything that is typed, or the sites that are visited, or even where the user is clicking on their screen.

Question 20

key logger

Answer 20

Spyware that records what is being typed

Question 21

adware

Answer 21

causes pop-ups or windows that will not close. Generally, the pop-ups or windows display advertisements

Question 22

worm

Answer 22

targets computers on the internet
automatically replicates itself
slows a network

Question 23

anti-malware software

Answer 23

• a virus or new malware is detected and sent to the anti-virus company
• verify its malwate then create a signature of the virus
• add it to their dataabase and tell computers to run an update
  -If a program that is installing, or file that is being opened, appears to be similar to something on its database, it will warn the user

Question 24

biometrics

Answer 24

measure physical characteristics to verify identity
eg fingerprint, face, eye, voice

Question 25

CAPTCHA

Answer 25

to make sure you arent a bot sent by hackers to bring down a network
- images that are easy for humans to interpret but not robots eg a line through characters

Question 26

penetration testing

Answer 26

deliberately trying to find security holes in your system to identify targets, possible entry points + report these back
white or black box

Question 27

white box

Answer 27

simulates a malicious insider with knowledge of the system - have certain credentials to target a system

Question 28

black box

Answer 28

simulates an external hacker with no knowledge of the system

Question 29

email authentification

Answer 29

sending an email to the user’s email address to ask them to confirm they are who they say they are and they want to do something eg a payment online

Question 30

CAPTCHA rules

Answer 30

• rotate characters
• coloured background
• background with lines/patterns
• blur letters
• have horizontal lines across characters
• skew the word (not straight)

Question 31

method to crack a weak password

Answer 31

brute force

Question 32

default password

Answer 32

standard password given for an account or device set by the organisation/ manufacturer
if unchanged is a security risk as multiple accounts will have the same password so its know

Question 33

3 precautions to protect data on a device

Answer 33

• anti malware software
• strong password
• update regularly