cyber security Flashcards
what is malware?
malicous/harmful software, that is designed to cause harm or gain unauthorised access computer system
An umbrella term used to refer to a variety of forms of hostile or instructive software.
What are some threats to a computer system
- social engineering
- malware
What is social engineering ?
a way of gaining illegal access to data or networks by influencing people (normally employees or large companies)
The art of manipulating people so that they give up confidential information
what are some forms of social engineering?
- blagging
- pharming
- phishing
- shouldering
what are some typical actions of malware?
- deleting or modifying files
- locking files (ransomware encrypting all the files)
- unwanted adverts
- mo
What is Pharming?
redirects the user from a websites’s traffic to a fake website , in hope to gain personal information , to access their genuine account
How could you prevent pharming?
- anti-malware software , up to date
- internet browsers using web filters
*not clicking or links or attachments from unknown users
What Phishing?
A technique if fraudulently obtaining private information, often using email or SMS
emails are sent to the user claiming to be from well known business, asking for bank details
How to prevent phishing?
- emails have anti-phishing features
- you can spot bad grammar , or will ask to redirect to a link
What is shouldering?
looking over someone’s shoulder and watching and observing their activity /private information (pin details)
how can you reduce the risk of shouldering?
being discrete (covering the keypad when you enter the pin)
some softwares output astreiks instead of the symbol typed , on the screen
What is Blagging ? (Pretexting)
The act of creating and using an inverted scenario to engage a targeted victim in a manner that will increase the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.
how could you prevent blagging?
reduce the risk by using using security measures that cannot be given away,
eg: biometrics
what is penetration testing?
organisations employing specialists to stimulate potential attacks to their system, allowing them to identify their weaknesses in cyber security
The process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access.
What is the difference between white and black penentration testing ?
white: when the person or team testing the system has knowledge of possibly basic credentials for the target system, stimulating an attack from inside the system (a malicious insider)
black: when the person of team testing the system has no knowledge of any credentials for the target system, stimulating an attack from outside the system (an external attack)
what are the different types of malware?
- trojan
- worms
- spyware
- ransomeware
- viruses
- adware
what is a trojan?
appears to be a piece of harmless software, often given away for free, that contains malicious code hidden inside. This only appears once the gifted software is installed.
what is spyware?
collects the data from one computer system and then sends the details to another person without the user being aware.
data being sent could be thing the user typed, or the sites that are visited, or even where the user is clicking on their screen. Spyware that records what is being typed is known as a keylogger. Keyloggers attempt to find out usernames and passwords by collecting everything that is entered into the system, which allows the hacker to search for personal data.
What are viruses?
Opening the links activates the virus allowing it to infect a computer and then replicate to affect other devices on the network.
What is an anti-virus software?
a database of viruses. When opening a file or installing a program .If the virus is similar to the one in the database, it will warn the user.
What is adware?
legal, in extreme cases ad pop ups that do not go away. (can be solved with ani-virus software)
What is ransomeware ?
when files will be encrypted and in order to recieve a decrypting key, the hackr will demand a certain amount of money.
probably from suscpitious attachtments.
How can removable hardware also a cyber threat?
if attcahed to a computer on a network ,all the the comuters could get the virus
How is unpatched software a cyber secrutity threat?
unpatched sotware= not up to date software and so is more sucesptible to cyber attacks.
‘patching’ updates or fixes a problem or adds new features
reduces vunerability
More outadated software is more easily exploited
How do orgainsations keep their networks safe from threats?
- encryption, to prevent wire tapping or packet sniffing
- anti-malware software
- firewalls
- user access levels, stops attacks from within the organisation
- automatic software updates
- MAC Address filtering
*penetration testing (white & black) to find weaknesses and correct
*strong, regularly changed passwords, against automated software.
Describe encryption
data translated into cipher text, with the correct key to decipher, data can now be sent over a network securly
Describe Firewalls
examines all the data leaving and enetring the netwoek, can be software or hardware
Describe user access levels, prevnting threats
pwople with higher access levels have more access to senetive data , the UAL limits the amount of people who have accesss to the sensitive information.
*Helps prevent attacks from within the organisation
Describe MAC filtering
makes sure that the only people on the network are trusted employees.
It checks the unique MAC address of each devices that tries to connect to the network, and only allows certain devices to join.
What are some types of security measures ?
- email confirmation
- biometrics
- CAPTCHA
- passwords
*automatic software updates
Biometrics
✓secure (cannot be given away or manipualted)
✓convienient(don’t have to remeber
X more expensive, needs special hardware
CAPTCHA
completly automated public turning ( to tell) computers and humans apart
✓prevents programs from automatically doing things (creating user accounts)
Whats wrong with putting many security measures in at a time?
prevents normal users from being able to use the network easily
What is ‘cyber security’?
The processes , practices and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access
Describe the main purposes of cyber security
