Cyber Security Flashcards
What is cyber security consist of?
The processes, practices and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access.
Define cyber security.
The protection of computer systems, networks and data from criminal activity.
What are the 2 major threats to an organisation?
- data theft
- virus infection
What is the largest factor in security breaches?
Human error
Which factors can cause security breaches?
- Pharming
- Weak and default passwords
- Misconfigured access rights
- Unpatched or outdated software
Define pharming
A technique intended to redirect a website’s traffic to another, fake site. (major concern for online banking and e-commerce websites)
How can misconfigured access rights breach security?
User names are used to identity the access rights for each user, therefore if employees change roles or have new roles, if there access rights are not carefully managed they may authorise data to them which is not allowed.
Define social engineering
The art of manipulating people so they divulge personal information such as passwords or bank account details.
What techniques are included in social engineering?
- Blagging
- Phishing
- Shouldering
Define blagging
Act of ‘knowingly or recklessly obtaining or disclosing personal data or info without the consent of the controller/owner of data’
Example of blagging
A dishonest employee may persuade a colleague to tell them private information such as their password.
Define Phishing
Designed to steal money, get login details, or steal an identity.
Example of Phishing
Emails
Define shouldering
Refers to using direct observation techniques to gain information such as passwords or security data.
Define malware
Malware is the term used to refer to a variety of forms of hostile or intrusive software
Define virus
A program that is installed on a computer without your knowledge or permission with the purpose of doing harm
How are virus’s spread?
- attachment to emails
- instant messaging services
- through files, programs or games
- infected file from a memory stick or a CD/DVD
Define spyware
A software that gathers information about a person or organisation without their knowledge
Define adware
Adware analyses which Internet sites a user visits and then presents adverts for products which the user is likely to be interested in
Define trojan
A program which masquerades as having one legitimate purpose but actually has another. Usually spread by email.
What two methods are used to identify vulnerabilities in a network?
- network forensics
- penetration testing
Define network forensics and how it is used
Involved capturing, storing and analysing network events, can look at business transactions to verify they are not fraudulent, detect data leaks etc.
Define penetration testing
Used to find any security weaknesses in a system. It attempts to gain access to resources without knowledge of usernames, passwords and other normal means of access.
What is the strategy for penetration testing ?
- gather info about target of possible attacks
- identify possible entry points
- attempt to break in
- report back the findings
What happens in black box penetration testing ?
Very little info is given about the network prior to the test, to see if hacker can get in and how far they can get
What happens in white box penetration testing ?
Tester is given basic info about the network in advance of the testing such as IP addresses, network protocols and even passwords.
What 3 ways does anti-malware software protect a computer ?
- prevents harmful programs installed
- prevents important files, such as operating system from being changed or deleted
- If virus installs itself, software will detect it and remove it
What are biometric methods?
Fingerprint scan, voice pattern, sample or retinal scan
What is CAPTCHA?
Completely Automated Public Turing test to tell Computers and Humans Apart