cyber security Flashcards
what is cyber security
consists of the processes, practices and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access.
what is malware
a form of malicious code designed to cause harm or gain unauthorised access to a computer system.
how can malware get onto a device
- a download from an email attachment
- hidden on removable media ( USB drive /SD card )
what are the typical actions of malware
- deleting/modifying files
-locking files ( ransomware encrypts all the files on a computer , the user receives a message demanding for large sum of money to be paid in exchange for decryption key ) - displaying unwanted adverts
- monitoring the user - spyware secretly tracks the users eg key presses and sends info back to the hacker who may use the info to gain access to passwords or bank details
- altering permissions - rootkits can give hackers administrator access to devices
how can malware be spread between devices
as viruses - attach to certain files - users spread them by copying infected files and activate them by opening them
as worms - self replicate without user help and can spread very quickly , they exploit weaknesses in network security
as trojans - malware disguised as legitimate software , users install them without knowing the true intent
what is pharming
the user is directed to a fake version of the intended website that looks like the real thing , when user inputs all their details onto the website they are actually giving the information to the hackers who can then use the info to gain access to the real account
what are some preventions from pharming
anti - malware software must be up to date help prevent malware attacks by scanning all incoming data to prevent malware from being installed and infecting a computer.
what is phishing
when criminals send emails/ messages to a user claiming to be from a well known business , the emails then leads to the user being sent to an fake website
what is social engineering
art of manipulating people so they give up confidential information
what is shouldering
observing persons private info over their shoulder – eg pin number prevent – cover pin number / screen guards over devices
what is blagging
methods used to obtain info convincingly – act of creating / using invented scenarios that manipulates targeted victims
what is penetration testing
attempting to gain access to resources without konwledge of usernames , passwords and any other means of access
explain the difference between the two types of penetration testing
what is authentication
what is encryption
what is trojan
what is virus
what is spyware
what is adware
what are ways to reduce risks from malware
why is the LEN function more flexible?
explain what outdated software
explain what are misconfigured access rights
why is biometric authentication better than password authentication
what are advantages and disadvantages of cloud storage
Explain three different electronic methods that could then be used to confirm user identity.
what are some methods to detect and prevent cyber security threats
how does the DNS work
what are the password policies
- minimum length of characters
- includes at least one lowercase letter
- includes at least one upper case letter
- includes at least one symbol
what is removable media
is any storage device that can be inserted and removed from a computer
why does an operating system have to be updated
as the operating system has full control of the computer or server so if the operating system is infected the entire appliance will be dangerous to the user
why does the antivirus /antimalware software need to be updated regularly
so that it can detect new malware
how does misconfigured access right pose a risk to a computer system
give users too much access which can be misused
how does unpatched/outdated software pose a risk to a computer system
leaves security holes open for hackers to take advantage of
what should you look out for in an email to make sure phishing isnt occuring
- greeting - the phishers dont know your name so the greeting isnt personalised
-
what are some security measures for cyber security
- biometrics - eg finger print scan,retinal scan,voice pattern recognition - very efficient as these are all unique features of a person so great way of authenticating an identity
- CAPTCHA
-automatic software updates - email confirmation to confirm users identity
- password systems - can be made even more secure by following these rules :
- minimum length
- upper/lowercase numbers and letters
- must be continually changed
-cant be based on a name
