Cyber Security Flashcards
What is cyber security ?
protecting computers , programs and data from attack or damage from unauthorised access through technologies.
Cyber Security Threats
- social engineering
- malicious code
- weak and default passwords
- misconfigured access rights
- removable data
- unpatched and or outdated software
Name two technology solutions
anti - virus software - needs to be kept up to date
web filter - block access to web pages with malicious code and needs to be kept updated
Name two process solutions
- require user login
- minimise the access rights users have
- require regular password changes
- make sure o.s up to date
- regularly back up data to minimise that effect of an attack.
Examples of security measures
- bio metrics
- e-mail confirmation ( 2FA )
- password systems
- automatic software updates
- CAPTCHA
Name two practice solutions
- do not share password
- use a strong password
- do not download files without knowing they are safe
- do not click on links without knowing they are safe`
Forms of social engineering
- Blaggering
- Phishing
- Pharming
- Shouldering
What is Blagging ?
inventing a scenario to trick someone in to handing over personal data
What is Phishing ?
inserting a malicious link in an email or text that looks like it is safe
What is Pharming ?
redirecting a safe web address to a malicious one using malware
What is Shouldering ?
looking over a someone’s shoulder
What is Malware ?
malicious code designed to work in ways to mistreat or harm the user
5 tips to stay safe
- read messages carefully before clicking
- hard passwords
- do not turn off the firewall
- be careful with public networks
- download files only from reliable websites
Forms of malware
- viruses
- trojan
- spyware
- adware
Viruses
self replicating software that immediately or at some point damages the device
Trojans
pretend to be legitimate software in order to get installed and will do something malicious at some point
Spyware
hidden software that sends sensitive data to the attacker
Adware
pops up advertisements and links and slows down device
CAPTCHA
the idea is to present the user with a task that only a human can read, understand, or do. CAPTCHA systems are most commonly encountered on the internet when opening an account with a service.
Email Verification
An email is sent to the user’s email address and they have to click on a link in it to confirm that the email address is theirs. This links the user’s email to an account and prevents bots from opening fake or numerous accounts with false email addresses.
Mobile Phone Verification
Similar to email verification but with a text
The mobile phone number entered may also be used for two-factor authorisation, whereby a user cannot access their account on a new computer by password alone, but must also enter a code sent to their phone.
White box Test
White-box testing is a penetration test that uses detailed insider knowledge of the target system to improve the tests.
The aim is to simulate an attack by a malicious insider who has knowledge of the target system, and possibly basic credentials.
Benefits of white box tests
Benefits:
- Deep and more detailed testing.
- Less testing time required.
- Tests things such as quality of code and application design.
Disadvantages of white box tests
Disadvantages:
- This is an unrealistic attack from the perspective of an uninformed attacker from outside the organisation.
Black Box Tests
In contrast to white-box tests, black-box penetration tests require no previous information and take the approach of an uninformed attacker.
The aim is to simulate an external hacking or cyber warfare attack.
Benefits of Black Box Tests
Benefits:
- Simulates a realistic scenario.
Disadvantages of black box tests
Disadvantages:
- Tests can take longer to perform.
- Some areas of the infrastructure and software may remain completely untested.
