Cyber Security Flashcards
What is cyber security and why is it important
Aims to protect networks from damaged cyber attacks and unauthorised access. It covers technologies practices and processes used to do this.
Cyber attacks can target individuals, organisations, or even governments. Hackers often target organisations with the aim of accessing sensitive information at once. There have been cases of millions of sensitive information at once. There have been cases of millions of peoples bank details being compromised.
Penetration testing
Penetration testing is when organisations employ specialists to stimulate potential attacks to their system. Its to find weaknesses.
Types of penetration testing
White box penetration testing- simulates a malicious insider that has knowledge of the current system. The person will be given user credentials to see what they can do with them.
Black box penetration testing-simulates an external cyber attack, the person will try to hack the system any way they can.
Malware
Code designed to cause harm or unauthorised access to a computer system.
Ways of breaching-Removable media, sent via internet(eg email attachments).
Typical actions-deleting or modifying files, locking files(malware encrypts all files on computer, ask for money for decryption key), displaying unwanted adverts(adware causes pop-up ads that can’t be closed.), spyware(secretly tracks the user and key presses which can be decoded to find out passwords), altering permissions.
How does malware spread between devices
Viruses-attach(by copying themselves)to certain files, eg .ex’s files or auto run scripts. Users spread them by copying infected files and activate them by opening.
Worms-like viruses but they self replicate without any user help, mean they can spread rapidly. They exploit weaknesses in network security.
Trojans-malware disguised as legit software. Don’t replicate, user install them without realising.
Pharming
Pharming-user is directed to a fake version of a website designed to look like a real one, hoping users won’t notice the difference. User will input data, but it will actually go to criminals who can access their real account.
Often carried out using malware that automatically redirects users from genuine accounts to fake ones. Get some anti-malware software.
Internet browsers can also use webfilters to prevent users from accessing fake sites.
Social engineering
Ways of obtaining sensitive information by exploiting people.
Phishing
When criminals send texts or emails to people claiming to be from a well-known business. Often lead to a fake website.
Often sent to thousands of people hoping that someone is a schmuck.
Many email programs, browsers and firewalls have anti-phishing features that reduce the number of phishing emails received. Often poor grammar and other mistakes can be spotted.
Shouldering
Watching and observing a persons activity(usually over their shoulder)
Example:spying on someone entering their PIN at a cash machine or watching someone putting their password into a secured computer.
Be discreet to prevent.
Blagging
Making up a story or pretending to be someone they’re not to try and persuade the victim to share info or do things they don’t want to.
Common way to pressure people into giving away details and money without thinking. One way to reduce would be biometrics.
Ways of protecting against threats
Encryption-when data is translated into code that can only deciphered with the right key. Unauthorised users can’t red it, useful for sending data over a network
Anti-malware software=designed to stop malware from damaging a network
Auto software updates-can patch any security holes in a software.
User access levels-different people have different levels. Prevents attacks from within.
MAC address filtering-MAC addresses are assigned to network devices, is a way of checking trusted users.
Authentication confirms your identity.
Passwords-simple method of checking identity. Should be strong
Biometric measures-identify people via a unique part of their body.
Email confirmation-stops fake email sign ups. Used by web services that require registration to confirm that the email address belongs to person registering.
CAPTCHA(Completely Automated Public Turing test to tell Computers and Humans Apart)-designed to prevent programs from automatically doing things. Involves simple tasks only a human could do
