Cyber Security

Question 1

Ways of preventing brute force attacks on user passwords

Answer 1

• Strong password

- 2 factor authentication

Question 2

Social engineering

Answer 2

Process of influencing people into giving away confidential information

Question 3

Types of social engineering methods

Answer 3

blagging, pharming, phishing, shouldering

Question 4

Blagging

Answer 4

using false pretenses to obtain personal information from you - made up stories/pretends to be someone they arent to persuade victim to share
OR persuading often by use of a fake scenario to ask users to share personal data

Question 5

Pharming

• how is it usually carried out

Answer 5

Setting up a fake website that looks like an official website for a reputable organisation to try and harvest personal data

• by using malware that automatically redirects people from legitimate sites to fake one

Question 6

how to prevent pharming

Answer 6

anti malware software, up to date

- web filters

Question 7

how to prevent blagging

Answer 7

• use security measures that can’t be given away e.g. biometrics
• look out for bad grammar, alternate email address

Question 8

what is phishing, how to prevent

Answer 8

When cyber criminals pose as a trustworthy organisation to attempt to trick people into giving away sensitive info
- only allow emails from known sources, look out for bad grammar !

Question 9

what is shouldering, how to prevent

Answer 9

Observing a legitimate user entering data into a computer system
- be discreet while entering passwords/ PIN numbers, careful placement of terminals/ATM’S

Question 10

Malware

Answer 10

malicious software designed to cause harm/gain unauthorised access to a computer system

Question 11

Virus

Answer 11

attach to certain files, users spread by copying infected files + activate by opening

Question 12

Worms

Answer 12

self-replicate w out user help - quick spread

- exploit weaknesses in network security

Question 13

trojans

Answer 13

disguised as legitmate software - dont replicate, users install them w out realising hidden purpose

Question 14

Ways to protect networks

Answer 14

• encryption
• anti-malware software
• user access levels
• automatic software updates - patch security holes in software
• MAC address filtering

Question 15

Anti-malware software

firewalls

Answer 15

designed to stop malware from damaging network + devices on it
- firewalls examine all data entering and leaving a network + block potential threats,
used to prevent unauthorised access

Question 16

User access levels

Answer 16

control which parts of network diff groups of users can access - limit people w access to important data = PREVENT ATTACKS WITHIN organisation

Question 17

MAC address filtering

Answer 17

Makes sure only people on network are trusted users, checks unique identification address of each device that tries to connect to the network
- only allowed devices can join

Question 18

User authentivation

Answer 18

Passwords, Biometrics, email confirmation, CAPTCHA

Question 19

General strategies for reducing risk of social engineering

Answer 19

• train/educate users
• performs frequent tests of security measures
• appropriate security protocols for handling sensitive data

Question 20

Authentication

Answer 20

Ensuring a user is who they are claiming to be

Question 21

Encryption

Answer 21

Changing data so that it cannot be read

Question 22

Spyware and adware , Trojan + viruscomparison

Answer 22

Spyware tracks what a user is doing, adware doesn’t

• adware doesn’t do any harm to a computer system but trojans, spy ware and virus do
• users sometimes choose to install adware
• spyware + trojans Installed without knowing , virus spread W out user knowing
• spyware + adware work in same ways
• all 4 types disruptive

Question 23

Penetration testing

Answer 23

Specialists employed to stimulate potential attacks

- identifies possible weaknesses so vulnerabilities can be fixed

Question 24

White box testing

Answer 24

Stimulates malicious INSIDER w knowledge of the current system
- person given user credentials to mimic what could happened if an employee turned

Question 25

Black box testing

Answer 25

Stimulates an EXTERNAL CYBER ATTACK

- not given any credentials, will try and hack the organisation in any way they can

Question 26

typical actions of malware

Answer 26

• Deleting + modifying files
• locking files: ransomware encrypts all the files on a computer
• Displaying unwanted adverts - adware can cause popup ads CANNOT BE CLOSED
• Monitoring the user - spyware secretly tracks actions like key presses + sends info to hacker (can work out pswds, bank details
• Altering permission

Question 27

Biometrics

Answer 27

• use scanners to identify people by unique parts of body e.g. fingerprints, retina
• EXPENSIVE but usually quite secure + convenient