Cyber Security Flashcards
Ways of preventing brute force attacks on user passwords
- Strong password
- 2 factor authentication
Social engineering
Process of influencing people into giving away confidential information
Types of social engineering methods
blagging, pharming, phishing, shouldering
Blagging
using false pretenses to obtain personal information from you - made up stories/pretends to be someone they arent to persuade victim to share
OR persuading often by use of a fake scenario to ask users to share personal data
Pharming
- how is it usually carried out
Setting up a fake website that looks like an official website for a reputable organisation to try and harvest personal data
- by using malware that automatically redirects people from legitimate sites to fake one
how to prevent pharming
anti malware software, up to date
- web filters
how to prevent blagging
- use security measures that can’t be given away e.g. biometrics
- look out for bad grammar, alternate email address
what is phishing, how to prevent
When cyber criminals pose as a trustworthy organisation to attempt to trick people into giving away sensitive info
- only allow emails from known sources, look out for bad grammar !
what is shouldering, how to prevent
Observing a legitimate user entering data into a computer system
- be discreet while entering passwords/ PIN numbers, careful placement of terminals/ATM’S
Malware
malicious software designed to cause harm/gain unauthorised access to a computer system
Virus
attach to certain files, users spread by copying infected files + activate by opening
Worms
self-replicate w out user help - quick spread
- exploit weaknesses in network security
trojans
disguised as legitmate software - dont replicate, users install them w out realising hidden purpose
Ways to protect networks
- encryption
- anti-malware software
- user access levels
- automatic software updates - patch security holes in software
- MAC address filtering
Anti-malware software
firewalls
designed to stop malware from damaging network + devices on it
- firewalls examine all data entering and leaving a network + block potential threats,
used to prevent unauthorised access
User access levels
control which parts of network diff groups of users can access - limit people w access to important data = PREVENT ATTACKS WITHIN organisation
MAC address filtering
Makes sure only people on network are trusted users, checks unique identification address of each device that tries to connect to the network
- only allowed devices can join
User authentivation
Passwords, Biometrics, email confirmation, CAPTCHA
General strategies for reducing risk of social engineering
- train/educate users
- performs frequent tests of security measures
- appropriate security protocols for handling sensitive data
Authentication
Ensuring a user is who they are claiming to be
Encryption
Changing data so that it cannot be read
Spyware and adware , Trojan + viruscomparison
Spyware tracks what a user is doing, adware doesn’t
- adware doesn’t do any harm to a computer system but trojans, spy ware and virus do
- users sometimes choose to install adware
- spyware + trojans Installed without knowing , virus spread W out user knowing
- spyware + adware work in same ways
- all 4 types disruptive
Penetration testing
Specialists employed to stimulate potential attacks
- identifies possible weaknesses so vulnerabilities can be fixed
White box testing
Stimulates malicious INSIDER w knowledge of the current system
- person given user credentials to mimic what could happened if an employee turned
Black box testing
Stimulates an EXTERNAL CYBER ATTACK
- not given any credentials, will try and hack the organisation in any way they can
typical actions of malware
- Deleting + modifying files
- locking files: ransomware encrypts all the files on a computer
- Displaying unwanted adverts - adware can cause popup ads CANNOT BE CLOSED
- Monitoring the user - spyware secretly tracks actions like key presses + sends info to hacker (can work out pswds, bank details
- Altering permission
Biometrics
- use scanners to identify people by unique parts of body e.g. fingerprints, retina
- EXPENSIVE but usually quite secure + convenient