Cybersecurity Flashcards
Network
security
The range of measures that can
be taken to protect network
data from accidental or
malicious damage.
Encryption
Conversion of data, using an algorithm, into cyphertext that cannot be understood by people without the decryption key.
Compression
The process of reducing file
size to allow more data to be
stored on the disk and increase
transfer speeds.
Backup
A copy of data that can be used
if the original data is lost.
Archiving
The process of storing data that
is not in current use for security,
legal or historical reasons.
Cybersecurity
The range of measures that can
be taken to protect computer
systems from cyberattack.
Cyberattack
An attempt to expose, alter, disable, destroy, steal or gain unauthorized access to data on a computer system or smart device.
Malware
MALicious softWARE; the term
used for any kind of computer
software written to enable a
cyberattack
Vulnerabilities
Software security flaws or holes
that are fixed via the release of
patches
Cookies
Data downloaded from a
website that allows the website
to identify the computer in
future.
SQL Injection
Injected SQL commands can alter SQL
statements and compromise the security of
information held in a database.
Denial of
Service (DoS)
Making a website and servers unavailable to
legitimate users, by swamping a system with
fake requests.
Password
attacks
Brute force or dictionary attacks to discover
passwords
SQL Injection
Injected SQL commands can alter SQL
statements and compromise the security of
information held in a database.
IP Spoofing
Changing the IP address of a site so that a
visitor is taken to a fraudulent or spoofed web
page
Social
engineering
Deception such as phishing. Tricking a user
into giving out sensitive information.
Protections against malware
Install anti-virus software • Use a firewall • Keep the operating system up to date • Use the latest version of browsers • Look out for phishing emails.
Hackers
Individuals who will violate computer security for malicious or financial reasons; they may also be known as crackers.
Planting the flag
Individuals who may seek financial reward for finding vulnerability, but are more interested in finding vulnerabilities than gaining something for themselves.
Ethical hackers
Individuals whose activities are designed to test and enhance computer security; they may also be known as ethical hackers.
Social engineering
The psychological manipulation of people into performing actions or divulging confidential information.
Pharming
Pharming redirects victims to a bogus site even if the victim has typed the correct web address. This type of scam is often applied to the websites of banks or e-commerce sites.
Phishing
Phishing is the act of trying to obtain confidential records such as passwords. Emails that look as if they are from a legitimate, respected organisation are sent, but they contain links to fake websites that ‘phish’ data from unsuspecting victims.
Shoulder surfing
Looking over another person’s shoulder to view passwords or other data that is being entered.
Malware
Short for malicious software, this is programming or code that is used to disrupt computers by:
● Gathering sensitive information
● Gaining access to private computer systems
● Displaying unwanted advertising
● Distributing the performance of a computer or network
Brute force attack
This type of attack can occur when an attacker systematically submits guessed passwords with the hope of eventually guessing correctly.
DoS
A denial of service attack (DoS attack) is a cyberattack in which a criminal makes a network resource unavailable to its intended users by flooding the targeted machine or website with lots of requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
DDoS
In a distributed denial of service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This makes it impossible to stop the attack simply by blocking a single source.
SQL injection
SQL injection occurs when malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
Virus
Malware that usually embeds itself into existing software on a device and then, once that software is run, spreads to other executable files.
Worm
While also self-replicating, a worm does not need to infect an existing program. Worms are able to spread very rapidly, infecting large numbers of machines.
Ransomware
This type of Trojan can modify data on a computer or device so that it doesn’t run correctly or so that users can no longer use specific data. The criminal will only restore the computer’s performance, or unblock data, after the victim has paid them the ransom money they demand.
Spyware
Programs that can spy on how a user makes use of their computer or device, for example by tracking the data entered via a keyboard, taking screenshots, or getting a list of running applications.
Firewall
A firewall sits between a local network or computer and another network, controlling the incoming and outgoing network traffic.
Penetration testing
A type of security testing used to test the insecure areas of a system or application.