cybersecurity Flashcards
define cybersecurity
the process or practices of protecting , systems, networks and programs from digital attacks
define network security
Any activity designed to protect the usability and integrity of a network and its data by managing access to the network.
what is social engineering
Social engineering is a set of methods used by cybercriminals to deceive individuals into handing over information that they can use for fraudulent purposes.
what is blagging
Blagging (also known as pretexting) is an attack where the perpetrator invents a scenario in order to convince the victim to give them data or money.
It often requires the attacker to maintain a conversation with the victim until they are persuaded to give up whatever the attacker asked for.
what is phishing ?
Phishing isthe practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messaging. The attacker’s goal is to steal money, gain access to sensitive data and login information, or to install malware on the victim’s device.
what is shouldering
Shouldering is observing a person’s private information over their shoulder eg cashpoint machine PIN numbers.
what is pharming
Pharming is a cyber attack intended to redirect a website’s traffic to a fake website.
what is malware
Malware (malicious software) is software that is designed to gain access to your computer with malicious intent.
what is a computer virus
Viruses are a malicious form of self-replicating software.
Once on a computer or network, a virus will replicate itself by maliciously modifying other computer programs and inserting code.
what is a trojan
A trojan is a piece of software that appears to perform a useful function (such as a game). However, unbeknown to the user, it also performs malicious actions.
what is a worm
Worms replicate themselves, but do not attach themselves to files like viruses.
Instead, worms spread through the network and use the system’s resources.
Most worms cause problems by using up network bandwidth and therefore slowing down the network significantly.
what is spyware
Spyware is unwanted software that monitors and gathers information on a person and how they use their computer.
This can include monitoring your internet usage to send you harmless but annoying adverts.
More sinister spyware will include keyloggers that record every keystroke made by a user.
what is ransomware
Specifically, ransomware locks a computer, encrypts files, and therefore prevents the user from being able to access the data.
The attacker will demand that a ransom be paid before they decrypt the files and unlock the computer.
what is adware
Adware refers to software that has advertisements embedded in the application. It is not always a bad thing and is considered a legitimate alternative that can be offered to consumers who do not wish to pay for software.
what is encryption
Encryption is the process of encoding data or a message so that it cannot be understood by anyone other than its intended recipient.
The data or message is encrypted using an encryption algorithm. The opposite of encryption is decryption.
Encrypted data is called cipher text and unencrypted data is plain text
what is symetric encryption and asymetric encryption
Symmetric encryption uses just one key to hide and read a message.
Both parties must know the key.
If that key becomes public, all messages can be read.
Asymmetric encryption has a public key and a private key.
The public key can be used to encrypt but CAN’T decrypt the data
Only the private key can decrypt the data
what are features of a good password
At least eight characters
Includes upper case characters
Includes lower case characters
Includes special characters
Includes numbers
Three random words combined
Relates to an acronym
Does not include a name, company name, or username
what is a data breach
A data breach is a security incident in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual who is not authorised to do so. It is also known as data interception.
what is a denial of service attack
This is a cyberattack in which the criminal makes a network resource unavailable to its intended users.
This is done by flooding the targeted machine or website with lots of requests in an attempt to overload the system.
what is a brute force attack
This is a form of attack that makes multiple attempts to discover something (such as a password).
what is a firewall
A firewall sits between a local network or computer and another network to control the incoming and outgoing network traffic.
The firewall’s rules determine which traffic is and is not allowed through the network.
A firewall blocks unexpected connections coming into the network. Most operating systems include a firewall.
what is a network policy
Network policy is a set of digital rules that govern what is and is not authorised on the network.
A firewall will have a set of rules that it follows to help it determine what traffic to authorise.
what is anti-malware
Anti-malware is software that scans any file that is able to execute code.
The anti-malware will have a list of definitions of sequences of code that they are aware are malicious.
If the code in your files matches the definitions, the files are quarantined.
what is a disaster recover policy
A disaster recovery policy is a plan to recover your network and IT infrastructure following a major incident such as
Natural disaster (earthquake)
Cyberattack
Fire or flood
Terrorism or war
Loss of electricity or electrical surge
what is mac adress filtering
MAC address filtering
A device’s media access control (MAC) address is unique, the network manager makes a more secure network by using this address to limit the devices on the network.
what is penetration testing
Penetration testing is a type of security testing that is used to test for insecure areas of a system or application.
Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access.
what are biometric checks
term for body measurements and calculations
(fingerprints and retinal scans, facial recognition).
what is CAPTCHA
used to determine if a user is a machine or not
what is the importance of automatic software updates.
makes sure a product is kept up to date and security flaws are fixed as soon as possible without need for manual intervention
what are the types of penetration testing
when the person or team testing the system has knowledge of and possibly basic credentials for the target system, simulating an attack from inside the system (a malicious insider)
when the person or team testing the system has no knowledge of any credentials for the target system, simulating an attack from outside the system (an external attack).
what is sql injection
SQL injection occurs when malicious SQL statements are inserted into an entry field for execution.