Cybersecurity Flashcards
How can cybersecurity be defined?
A series of processes, practices, and technologies that protect networks, computers, software and data from damage, loss and unauthorised access.
What is social engineering?
A form of cyberattack that focuses on people as a weak point in a system.
Describe phishing.
Using emails to lure people to fake, convincing webpages. The details entered are transmitted elsewhere, to another person.
Describe pharming.
Redirecting users to an unsafe, convincing website that collects a user’s login credentials.
Describe shouldering.
watching over someone’s shoulder as they enter a password, or classified information.
Describe pretexting/blagging.
fabricating a scenario, to gain unauthorised access to a system (e.g. pretending to be IT support to get an employees password.)
What is malware?
Any program that works against the interests of you and your computer.
Describe viruses.
self replicating pieces of code that can damage data and software. They often spread via email attachments of USB drives.
Describe Trojans.
legitimate programs developed with the intention of hiding malicious code within.
Describe spyware.
it covertly obtains sensitive data and transmits it to he hacker.
Describe adware.
It downloads unwanted internet adverts, observing someone’s online behaviour to target specific adverts.
What are the threats associated with weak passwords?
They are easy to guess, which can lead to someone being able to access sensitive information. Strong passwords have a mix of upper and lower case, symbols and numbers. Default passwords can also be problematic, as it makes you more vulnerable.
What are the threats associated with misconfigured access rights?
Access rights are rules that tell a computer system which user should have access to which files and resources. If not set up properly, some people could have access to sensitive information, unauthorised.
What are the threats associated with removable media?
Any storage device that is portable can be used to steal data or introduce malware onto a system.
What are the threats associated with unpatched systems?
When a security risk is identified in a program, developers reach a patch, an add on program which could fix the risk. Not patching up leaves you vulnerable.
Explain penetration testing.
This is the use of a contractor or employee to hack into a system, to identify security risks and weaknesses, so they can be resolved
Explain biometric measures.
They make account and details access more secure.
Explain password systems.
Automatic procedures which ensure sound policies are followed (only strong password are accepted, and must be changed on a regular basis).
Explain CAPTCHA.
This is a test - blurry text is presented to a reader, which is easy for humans to read. It ensures it isn’t a program trying to guess at a rate of millions of attempts per second.
Explain email confirmation.
When a password is changed, a user must verify their change by clicking on a link from an email on their registered email address, ensuring it is a person who should have access.
Explain automatic software updates.
New versions of software, which could have updated security measures, are automatically downloaded, to decrease vulnerability.
