Fundamentals of cyber security Flashcards
Define the term cyber security, describe the main purposes of cyber security
Cyber security consists of the processes, practices and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access.
Explain what is meant by social engineering techniques
Manipulating people to give away confidential information. Blagging is the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances
Phishing is a technique of fraudulently obtaining private information, often using email or SMS
Pharming: cyberattack where websites traffic is redirected to a fake site
Shouldering: viewing private information over someone shoulder
Explain what is meant by malicious code
Malware, SQL injections, backdoors, logic bombs. Any code that does something malicious: modify, delete and steal data
Explain what is meant by weak and default passwords
Passwords that are easy to guess, with minimal combination of letters, numbers and symbols. They are rarely/never changed.
Explain what is meant by misconfigured access rights
When people are given permissions they shouldn’t have e.g. when a student has a teacher account. The user i
Explain what is meant by removable media
External devices that contain malware which may be automatically installed with autoplay, it can bypass firewalls.
Explain what penetration testing is and what it is used for
Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access.
Explain what penetration testing is and what it is used for
Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access. Organisations employ specialists to simulate potential attacks on their network. It is used to identify possible weaknesses and try to exploit then.
A white-box penetration test is to simulate a malicious insider who has knowledge of and possibly basic credentials for the target system.
A black-box penetration test is to simulate an external hacking or cyber warfare attack
What is social engineering?
Social engineering is the art of manipulating people so they give up confidential information
What is malware?
Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software
Describe what a trojan is
Malware disguised as legitimate software. They don’t replicate like viruses and worms - they install them without realising they have a hidden purpose.
Describe what spyware is
Secretly monitoring user actions e.g. key presses and sends information to the hacker
Describe what adware is
Software that automatically displays or downloads advertising material such as banners or pop-ups when a user is online
What are biometric measures?
They are measures of human characteristics, they are used as identifications and access controls e.g fingerprints, eye and voice recognition. They are distinctive.
What are password systems?
System that prevents unauthorised users accessing the network. Passwords should be strong - they should contain a mixture of letters, numbers and symbols and it should be regularly.
