Security #9.5 Flashcards
What is cybersecurity?
- Range of measures taken to
- protect computer systems, networks
- and data from unauthorised access/cyberattack
Lets say:
Ways of protecting PC, networks or data from unauthorised access (cyberattack)
How are cyberattacks carried out?
Malware
What is malware?
Malicious software
4 types of malware?
- Viruses
- Worms
*Spyware - Trojans
What are viruses?
(malware)
- Programs that can replicate themselves
and be spread from one system to another - By attaching themselves to host files
Use of virus?
(malware)
Modify/corrupt info of targeted computer system
What are worms?
(malware)
- Self-replicating programs
- Can identify vulnerabilities in OS
Use of worm?
(malware)
Enable remote control of infected computer
What is spyware?
(malware)
- Installed by opening attachments/downloading infected software
Use of spyware?
(malware)
Collect stored data without user’s knowledge
1 type of spyware?
(malware)
Keyloggers
What does a keylogger do?
(spyware)
- Track keystrokes
- Can capture passwords of accounts
Parents use these ig to monitor children online activity O_o
What are trojans?
+ use
(malware)
- Program appearing to perform useful function
- But provides a back door
+ Enables data to be stolen
What are the 6 ways of protection against malware
(imo just think of 3 but whatever ya think of first)
- Install virus protection software
- Use firewall
- Keep OS up-to-date
- Use latest ver. of web browser
- Be aware if phishing emails
- Malicious software removal tool
Describe virus protection software
AKA anti-virus software
- Program loaded into mem whilst pc running
- Monitors activity on pc for signs of virus infection
- Also always upd these regularly
How does anti-virus recognise viruses?
- Virus has its unique ‘signature’
- Antivirus stores that in database
*PC scanned if signature in database exist
Describe firewall
- Software/hardware security system
- Controls incoming & outgoing network traffic
- Packets of data analysed, decides if they allowed or not
Basic function of firewall?
- Monitors:
where data has come from,
where it’s going,
decides if communication is allowed
How does the firewall do the basic function?
By checkin g a list of pre-defined rules
Explain ‘keep your operating system up to date’
New way to bypass OS = install security patches issued
Explain ‘use latest ver. of web browser’
Same as ‘keep your operating system up to date’
Update installed after restarting browser
Explain ‘look out for phishing emails’
- Emails ask you to confirm personal details
FAKE AF
Describe malicious software removal tool
When should u use it?
- literally just removes the malware
- use it if you got malware in computer
List 6 forms of cyberattacks
(although u could think of 3, u probably might want to know these all)
- Shoulder surfing
*SQL injection - DoS attacks
- Password-based attacks
*IP spoofing
*Social engineering
Explain shoulder surfing
(cyberattack)
- Using direct observation to get info
e.g. guy using ATM machine
Explain SQL injection
(cyberattack)
- Technique of malicious users,
injecting SQL commands into SQL statement,
via web page input - Injected SQL commands alter SQL statements
- Compromises security of info held in database
( seems a lot to remember )
DoS attacks short for?
(cyberattack)
Denial of service attacks
Explain DoS attacks?
(cyberattack)
- Technique used to make website/server unavailable to legitimate users
- By swamping system with fake requests
- Involves a single internet connection
DDoS short for?
(cyberattack)
Distributed Denial of Service
Explain DDoS attacks?
(cyberattack)
- Same as DoS however
*Involves multiple connected devices - Distributed across the internet
- Causes huge volumes of traffic
Explain password-based attacks
(cyberattack)
Cyber criminals using ways of finding out ur password
What are the 3 types of password-based attacks?
(cyberattack)
- Dictionary attack
*Brute force attack - Guess
Explain dictionary attack
(password-based attacks)
- Uses simple file containing words found in dictionary
- Uses common words people use as their password
Explain brute force attack
(password-based attacks)
*Similar to dictionary attack
* But able to detect non-dictionary works
* Through all possible alphanumeric combinations
e.g. aaa1 to zzz10
- Not quick, tho eventually uncovered
Explain guess
(password-based attacks)
- Passwords aren’t random
- Likely based upon
- interests
- hobbies
- pet names
- family names
- A well educated guess often works
Explain IP spoofing
(cyberattack)
- spoof = hoax = trick
- Attacker changes IP address of legitimate host
- Visitor who types URL of site
- Sent to spoofed web page
- Can steal sensitive data/install malware
Explain social engineering
(cyberattack)
- Involves tricking user to give out sensitive information
a good example is tech supporters
I mean phishing.
3 ways of identifying vulnerabilities in PC?
- Footprinting
- Ethical hackings
- Penetration testing
Explain footprinting
(identifying vulnerabilities)
- Involves gathering all info about PC/network/devices attached to it
- Enables penetration tester to discover
- How much detail at tacker could find out
- Allows organisations to limit technical info publicly available
Explain ethical hackings
(identifying vulnerabilities)
- Needs perms from system owner to do this
- Ethical hacker attempts to bypass system security
- In search for any weak points
to be exploited by malicious hackers - The info used by owner to improve system security
Explain penetration testing
(identifying vulnerabilities)
- Subset of ethical hacking
- Process of testing PC/network
to find vulnerabilities - Tests can be automated with software applications/manually
What are the 4 penetration testing strategies?
(identifying vulnerabilities)
- Targeted testing
- External testing
- Internal testing
- Blind testing
Explain targeted testing
(penetration testing)
- Carried out by organisations ICT team
- Work together ig
Explain external testing
(penetration testing)
- Find out if an outside attacker
- can get in and how far
- they can get in once gained access
Explain internal testing
(penetration testing)
- Estimate how much dmg
- dissatisfied employee could cause
Explain blind testing
(penetration testing)
- Simulate actions and procedures of a real attacker
- By severely limiting info given to team performing test
