Unit 6 Cyber security Flashcards
Cyber security threats that computers are vulnerable to
- Pharming
- Weak and default passwords
- Misconfigured access rights
- Removable media
- Unpatched and/or outdated software
- Malware including viruses
- Social engineering
Cyber security
Covers the different processes, practices and technologies that protect the following from attack, damage or unauthorised access:
- Networks
- Computers
- Programs and data
Password policy
Passwords are often checked as they are created to make sure that they conform to the parameters given in a required policy. Organisations and computer systems will often have password policies. These will make sure that your chosen password has features like:
- Minimum length of characters
- Include at least one lowercase letter
- Include at least one uppercase letter
- Include at least one symbol
- Change password every month
Misconfigured access rights
- Each user in an organisation is assigned individual access rights, according to their role
- For example, most network users should not have access to setup and configuration settings
- As people change roles within an organisation, or new roles are created, these rights have to be carefully managed
- No one should have access to areas of folders that they do not need to do their job, as this can create a security weakness
What is pharming?
A cyber attack that redirects a user to a fake website
How does a pharming attack happen?
- When your computer requests a website, it asks a DNS (Domain Name System) server for the IP address
- The DNS server replies with the IP address
- Your computer then sends a HTTP request to that IP address
- If a hacker can change the entry on the DNS server, then they can make it point to a fake website that they control. The DNS server has been ‘poisoned’
- The fake website may appear the same as the real website, however, it’s aim is to collect personal details, such as the log in to a bank account
- The hacker can now use this to transfer money to themselves
What is removable media?
Any storage device that can be inserted and removed from a computer
What can removable media be used for?
- Steal documents and files from a company
- Introduce malware
How could malware get onto removable media?
- Being present on a home computer and then infecting the removable media device when inserted
- Alternatively, a hacker could leave an infected USB flash drive in a car park or reception of a business. An interested employee can then put it into a computer
What is unpatched software?
- Software needs to be regularly patched or updated
- Many updates will contain fixes to known security issues
- Hackers will be aware of these known security issues, making computers that haven’t been updated an easy target
Which types of software are the most important to update?
Operating system
- operating system updates often contain security updates
- it is crucial that the operating system is kept as secure as possible as it has full control of the computer or server
Anti-virus or anti-malware software
- needs to be updated regularly or daily so that it can detect new malware
Which types of software are the most important to update?
Operating system
- operating system updates often contain security updates
- it is crucial that the operating system is kept as secure as possible as it has full control of the computer or server
Anti-virus or anti-malware software
- needs to be updated regularly or daily so that it can detect new malware
Explain how pharming poses a risk to computer systems, data or networks
A DNS server is compromised so that it points to a fake website which can then obtain personal information such as usernames and passwords
Explain how weak and default passwords pose a risk to computer systems, data or networks
Make it easy for hackers to gain access using password lists or brute-force attack
Explain how misconfigured access rights pose a risk to computer systems, data or networks
The give users to much access which they can then misuse
Explain how unpatched or outdated software pose a risk to computer systems, data or networks
Leave security holes open
Explain how removable media poses a risk to computer systems, data or networks
These can be used to introduce malware or remove confidential documents
What is social engineering?
The ability to obtain confidential information by manipulating people for it
What techniques can hackers use to gain information via social engineering?
- Blagging, using an invented scenario to target someone
- Phishing, using email or SMS (text) message to obtain information
- Shouldering, observing information as it is entered
What is shoulder surfing?
Shoulder surfing or shouldering is the ability to get information or passwords by observing as someone types them in
Examples of shoulder surfing
- Looking over someone’s shoulder
- Using a CCTV camera
- Viewing the reflection of a keyboard as a password is typed
Preventing vulnerabilities
- Penetration testing
- Anti-malware software, including anti-virus software
- Biometric measures, especially for mobile devices
- Password systems
- CAPTCHA
- Email confirmation to confirm identity
- Automatic software updates
- Network security such as authentication, encryption, firewalls and MAC address filtering
Anti-malware software
- Will detect malware such as viruses, worms, trojans and spyware
- When a virus or new malware is detected it is sent to the anti-virus company
- They verify it is malware then create a signature of the virus
- They then add it to their virus database and tell computers to run an update
- Viruses can morph to avoid detection, this makes it harder to create a signature
Describe how anti-virus software works
- Anti-virus software can provide real-time protection
- When a program is loaded or a file is downloaded, it is first checked to see if it contains a virus
- Parts of the file are checked and compared with virus definitions of known viruses
- If a match is found, the file can be quarantined and the user notified
Passwords
- Usernames and passwords are one of the most important ways of protecting computers and servers
- They prevent unauthorised people from using the system
- They also apply the correct access permissions to the user’s account
Biometric authentication
- Biometrics measure a person’s physical characteristics to verify their identity
- One common method of authentication used on portable devices is a fingerprint
Examples of biometric methods
- Facial recognition, commonly now used on phones, tablets and some desktops
- Retinal scans, more commonly used in high security environments
- Palm vein recognition
- Ear recognition
- Voice recognition
Starling Bank authentication
- When registering a new bank account users need to provide a photo of their driving licence or passport
- They then need to record a short video of themselves speaking a message
- This can then be used to authenticate that the person talking is the same person as that in the driving licence or passport
Automatic software updates
- Many large companies such as Microsoft and Apple automatically update your software whenever they make a change to it
- This could happen on a daily or weekly basis
Why are software updates important?
- Software updates fix bugs and offer security updates
- If security holes are not updated or patched, a hacker can exploit them
- Virus software needs to be set to auto-update so that it always has the latest virus definitions
- Operating systems should either auto-update, or be updated as soon as possible if a security update is released
Email authentication
- On registration, an authentication email can be sent to the email address
- This contains a unique web address link which needs to be clicked
- Once the web page is visited, the web site knows that the user has access to the email account
- It can then record that the email address has been authenticated
CAPTCHA
- Hackers and criminals are able to send multiple form submissions to web pages
- This may be used to make log in attempts or add spam posts
- CAPTCHAs are images that are easy for humans to interpret, but hard for computers
Penetration testing
The practice of deliberately trying to find security holes in your own systems
What is the goal of penetration testing?
- Identify the targets of potential attacks
- Identify possible entry points
- Attempt to break in
- Report back the findings
White box penetration testing
- White box penetration testing simulates a malicious insider with knowledge of the system
- They will have permission to try to find weaknesses in the computer systems
- They may have basic credentials such as a username and password for the target system
- They will be given network and system information to help target possible attacks
- Used to identify internal threats, simulates the damage that someone with inside knowledge could do
Black box penetration testing
- Back box penetration testing simulates an external hacking or cyber warfare attack
- The company or engineer trying to find weaknesses in the system has no inside knowledge of the target system such as passwords or layout of the network structure
- This simulates the damage that someone with no inside knowledge could do