Unit 6 Cyber security Flashcards
Cyber security threats that computers are vulnerable to
- Pharming
- Weak and default passwords
- Misconfigured access rights
- Removable media
- Unpatched and/or outdated software
- Malware including viruses
- Social engineering
Cyber security
Covers the different processes, practices and technologies that protect the following from attack, damage or unauthorised access:
- Networks
- Computers
- Programs and data
Password policy
Passwords are often checked as they are created to make sure that they conform to the parameters given in a required policy. Organisations and computer systems will often have password policies. These will make sure that your chosen password has features like:
- Minimum length of characters
- Include at least one lowercase letter
- Include at least one uppercase letter
- Include at least one symbol
- Change password every month
Misconfigured access rights
- Each user in an organisation is assigned individual access rights, according to their role
- For example, most network users should not have access to setup and configuration settings
- As people change roles within an organisation, or new roles are created, these rights have to be carefully managed
- No one should have access to areas of folders that they do not need to do their job, as this can create a security weakness
What is pharming?
A cyber attack that redirects a user to a fake website
How does a pharming attack happen?
- When your computer requests a website, it asks a DNS (Domain Name System) server for the IP address
- The DNS server replies with the IP address
- Your computer then sends a HTTP request to that IP address
- If a hacker can change the entry on the DNS server, then they can make it point to a fake website that they control. The DNS server has been ‘poisoned’
- The fake website may appear the same as the real website, however, it’s aim is to collect personal details, such as the log in to a bank account
- The hacker can now use this to transfer money to themselves
What is removable media?
Any storage device that can be inserted and removed from a computer
What can removable media be used for?
- Steal documents and files from a company
- Introduce malware
How could malware get onto removable media?
- Being present on a home computer and then infecting the removable media device when inserted
- Alternatively, a hacker could leave an infected USB flash drive in a car park or reception of a business. An interested employee can then put it into a computer
What is unpatched software?
- Software needs to be regularly patched or updated
- Many updates will contain fixes to known security issues
- Hackers will be aware of these known security issues, making computers that haven’t been updated an easy target
Which types of software are the most important to update?
Operating system
- operating system updates often contain security updates
- it is crucial that the operating system is kept as secure as possible as it has full control of the computer or server
Anti-virus or anti-malware software
- needs to be updated regularly or daily so that it can detect new malware
Which types of software are the most important to update?
Operating system
- operating system updates often contain security updates
- it is crucial that the operating system is kept as secure as possible as it has full control of the computer or server
Anti-virus or anti-malware software
- needs to be updated regularly or daily so that it can detect new malware
Explain how pharming poses a risk to computer systems, data or networks
A DNS server is compromised so that it points to a fake website which can then obtain personal information such as usernames and passwords
Explain how weak and default passwords pose a risk to computer systems, data or networks
Make it easy for hackers to gain access using password lists or brute-force attack
Explain how misconfigured access rights pose a risk to computer systems, data or networks
The give users to much access which they can then misuse