07 - Cyber Security Flashcards
(35 cards)
define cybersecurity
processes or technologies designed to protect networks/computers or programs from attack, damage, or unauthorised access
what is a brute force attack (passwords)
guessing the password manually until you get access
why is social engineering preferred by cyber criminals compared to hacking a system?
as it is easier, and people are the ‘weakest’ link
define a cyber threat
any threat to a computer system from an internet source
define hacktivism
the act of hacking or breaking into a computer system for politically or socially motivated purposes
what is the aim of hacktivists?
- to promote their view of thinking/cause
- to challenge organisations/companies who are against their pov
define social engineering
the art of manipulating individuals to break security procedures to give information away
what is blagging?
creating an invented scenario to engage targeted victim to directly give away information (passwords)
give an example of blagging
an employee is called and asked for login details and password to fix a security bug, they give it away, system is hacked
what is phishing?
sending emails (pretending to be a genuine company), to gain personal details
what are signs of a phishing email?
- spelling errors/ bad grammar
- informal writing
- impersonal (dear customer)
- deadline (if you don’t do this then account closes)
- email is unrealistic
what is pharming?
when your computer has been infected so it changes valid hyperlinks to malicious websites
how can you be directed to a pharming website?
- modifying certain files
- hacking domain name server
what is shouldering?
direct observation of a user entering their security details (passwords/pins)
what is another word for shouldering?
shoulder surfing
define malware
software that is designed to disrupt or harm a user’s computer
what does a virus do?
- self-replicates
- cause damage to computer system by corrupting data
- or using all available memory
what does a trojan horse do?
- disguised as harmless file/download
- malware loaded with download
- attack performed once downloaded
describe spyware
(computer program)
- gathers data about people without knowledge
- records key pressers on computer (can gather passwords/ usernames)
describe adware
- inject adverts to websites/ programs on computer
- aim that the creator would generate advertising revenue
- not usually too bad (but can contain worse malware like viruses and spyware)
how do you prevent threats from downloaded software?
- have anti-virus software
- only download from a reputable source
what is penetration testing?
finding out whether there are any security vulnerabilities in a network or system by stimulating potential attacks and reporting vulnerabilities
which kind of penetration testing has knowledge of the internals of the system?
white box testing
what is the role of white box testing?
to stimulate an attack from someone with detailed insider knowledge of the system (rogue employee)
