4.8 Security Flashcards
(20 cards)
Symmetric Encryption
Uses a single secret key for both encrypting plaintext into ciphertext and decyrpting it back. Its fast and efficient making it ideal for encypting large amounts of data. Examples include AES (Advanced Encryption Standard) and older less secure DES (Data Encryption Standard). Its hard to securly share the key a if compromised the encryption fails.
Asymmetric Encryption
This technique uses a pair of linked keys, a public key for encryption and a private key for decryption. The public key is openly shared while the private is kept sharing enhancing security as its never transmitted (e.g someones sends a message thats been encrypted with public key, the recpietent can decyrpt with private when recieved ensuring secuirty even if the mesage has been intercepted). Algortihms like RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography) are used. Its vital for secure communcaition, digital signatures etc.
Biometrics
Biometric technologies identify or verify individuals based on unique physical or behavioral traits, enhancing security and convenience.
Biometrics
Uses
Fingerprint Scanners - capture unique ridge patterns for identify verification.
+ inexpensive and easy to implement
- accuracy can be affected by dirt or skin conditions
Facial Recogniton - analyses facial features by converting images into mathematical representations for matching.
+ fast and contact free
- poor accuracy with poor light, obsured faces and privacy concerns
Iris Scanning - capture unique patterns in iris using infrared light
+highly unique and stable patterns for secure idenitifaction
- can be expensive and senstive to environmental factors
Others to mention voice recogontion, vein recogintion
Complexities of Handling Biometric Data
Data capture - ensuring systems accurately read various biometrics under different conditions
Data storage - requiring secure storage, often with encryption to protect sensitive information
Data processing - needing quicj and accurate processing against stored profiles while maintaing data secuirty
Viruses
Attach to legitimate programs, requiring user action to spread (repliacte by attaching to executable files which when run they actiavte and corrupt data)
Worms
Self-replicate without user intervention by exploiting network vulnerabilties. propagate through networks and can install backdoors.
Trojans
Disguise themselves as legitimate software to trick users to install it. Once installed they can create backdoors and steal data.
Ransomware
Encypts a victims data and demands ransom for decryption key. It can spread via phising emails or exploit kits.
Drive-by Downlaods (Watering Hole)
Cyber attack vectors
Malware is downloaded inadvertenly from a compromised website, exploitig browse vulnerabilties
Domain Shadowing
Cyber attack vectors
Attackers compromise domain accounts to create malicous subdomains that divert users to bogus websites.
Malvertising
Cyber attack vectors
Malicious ads placed on legitimate websites can infect system even if not clicked
DDos
Cyber attack vectors
Floods a system with bogus requests to overload it making it unavailable and disrupt services
SQL Injection
Cyber attack vectors
Inserts malicious SQL statements into data driven applications to extract data to the hacker by exploting database vulnerabilties.
Phising
Cyber attack vectors
Tricks user into revealing senstitive information or installing malware through decpetive emails or websites.
Black Hat Hacking
People who engage in illegal and unethical activites to exploit vulnerabilties for personal gain or to cause harm.
White Hat Hacking
Professionals who user their skills to help organisations improve secuirity by performing authroised pen testing to fin and fix vulnerabilites.
Penetration Tesing
A simulated cyber attack against a system to identify and exploit weaknesses.
Black box - tester has no prior system knowledge
White box - the tester has full system knowledge
Gray - combines both black and white, partial knowledge
Internal Testing - assesses what a disgrunteld employee could access
External Pen Testing - evaluates vulnerability of external devices and servers to outside hackers
Blind Penetration Testing - an ethical hacker attempts to gain access without prior knowledge, mimicking a real attack
Doube Blind - similar to previous, but tests security teams respone time and effectivness
Cyber attack vector
A cyber-attack vector is the path or means by which a hacker gains access to a computer for malicous intent.
Cryptography
Cryptography ensures that sensitive data remains private, secure, and trustworthy, enabling the safe functioning of digital systems and networks in today’s world.
