Cyber Security Flashcards

(22 cards)

1
Q

What are the 4 Cyber Security threats

A

Default and weak passwords
Removable media
Unpatched and outdated software
Misconfigured access rights

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is removable media

A

Two major threats – data loss/theft and virus infection

USB drives and laptops are often lost or stolen. If they are not encrypted the data is at risk. If they are not backed up the data will be lost.

USB devices can cause damage to both software (by containing malware) and hardware by causing electrical damage

USB condoms can prevent the first risk but not necessarily the second

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are misconfigured access rights

A

Network security typically involves giving different levels of users different rights

Configuration errors can undo this – imagine if all students in school had the ability to access SIMS, read staff emails and delete any data they wished

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is unpatched and outdated software

A

Software is frequently updated to fix security flaws. These flaws become well known after the fix is out. If users do not patch the software it leaves them vulnerable to attack

Many organisations use custom software that only runs on old platforms – many public sector organisations still use Windows XP, for example, which is no longer patched

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is a zero day flaw

A

a flaw becomes known within a software so the company has to fix the problem because, while the flaw is known, people’s devices are vulnerable to attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is penetration testing

white box and black box

A

Penetration testing is a process used to find security weaknesses in a system, usually without information to help the tester
The process is:
Gather information & identify possible entry points
Attempt to break in
Report back

Black box penetration testers are given little or no information. The idea is to find out if a hacker could get in and what they could do
White box penetration testers will be given basic information (IP addresses, network protocols, possibly basic logins). The idea is to find out how much damage an employee could do

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

4 types of social engineering

A

Blagging
Phishing
Pharming
Shouldering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

whats blagging

A

Blagging is the act of knowingly or recklessly obtaining or disclosing personal data or information without the consent of the controller (owner of the data)

Persuading someone (such as a colleague) to disclose their password would be an example of this

Companies should provide clear policies and training to limit this risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

whats phishing

A

Phishing emails are used to try to get the user to disclose information. They often claim to be from a bank or other financial institution

Another recent type is an email from a friend asking for help, for example if they have been robbed while abroad

They are often identifiable due to:
Poor spelling and grammar
Generic greetings rather than use of names
Hyperlinks that look like they are for a reputable site but when inspected, turn out to be bogus
Timed threats eg click this link or your account will be closed in 2 days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

whats pharming

A

Pharming is when malware or hacking is used to ensure that traffic intended for one website redirects to another, eg by changing the hosts file on a PC or exploiting flaws in DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

whats shouldering

A

Shouldering or shoulder surfing is when someone attempts to observe login credentials belonging to another person

This could be watching someone type their pin into a card machine, or entering a password in a public place

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

4 types of malware (malicious software)

A

Virus
Spyware
Adware
Trojan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

whats a virus

A

A virus is a program that is installed on your computer, without your knowledge or permission, with the purpose of doing harm

They can self-replicate (create new copies of themselves)

Some are merely annoying
Others will cause more harm and may make a computer unusable or destroy data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

whats spyware

A

Spyware gathers information about the user and their activities without their knowledge
It is often used to track internet use
It can be used to capture details like login credentials and passwords
The term is not used as widely as it used to be, as major internet companies and services (quite legally) do very similar things using cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

whats adware

A

Adware analyses internet activity and uses it to present targeted ads
It is sometimes built into free software downloads
Cookies are used by major companies to track us over the internet
Web browsers have various features such as ‘do not track’ settings and privacy plugins that can help

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what are trojans

A

Trojans trick the user into installing them
Some give the creator the ability to access and take information from the computer
Some allow the creator to control infected computers in the form of a botnet, which can be used for DDOS (Distributed Denial Of Service) attacks

17
Q

5 methods to prevent cyber security threats

A
Biometrics
Password systems
Captcha
Email verification
Automatic software updates
18
Q

What are biometrics

A

Use physical data about a person as a form of identification

Considered to be highly secure as most data is unique

Common methods: fingerprints, eyes, voices, faces

One potential risk I that if it is compromised then you cannot simply change your biometrics like a password
For this reason iPhones only stores fingerprints on the device and it is never transmitted to servers

19
Q

what are password systems

A

Prevents unauthorised users

Effectiveness changes due to strength of password

How securely it is stored (not in plaintext, rather encrypted)

How password holders can prevent social engineering

20
Q

what is captcha

A

Stands for COMPLETELY AUTOMATED PUBLIC TURING test to tell COMPUTERS and HUMANS APART

Commonly used by annoying to complete by users

They work on the principle that a human can do one but a computer can not

21
Q

what is email verification

A

Emails users once they have given an email for an account so that they go to I and prove it is them

Websites often use this for marketing purposes

Sites also insist on phone numbers and heck if they are already in the database

Some sites don’t do this, which is annoying if user forgets password, it is very hard to reset.

22
Q

what are automatic software updates

A

When vulnerabilities are discovered, they can be exploited by malware or hackers

Automatic Software updates allow manufactures to patch vulnerabilities without relying on the user to be aware, if they are not auto and the user does not update the software, their software will be vulnerable to known exploits

They can cause problems and have consequences like bricking devices