Flashcards in Cyber Security Deck (22):
1
What are the 4 Cyber Security threats
Default and weak passwords
Removable media
Unpatched and outdated software
Misconfigured access rights
2
What is removable media
Two major threats – data loss/theft and virus infection
USB drives and laptops are often lost or stolen. If they are not encrypted the data is at risk. If they are not backed up the data will be lost.
USB devices can cause damage to both software (by containing malware) and hardware by causing electrical damage
USB condoms can prevent the first risk but not necessarily the second
3
What are misconfigured access rights
Network security typically involves giving different levels of users different rights
Configuration errors can undo this – imagine if all students in school had the ability to access SIMS, read staff emails and delete any data they wished
4
what is unpatched and outdated software
Software is frequently updated to fix security flaws. These flaws become well known after the fix is out. If users do not patch the software it leaves them vulnerable to attack
Many organisations use custom software that only runs on old platforms – many public sector organisations still use Windows XP, for example, which is no longer patched
5
what is a zero day flaw
a flaw becomes known within a software so the company has to fix the problem because, while the flaw is known, people's devices are vulnerable to attacks.
6
what is penetration testing
white box and black box
Penetration testing is a process used to find security weaknesses in a system, usually without information to help the tester
The process is:
Gather information & identify possible entry points
Attempt to break in
Report back
Black box penetration testers are given little or no information. The idea is to find out if a hacker could get in and what they could do
White box penetration testers will be given basic information (IP addresses, network protocols, possibly basic logins). The idea is to find out how much damage an employee could do
7
4 types of social engineering
Blagging
Phishing
Pharming
Shouldering
8
whats blagging
Blagging is the act of knowingly or recklessly obtaining or disclosing personal data or information without the consent of the controller (owner of the data)
Persuading someone (such as a colleague) to disclose their password would be an example of this
Companies should provide clear policies and training to limit this risk
9
whats phishing
Phishing emails are used to try to get the user to disclose information. They often claim to be from a bank or other financial institution
Another recent type is an email from a friend asking for help, for example if they have been robbed while abroad
They are often identifiable due to:
Poor spelling and grammar
Generic greetings rather than use of names
Hyperlinks that look like they are for a reputable site but when inspected, turn out to be bogus
Timed threats eg click this link or your account will be closed in 2 days
10
whats pharming
Pharming is when malware or hacking is used to ensure that traffic intended for one website redirects to another, eg by changing the hosts file on a PC or exploiting flaws in DNS
11
whats shouldering
Shouldering or shoulder surfing is when someone attempts to observe login credentials belonging to another person
This could be watching someone type their pin into a card machine, or entering a password in a public place
12
4 types of malware (malicious software)
Virus
Spyware
Adware
Trojan
13
whats a virus
A virus is a program that is installed on your computer, without your knowledge or permission, with the purpose of doing harm
They can self-replicate (create new copies of themselves)
Some are merely annoying
Others will cause more harm and may make a computer unusable or destroy data
14
whats spyware
Spyware gathers information about the user and their activities without their knowledge
It is often used to track internet use
It can be used to capture details like login credentials and passwords
The term is not used as widely as it used to be, as major internet companies and services (quite legally) do very similar things using cookies
15
whats adware
Adware analyses internet activity and uses it to present targeted ads
It is sometimes built into free software downloads
Cookies are used by major companies to track us over the internet
Web browsers have various features such as ‘do not track’ settings and privacy plugins that can help
16
what are trojans
Trojans trick the user into installing them
Some give the creator the ability to access and take information from the computer
Some allow the creator to control infected computers in the form of a botnet, which can be used for DDOS (Distributed Denial Of Service) attacks
17
5 methods to prevent cyber security threats
Biometrics
Password systems
Captcha
Email verification
Automatic software updates
18
What are biometrics
Use physical data about a person as a form of identification
Considered to be highly secure as most data is unique
Common methods: fingerprints, eyes, voices, faces
One potential risk I that if it is compromised then you cannot simply change your biometrics like a password
For this reason iPhones only stores fingerprints on the device and it is never transmitted to servers
19
what are password systems
Prevents unauthorised users
Effectiveness changes due to strength of password
How securely it is stored (not in plaintext, rather encrypted)
How password holders can prevent social engineering
20
what is captcha
Stands for COMPLETELY AUTOMATED PUBLIC TURING test to tell COMPUTERS and HUMANS APART
Commonly used by annoying to complete by users
They work on the principle that a human can do one but a computer can not
21
what is email verification
Emails users once they have given an email for an account so that they go to I and prove it is them
Websites often use this for marketing purposes
Sites also insist on phone numbers and heck if they are already in the database
Some sites don’t do this, which is annoying if user forgets password, it is very hard to reset.
22