Cyber Security Flashcards Preview

Computing flashcards > Cyber Security > Flashcards

Flashcards in Cyber Security Deck (22):
1

What are the 4 Cyber Security threats

Default and weak passwords
Removable media
Unpatched and outdated software
Misconfigured access rights

2

What is removable media

Two major threats – data loss/theft and virus infection

USB drives and laptops are often lost or stolen. If they are not encrypted the data is at risk. If they are not backed up the data will be lost.

USB devices can cause damage to both software (by containing malware) and hardware by causing electrical damage

USB condoms can prevent the first risk but not necessarily the second

3

What are misconfigured access rights

Network security typically involves giving different levels of users different rights

Configuration errors can undo this – imagine if all students in school had the ability to access SIMS, read staff emails and delete any data they wished

4

what is unpatched and outdated software

Software is frequently updated to fix security flaws. These flaws become well known after the fix is out. If users do not patch the software it leaves them vulnerable to attack

Many organisations use custom software that only runs on old platforms – many public sector organisations still use Windows XP, for example, which is no longer patched

5

what is a zero day flaw

a flaw becomes known within a software so the company has to fix the problem because, while the flaw is known, people's devices are vulnerable to attacks.

6

what is penetration testing

white box and black box

Penetration testing is a process used to find security weaknesses in a system, usually without information to help the tester
The process is:
Gather information & identify possible entry points
Attempt to break in
Report back

Black box penetration testers are given little or no information. The idea is to find out if a hacker could get in and what they could do
White box penetration testers will be given basic information (IP addresses, network protocols, possibly basic logins). The idea is to find out how much damage an employee could do

7

4 types of social engineering

Blagging
Phishing
Pharming
Shouldering

8

whats blagging

Blagging is the act of knowingly or recklessly obtaining or disclosing personal data or information without the consent of the controller (owner of the data)

Persuading someone (such as a colleague) to disclose their password would be an example of this

Companies should provide clear policies and training to limit this risk

9

whats phishing

Phishing emails are used to try to get the user to disclose information. They often claim to be from a bank or other financial institution

Another recent type is an email from a friend asking for help, for example if they have been robbed while abroad

They are often identifiable due to:
Poor spelling and grammar
Generic greetings rather than use of names
Hyperlinks that look like they are for a reputable site but when inspected, turn out to be bogus
Timed threats eg click this link or your account will be closed in 2 days

10

whats pharming

Pharming is when malware or hacking is used to ensure that traffic intended for one website redirects to another, eg by changing the hosts file on a PC or exploiting flaws in DNS

11

whats shouldering

Shouldering or shoulder surfing is when someone attempts to observe login credentials belonging to another person

This could be watching someone type their pin into a card machine, or entering a password in a public place

12

4 types of malware (malicious software)

Virus
Spyware
Adware
Trojan

13

whats a virus

A virus is a program that is installed on your computer, without your knowledge or permission, with the purpose of doing harm

They can self-replicate (create new copies of themselves)

Some are merely annoying
Others will cause more harm and may make a computer unusable or destroy data

14

whats spyware

Spyware gathers information about the user and their activities without their knowledge
It is often used to track internet use
It can be used to capture details like login credentials and passwords
The term is not used as widely as it used to be, as major internet companies and services (quite legally) do very similar things using cookies

15

whats adware

Adware analyses internet activity and uses it to present targeted ads
It is sometimes built into free software downloads
Cookies are used by major companies to track us over the internet
Web browsers have various features such as ‘do not track’ settings and privacy plugins that can help

16

what are trojans

Trojans trick the user into installing them
Some give the creator the ability to access and take information from the computer
Some allow the creator to control infected computers in the form of a botnet, which can be used for DDOS (Distributed Denial Of Service) attacks

17

5 methods to prevent cyber security threats

Biometrics
Password systems
Captcha
Email verification
Automatic software updates

18

What are biometrics

Use physical data about a person as a form of identification

Considered to be highly secure as most data is unique

Common methods: fingerprints, eyes, voices, faces

One potential risk I that if it is compromised then you cannot simply change your biometrics like a password
For this reason iPhones only stores fingerprints on the device and it is never transmitted to servers

19

what are password systems

Prevents unauthorised users

Effectiveness changes due to strength of password

How securely it is stored (not in plaintext, rather encrypted)

How password holders can prevent social engineering

20

what is captcha

Stands for COMPLETELY AUTOMATED PUBLIC TURING test to tell COMPUTERS and HUMANS APART

Commonly used by annoying to complete by users

They work on the principle that a human can do one but a computer can not

21

what is email verification

Emails users once they have given an email for an account so that they go to I and prove it is them

Websites often use this for marketing purposes

Sites also insist on phone numbers and heck if they are already in the database

Some sites don’t do this, which is annoying if user forgets password, it is very hard to reset.

22

what are automatic software updates

When vulnerabilities are discovered, they can be exploited by malware or hackers

Automatic Software updates allow manufactures to patch vulnerabilities without relying on the user to be aware, if they are not auto and the user does not update the software, their software will be vulnerable to known exploits

They can cause problems and have consequences like bricking devices