Cyber Security Flashcards
(29 cards)
1
Q
Why is cyber security important?
A
- protects data programs and computers against damage, cyber attacks and unauthorised access
- hackers often target organisations to access lots of sensitive information
2
Q
What does penetration testing do?
A
- organisations employ specialists to stimulate potential attacks to identify vulnerabilities to fix
3
Q
Describe the 2 types of penetration testing
A
- white box - stimulates malicious insider with knowledge of system to see what they can do
- black box - external cyber attack - tries to hack organisation in any way
4
Q
What is malware?
A
- malicious software designed to cause harm to gain unauthorised access to a computer system
- without consent
5
Q
What can malware do on a computer?
A
- deletes or modifies files
- locks files
- displays unwanted adverts - adware (pop up ads that can’t be closed)
- monitors user with spyware
- alters permissions using root kits
6
Q
How can malware spread between devices?
A
- Virus = attach themself to files and spread by copying files and activate if opened
- worms= self replicate so spread quickly and exploit weakness in security systems
- Trojans = malware disguised as legitimate software and don’t replicate but users install them not realising their hidden purpose
7
Q
4 types of social engineering
A
- Pharming
- Phishing
- Shouldering
- Blagging
8
Q
Describe pharming:
A
- user directed to fake version of a website
- inputs personal details thinking they’re handing it to a legitimate account
- make sure anti malware is up to date
- use web filters to prevent fake sites
9
Q
Describe phishing:
A
- criminals email or text leading to a fake website
- sent to thousands
- anti-phishing feature (firewall), poor grammar, follow links or update personal details
10
Q
Describe shouldering:
A
- watching over a person’s activity
- watching PIN number or putting password into secured computer
- doesn’t require expertise
- be discreet such as covering the keypad when you enter PIN
11
Q
Describe blagging:
A
- makes up story or pretends to be someone they’re not
- e.g. stuck in a foreign country so to send money
- e.g. phone victim to gain their trust as they pretend to be someone important
- use safety measures that can’t be given away - e.g. biometrics
12
Q
How can networks be protected against threats?
A
- encryption
- anti-malware software
- user access levels
- automatic software updates
- MAC address filtering
13
Q
How can networks be protected with encryption?
A
- when data is translated into a code when only someone with the correct key can access
- cipher text into plain text
- needed to send data over network securely
14
Q
How can networks be protected with anti-malware software?
A
- stops malware from damaging the network
- e.g. firewall examines all data and blocks potential threats
- prevents unauthorised access into the network
15
Q
How can networks be protected with user access levels?
A
- some have higher access levels than others and access to more sensitive data
- limits the number of people with access to important data so prevents attacks within an organisation
16
Q
How can networks be protected with automatic software updates?
A
- used to fix security holes
- unpatched software can be easily exploited
17
Q
How can networks be protected with MAC address filtering?
A
- way of making sure only people on a network are trusted users
- checks unique identification so only allowed devices can join the network
18
Q
What are the ways of authentication?
A
- Passwords
- Biometrics
- Email Confirmation
- CAPTCHA
19
Q
Describe passwords;
A
- simple methods
- strong with a combination of letters, numbers and symbols and can be changed regularly
- weak or default passwords are a big security risk
- hackers can use brute force attacks to get past short/ simple passwords and social engineering
20
Q
Describe biometrics:
A
- uses scanners to identify people by a unique part of their body –> retina, fingerprint
- prevent unauthorised access
- quite secure and convenient for users
- more expensive to implement as they have special hardware
21
Q
Describe email conformation:
A
- confirms that the email belongs to them
- stops people from using fake emails to sign up but since webmails are free people can sign up for new ones so not always effective
22
Q
Describe CAPTCHA:
A
- Completely Automated Public Turing test to tell Computers and Humans Apart
- prevents programs from automatically creating accounts
- consists of simple things like typing out a blurred and distorted word from an image
- rely on computers not being able to read images as well as humans can
- image recognition software and AI is developing as machines are becoming more capable
23
Q
What is ransomware?
A
- encrypts files on an infected system and only decrypts files once payment has been made to the hacker
24
Q
What is spyware?
A
- gathers information about the use by tracking activity
25
What are rootkits?
- malware which modifies the OS to avoid detection by antivirus software
26
What are backdoors?
- malware which opens up an access channel to the computer so other malware can take over the machine
27
What is a firewall?
- hardware or software between a device and the internet which inspects incoming and outgoing data packets. It tries to stop hackers from gaining access to the network and stops malware from getting into the network. It does packet-filtering, IP-address filtering, and port-blocking.
28
What things should a good pen test look for?
- Technical vulnerability
- likelihood of social engineering
- test of damage recovery
29
Three ways to protect against social engineering attacks?
- Education and training
- public awareness campaigns
- company security policies
