Theory - Cybersecurity Flashcards
Encryption key
Data used to encrypt or decrypt data
Hacking
Any attempt to gain unauthorised access to a computer system
Can target either a computer system itself or system’s users
Rootkit malware used by hackers to alter access levels to devices - hard to remove as it becomes embedded in the device’s OS
Social engineering
Attacks on users
Trying to exploit user rather than system using techniques such as phishing and shoulder surfing
Person is exploited into giving away critical information that gives access to network or accounts
Anti-malware software
Used to DETECT and REMOVE MALWARE on a computer system
Threat of data being intercepted can be reduced by…
encrypting data so that if it is intercepted it cannot be read
CAPTCHA
Technology intended to determine that a human and not a computer program is accessing a website
Penetration testing
Attempt to hack into a system to test how secure it is
Improves security by highlighting security flaws that need to be fixed
Hacking authorised by network owner
Components of a good penetration test:
Technical vulnerabilities
Test of damage recovery
Phishing
BAIT is used - email that looks legitimate or is an attractive offer to prompt the user to follow a link to a fake website
Involves attacker faking their identity
Eg. attempts to prompts users to go to a fake web page to enter their details
Malware
MALICIOUS SOFTWARE designed to cause intentional damage to a computer system
Anti-malware software is used to detect and remove malware on the system
Why is data encrypted
Threat of data being intercepted can be reduced
Method of obscuring data so that it cannot be read if it is intercepted
If it is intercepted it cannot be read
Brute-force
Repeatedly guessing a password until access is granted to system
Attempts to crack a password by trying every combination of letters and numbers
Dictionary attacks - use list of commonly used passwords or standard words in a dictionary
Penetration testing
Attempting to hack a system on PURPOSE to identify SECURITY WEAKNESSES which can then be reported and fixed
User access levels
Help to reduce the impact of any attacks that occur
If a hacker manages to get an employee’s password they will only be able to access part of system
Stop users from accessing services on the system that they do not normally need access to, so insider attacks would be reduced
Cyber security
Process of ensuring networks and computers are SAFE from UNAUTHORISED ACCESS
Implant
Technology that is carried inside the body,
rather than simply on the body, such as a watch