unit 6 - cybersecurity Flashcards
(37 cards)
what is cyber security?
the different processes, practices and technologies that protect networks, computers, programs and data from attack, damage or unauthorised access
what kind of threats are computers vulnerable to?
- malware including viruses
- social engineering
- pharming
- weak and default passwords
- misconfigured access rights
- removable media like a USB
- unpatched and/or outdated data
why is it important to secure data?
- millions of organisations store data and it is very valuable
- also very vulnerable
what are password policies?
- passwords are often checked as they are created to make sure that they conform to the parameters given in a required policy
- organisations will often have password policies and this makes sure that the password has specific features
what are some examples of password policies?
- minimum length of characters
- include at least 1 lowercase letter
- include at least 1 uppercase letter
- include at least one symbol £$%&*@
- have to change the password every month
what are default passwords? and why do they make devices vulnerable if not changed by the user?
- the initial passwords that come with a device when it is bought
- most devices come with a default password or PIN to gain access eg. 0000, 1111 and 1234
threat; makes it easy for hackers to gain access using password lists or a brute force attack
what are default passwords? and why do they make devices vulnerable if not changed by the user?
- the initial passwords that come with a device when it is bought
- most devices come with a default password or PIN to gain access eg. 0000, 1111 and 1234
threat; makes it easy for hackers to gain access using password lists or a brute force attack
what are user access levels?
- access rights may be set on hard drives, folders and even individual files
- alters what a specific user can see
why do misconfigured access rights serve as a threat?
- each user in an organisation is assigned individual access rights, according to their role eg. network users shouldn’t have access to the setup and configuration settings
- these rights have to be carefully managed so that no one has access to areas that they don’t need to do their job as it can become a security weakness
threat; these give users too much access which they can then misuse
what is pharming?
a cyber attack that redirects a user to a fake website
how does a pharming attack take place?
if a hacker can change the entry on the DNS (domain name system) server, then they can make it point to a fake website that they can control, meaning the DNS server has been ‘poisoned’
→ the fake website might appear the same as a real website
→ its real aim is to collect personal data like bank details
→ the hacker can then use this to transfer money to themselves
what threat does a pharming attack pose?
a DNS server is compromised so that it points to a fake website which can then obtain personal information like usernames and passwords
what is removable media? and how can they be a threat??
any storage device that can be inserted and removed from a computer
- such as, USB flash drives or SD cards
- removeable media can be used to steal documents and files from a company or introduce malware
how can malware get onto removable media?
- malware could get onto the removable media by:
- being present on a home computer and then infecting the removable media device when inserted
- also, a hacker could leave an infected USB flashdrive somewhere and it may accidentally get inserted into a computer
threat; these can be used to introduce malware or remove confidential documents
why must software be regularly patched or updated?
- many updates contain fixes to known security issues
- hackers will be aware of these known security issues, making computers that haven’t been updated an easy target
what are the most important software updates?
- operating system: updates often contain security updates
- it’s important to update the operating system is kept as secure as possible as it has full control of the computer or server
- antivirus or anti-malware software needs to be updated regularly or daily so that it can detect new malware
threat; leaves security holes open
what is social engineering and what are some examples of this?
the ability to obtain confidential information by manipulating people for it
- blagging
- phishing
- shouldering
what is phishing?
using email or a text message to obtain information
- emails, texts or phone calls are sent to users pretending to be from a trustworthy organisation (like a bank or website)
- these messages attempt to gain things such as: usernames, passwords, credit card details and other info
what are the features of a phishing email?
- greeting: generalised greeting, no personalisation
- sender’s address: a variation of a genuine address
- forged link: looks like a genuine link but redirects you to a different website
- request for personal information: genuine organisations will never ask for such details over an email
- sense of urgency in the mail
- poor spelling, grammar and punctuation
what is shouldering?
- the ability to get information or passwords by observing as someone types them in
- using a CCTV camera
- looking over someone’s shoulder
- overlooking a phone unlock pattern
what is blagging?
- the act of creating and using an invented scenario to engage a targeted victim - often makes use of tricks to get the target to do something that they wouldn’t under normal circumstances
- used to obtain personal information or money from a victim by creating a sense of urgency
what is malware? and what are some types of malware?
malicious software; executable programs that run on a computer
- viruses
- trojans
- spyware
- ransomware
- worms
what are viruses and what do they do?
- replicates their code in other programs (hence infecting)
- they infect other computers
- they harm the computer by deleting, corrupting and modifying files
what is a worm?
- they replicate themselves in order to spread to other computers
- they don’t cause damage to the attacked computers but use up their resources
- they slow down networks and computers
