Cyber security

avatar
Created by
Grace

Cards (30)

  • cyber security = the processes, practices and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access
  • social engineering = a way of gaining sensitive information or illegal access to networks by influencing people
  • Examples of social engineering:
    • phishing
    • shouldering
    • blagging
    • pharming (do not need to know for exam)
  • malware = code that is designed to cause harm or gain unauthorised access to a computer system, it is often installed onto someones device without their knowledge or consent
  • Malware can get onto a device through several ways such as:
    • being downloaded in an email attachment
    • being hidden on removable media
  • Actions of malware:
    • deleting or modifying files
    • locking files so that the user cannot access them
    • displaying unwanted adverts
    • monitoring the user
    • altering permissions - gives hackers administrator level access to devices
  • pharming = where a user is directed to a fake version of a website that looks just like the real thing, with the aim that the user will not notice the difference
  • misconfigured access rights = the permissions that are granted to a user, or to an application, to read, write and erase files in the computer are incorrectly setup.
  • removable media = examples include CDs, DVDs and USB drives. Removable media makes it easy for a user to move data/viruses/malicious code from one computer to another.
  • unpatched and/or outdated software = software that is not the most recent version or not patched - A patch is a piece of software designed to update a computer program to fix or improve it. This includes fixing security vulnerabilities and bugs. 
  • penetration testing = when organisations employ specialists to simulate potential attecks by attempting to gain access to resources without knowledge or usernames or passwords to identify possible weaknesses
  • white box penetration testing = full knowledge
  • grey box penetration testing = some knowledge
  • black box penetration testing = no knowledge
  • Blagging:
    • the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance of the victim giving up personal information

    • How to reduce the risk - use security measures that cannot be given away e.g. biometrics
  •  Phishing:
    • a technique of fraudulently obtaining private information, often through email of SMS
    • How to reduce the risk - use web filters to prevent the users from accessing the fake websites being sent
  • Shouldering:
    • Observing a persons private information over their shoulder
    • How to reduce the risk - being discreet e.g. covering the keypad when entering your PIN
  • computer virus = a piece of code which is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.
  • trojan = a malware that hides within other seemingly harmless programs or will try to trick you into installing it
  • adware = a form of malware which presents unwanted advertisements to the user of a computer
  • spyware = installed on a users computer to collect personal information or to monitor internet browsing activities, this information can then be transmitted to the criminal
  • How to prevent cyber security threats?
    • Encryption
    • Anti-malware software
    • Firewalls
    • User access levels
    • Automatic software updates
    • MAC address filtering
    • Passwords
    • Biometrics
    • Email confirmation
    • CAPTCHA
  • Encryption:
    • encryption is when data is translated into a code which only someone with the correct key can access, meaning unauthorised users cannot read it
    • encrypted text is called cipher text
    • encryption is essential for sending data over a network securely
  • Anti-malware software:
    • anti-malware software is designed to find and stop malware from damaging an organisations network and the devices on it
  • Firewalls:
    • firewalls examine all data entering and leaving a network, identify potential threats using a set of security rules and block any unwanted data
    • firewalls can be software or hardware
  • User access levels:
    • user access levels control which parts of the network different groups of users can access
    • user access levels limit the number of people with access to important data, so helps to prevent attacks from within the organisation
  • MAC address filtering:
    • MAC address filtering is a way of making sure only people on a network are trusted users
    • it checks the unique identification of each device that tries to connect to the network and only lets allowed devices join the networks
  • Biometrics:
    • biometric measures use scanners to identify people by a unique part of their body e.g. fingerprint
    • they are usually quite secure and convenient for users but are often more expensive to implement because they require special hardware
  • Email confirmation:
    • email confirmation is used by most web services that require account registration to confirm that the email address belongs to the person registering
    • it is also used to stop people from using fake email addresses to sign up for things, however, people can usually sign up for a new email address whenever they want, so this is not always an effective way of confirming somebody's identity
  • CAPTCHA:
    • 'Completely Automated Public Turing test to tell Computers and Humans Apart'
    • it is designed to prevent programs from automatically doing certain things like creating user accounts
    • usually consists of a simple task, e.g. typing out a blurred/distorted word or recognising things like animals
    • these tests rely on computers not being able to read images as well as humans however, as artificial intelligence is developing, machines are becoming more capable of passing these tests