gcse.compt.sci.cyber.security.u6

avatar
Created by
Emilia Zofia

Cards (30)

  • Cyber security:
    • Practice of protecting computer systems, networks, and programs from cyber attacks
  • CAPTCHA:
    • A challenge-response test used to determine whether the user is human or not
  • Social engineering:
    • Tricking someone into divulging information or taking action, usually through technology
  • Shouldering
    Standing behind a victim and watching them enter personal information
    Could include use of cameras to record.
  • Pharming
    Redirecting internet traffic from a legitimate website to a 'spoofed' website
    To capture a victim's personal information or install malware on a victim's computer
  • Avoiding a shouldering attack:
    • Use user attribute authentication
    • Use a privacy screen protector
    • Avoid entering/viewing private information in public
    • Lock devices when they are left unattended
  • Avoiding a pharming attack:
    • Keep antivirus software up to date
    • Enable two-factor authentication
    • Check URLs for typos
    • Only follow links that begin with HTTPS
  • Phishing
    Create a sense of urgency and fear to provoke a would-be victim into taking actions they usually wouldn't
    To persuade them to expose their personal information or to install malware onto their computer
  • Blagging
    Pretexting
    Creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.
  • Avoiding phishing and blagging attacks:
    • Never give out private information
    • Never trust alarming messages
    • Do not open attachments
    • Avoid clicking embedded links
    • Install antivirus software
    • Never reply
  • Difference between phishing and blagging:
    • Phishing - relies on creating a sense of urgency and fear, whereas, blagging - relies on creating a good pretext to gain trust
  • Malware
    Umbrella term for any malicious software designed to harm or exploit any programmable device service, or network
  • Virus
    A program that is malicious, and able to replicate
  • Trojans
    Malicious program that misleads the user into thinking it is something else
  • Spyware
    Malicious program that records data such as usernames and passwords
  • Antivirus
    Software designed to prevent, search for, detect, and remove malware from an individual computer system or network
  • Software updates:
    • Small frequent improvements provided by a computer system's developer
    • To fix bugs, improve the functionality of, and protect the computer software against security risks
  • Protecting from and detecting cyber security threats:
    • Biometric measures
    • Password systems
    • CAPTCHA
    • Using email confirmations to confirm a user’s identity
    • Automatic software updates.
  • Access rights
    The permissions an individual user or a computer application holds to read, write, modify, delete or otherwise access a computer system's resources
  • Misconfigured access rights
    User accounts or computer applications have incorrect permissions
    Allow user account or computer application to access computer system or network resources they should not be able to
  • The Computer Misuse Act 1990
    Piece of UK legislation that criminalizes the act of accessing or modifying data stored on a computer system without appropriate consent or permission.
  • Data protectionn Act 2018
    Piece of UK legislation that controls how ones personal information is used by organisations, businesses, or the government
  • Authentication
    Process of verifying the identity of a person or device
  • Forms of authentication:
    • Username and password
    • User attribute (biometrics)
    • Tokens (one-time password)
    • Two factor authentication
  • Risk of weak or default passwords:
    • Susceptible to brute force attacks
    • Easily identifiable
  • Advantage of user attribute over username and password:
    • User could forget password or username but not their user attribute
  • Penetration Testing

    An authorised simulated cyberattack on a computer system, performed to evaluate the security of the system
  • Black-box penetration testing:

    The penetration tester has no knowledge of the system being tested
    Simulates an external hacking or cyber warfare attack
  • White-box penetration testing:

    The penetration tester has partial or full knowledge of the system being tested
    Simulates a malicious insider who has knowledge of and possible basic credentials of the target system
  • Purpose of penetration testing:
    • To discover vulnerabilities in the computer system before they can be exploited by criminal hackers