CyberSecurity

avatar
Created by
Inaaya

Cards (64)

  • Decribe methods of identifying vulnerabilities in computer systems
    Footprinting, Ethical hacking, penetration testing
  • What is footprinting
    Footprinting is the first step in the evaluation of the security of any computer system.
  • What does footprinting involve?

    It involves gathering all available information about the computer system or network and the devices that are attached to it.
  • What happens when a penetration tester uses footprinting?
    It enables the tester to discover how much detail a potential attacker could find out about a system
  • What is the benefit of footprinting to an organisation?
    It allow an organisation to limit the technical information about its systems that is publicly available.
  • What is Ethical hacking?
    An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system to find security vulnerabilities
  • What is the ethical hacking process?
    Ethical hacking is carried out with the permission of the system owner to cover all computer attack techniques.
  • How does an ethical hacker operates?
    An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers.
  • How does the ethical hacker use the information they discover?
    This information is then used by the system owner to improve system security.
  • What is penetration testing or ethical hacking?
    It is the practice of testing
    a computer system, network or web application to find security
    vulnerabilities that an attacker could exploit.
  • What are the two main types of penetration?
    The tests can be automated with software applications or they can be performed manually.
  • What are the four main penetration testing strategies?
    Targeted testing, external testing, internal testing, blind testing.
  • What is Targeted testing?
    In targeted testing, testing is carried out by the organization's IT team and the penetration testing team working together.
  • What is external testing?
    External testing is used to find out if an outside attacker can get in and how far they can get in once they have gained access.
  • What is internal testing?

    Internal testing is used to estimate how much damage a dissatisfied employee could cause.
  • What is Blind testing?
    Blind testing is used to simulate the actions and procedures of a real attacker by severely limiting the information given to the team performing the test.
  • What is SQL injection?
    SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input that will allow access to data
    stored in a database.
  • What harm can the injected SQL command do to the SQL database?
    The injected SQL commands can alter SQL statements and compromise the security of information held in a database.
  • What is IP address spoofing?

    A cyber security attack, that involves an attacker changing the IP address of a legitimate host so that a visitor who types in the URL of a legitimate site is taken to a fraudulent or spoofed web page
  • What will the attacker use the hoax page for?
    The attacker can then use the hoax page to steal sensitive data, such as a credit card number, or install malware.
  • Explain the need for file backup and generation of files?
    Backup, generation of files, archiving files.
  • What is backup?
    A backup is a copy of data that can be used if the original data is lost.
  • How often should backups be made?
    Backup of all data should be made regularly as the older the backup data becomes, the less likely it is to match any current data stored on a computer system.
  • When a network manager setup a backup policy, what should be included in the policy?
    A typical backup policy would require that three different backups be kept at any given time.
  • Why should a copy of the backup stored off site?
    This will ensure if all copies on site are distroyed, a final kept of site could be used to restore the data lost.
  • Explain the genrations of backup?
    The oldest backup copy would named the grandfather, the second oldest backup being named the father and the most recent backup being called the son.
  • What happens when a new backup is made?
    When a new backup is made, the oldest backup, the grandfather is overwritten and becomes the son backup, with the original son becoming the father and the original father becoming the grandfather.
  • What is the term given to the 3 stages generational backup policy?
    It is called the grandfather-father-son method.
  • What is archiving?
    The process of storing data that is not in current use for security, legal or historical reasons.
  • What is a benefit of Archiving?
    The process of archiving data free up resources on the main computer system i.e. HDD or SSD.
  • What is another benefit of archiving?

    The process of archiving data allows faster access to data that is in use. If data is on HDD, disk head does not need to move throug lost of old data. For SSD, quick access to needed current data.
  • What is the term network security
    The range of measures that can be taken to protect network data from accidental or malicious damage.
  • What is term Encryption?
    Conversion of data, using an algorithm, into cyphertext that cannot be understood by people
    without the decryption key.
  • What is the term Cybersecurity?
    The range of measures that can be taken to protect computer systems from cyberattacks.
  • What is Cyberattack?

    An attempt to expose, alter, disable, destroy, steal or gain unauthorised access to data on a
    computer system or smart device.
  • What does the term Vulnerabilities in software mean?

    Software security flaws or holes that are fixed via the release of patches.
  • What are cookies?

    Data downloaded from a website which allows the website to identify the computer in future.
  • What does Cybersecurity mean in the real world?
    Online networks are liable to cyberattacks targeted to access confidential data, such as customers' details. This data is expensive to gather, and its loss could result in loss of reputation and even business failure.
  • Cyberattacks includes the following?
    Phishing, Social engineering, Brute force attacks, Denial of Service (DoS), Distributed Denial of Service (DDoS), Data interception and theft, SQL Injection.
  • What is Phishing?
    Sending fraudulent emails claiming to be from reputable companies in order to scam people to reveal information, such as credit card numbers.