3.6 cyber security

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is spyware?

'spies' on the computer and sends information or a criminal. User doesn't know that they are are downloading it - with other software

how can pharming be prevented?

Internet Service Providers check that sites are legitimate and block fake sites / redirects or checking the URL of a site is what it should be

how can pharming be prevented?

Internet Service Providers check that sites are legitimate and block fake sites / redirects or checking the URL of a site is what it should be / padlock

what is malware?

Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software

what is SQL injection?

User enters SQL statement into a form instead of a name or other data. Accepted code becomes part of database commands issued. Improper data disclosure, data damage and loss possible. Well-designed applications make injections ineffective 'input sanitisation'

what is black box penetration testing?

With black-box penetration testing the tester does not know how the security systems work

why may removable media be a problem?

large quantities of data can be stolen easily unauthorized applications may be downloaded

what is phishing?

Phishing is a technique of fraudulently obtaining private information, often using email or SMS sends individual messages hoping that some people believe the false information

what are password systems?

This could involve setting a string password, using passwords to access a system, document or restricted area

what are DoS attacks?

flooding a network with login requests so that it crashes. companies are sometimes made to pay for the network to be relieved

why does cloud storage minimise data loss?

if data in one system is lost or fails: data is often located in multiple areas so that it isn't lost. so effective at minimising data loss

what is data inception and theft?

intercepting data packets as it travels across networks. can contain logins, bank details etc

what is baiting?

leaving a malware infected portable storage device around hoping that a legitimate user will insert it into the computer system;

how can we improve physical security?

lock doors fit CCTV install burglar alarms chip devices so they can be detected if stolen

Automatic software updates: pros + cons

makes updating a computer easy and accessible for most people, ensures that if malware is released the majority of computers can be protected but a new update may mean that a customers old software becomes incompatible and they are unable to return

why might password systems be an issue?

many people use weak or default passwords therefore it is easy to gain access and a company may become overly trusting in their security so have no additional security methods

what is shouldering?

observing a person's private information over their shoulder eg cashpoint machine PIN numbers

why may unpatched / outdated software be a problem?

security flaws will not have been affected - also sometimes these patch notes are released so malicious coders will be aware of vulnerable devices problems with the program that pose no security risk but may cause the user to experience problems are fixed

what is a firewall?

software or hardware designed to filter out suspicious packets attempting to enter or leave a computer

why may misconfigured access rights be a problem?

someone may gain access to restricted files and alter them or use their contents to their advantage - e.g. changing the hours they have worked or stealing a company's design

biometrics: pros + cons

+ ease of use- just placing a thumbprint, +much harder to 'hack' as more combinations - expensive, must be very secure as technology evolves -not flawless, fingerprint sampling/deception

biometrics: pros + cons

+ ease of use- just placing a thumbprint, much harder to 'hack' as more combinations - expensive, must be very secure as technology evolves

how can damage caused by malware be minimised?

>Ensure that software is stored in multiple locations for example using the cloud and having data stored in multiple data centres or using hard copies of data for example using SSDs or Optical storage

how can we be protected from malware?

>firewall to ensure we know about all downloaded software >up to date operating system >latest security updates >antivirus software >avoid opening emails and attachments from unknown characters

what is an email confirmation?

A link is sent to a user's registered email address which they must open and click on in order to activate an account, e.g. for a shopping account with an online store

what is blagging?

Blagging is the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances

what is a CAPTCHA?

CAPTCHA: completely automated public Turing test to tell computers and humans apart >a program that protects websites against bots by generating a test that humans can pass but current computer programs cannot

what is a worm?

Independent computer programs that copy themselves from one computer to other computers over a network. causes the computer to run slowly and consumes bandwidth. May cause damage or create a 'back door' for hackers to access

what is password hierarchy?

Password hierarchy is often used in companies and different people have different settings and access levels based upon their responsibilities

what is penetration testing?

Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access

what is a computer virus?

Viruses usually have a harmful effect e.g. corrupting or deleting data a computer program hidden within another program or file. Can replicate itself into other programs or files which are them often passes by a user to other computers

what are automatic software updates?

Where a newer version of the software running on your device is automatically updated/ installed This prevents security breaches as patches are released to work against new viruses

what is pharming?

a cyber attack intended to redirect a website's traffic to another, fake site.

why is social engineering a threat?

as hackers can obtain bank details and person information to exploit people

why is social engineering a threat?

as hackers can obtain bank details and personl information to exploit people

how can phishing be prevented?

calling the bank or company before responding to an email or call

password systems: pros + cons

can be easy to implement, however passwords must be stored somewhere so could be obtained. Also, there is a limited number of combinations especially as most humans use strings that they can easily remember

how can blagging be prevented?

can use phone/email verification to check if the company is valid - e.g. calling the company or sending an email

how can shouldering be prevented?

covering personal information whilst at ATMs or in public areas where you may log in to an account

what is a trojan?

does not replicate, installed by a user as it is disguised as a legitimate program/email attachment > malicious - delete files > annoying - change the desktop > create back doors e.g. keylogging

what is a trojan?

does not replicate, installed by a user thinking that it is a real program > malicious - delete files > annoying - change the desktop > create back doors

CAPTCHA: pros + cons

stops bots from crashing websites or purchasing tickets in a ticket vendor many humans may struggle to complete the abstract questions so may lose business

what is social engineering?

the art of manipulating people so they give up confidential information

What are biometrics?

the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting and behavioral characteristics

What is cyber security?

the processes, practices and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access.

what are brute force attacks?

trial-and-error. Uses automated software to try and gain access e.g. continuously guessing passwords

how effectively does hard copies minimise data loss?

useful as if data on a system is corrupted then data on the hard copies aren't corrupted so should be no loss however data isn't regularly backed up and in the case of a fire this data would be lost also

what is zero-day attacks?

when software is published it is likely to have faults. when the flaw is discovered ' day zero ' there is a race between developers to try and fix this issue and malicious users to exploit it

what is white box penetration testing?

white-box testing the tester does know how the security systems work

what are the types of social engineering?

• blagging (pretexting) • phishing • pharming • shouldering (or shoulder surfing).

what are the four types of malware?

• computer virus • trojan • spyware • adware.


Ensembles d'études connexes

Applying stem changing verbs (e-ie, o-ue)

View Set

PowerPoint & Other Presentation Options

View Set

Western civ. 1020 Chapters 16-20

View Set

Nervous System TEST - HUMAN ANATOMY Ch. 14

View Set

( 8 ) - Florida Laws and Rules Pertinent to Insurance

View Set

Ch 50 Antineoplastic and Targeted Therapies

View Set

CITI Training: Biomedical Research Investigator & Social and Behavioral Research

View Set