Studied by 2 people
What is Cyber Security?
The processes, practices and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access.
Social engineering techniques (will explain in more depth further on)
Blagging - making up a story to get information from the user
Phishing
trying to get people to click a link that is fake and could exploit your details
Shouldering
hearing/seeing something like a password. Obtaining data.
Why are social engineering techniques a threat
All your private information like your card details could be used and exploited by someone with malicious intent. All your money, data, time and privacy will all be lost.
Malicious code
A computer program that is meant to hurt you and your computer. They could spy on you and it could also be ransomware. Viruses, worms, and Trojans are examples.
Why is malicious code a threat
Your devices will be harmed and will have lost all your data, privacy, money and all your time, effort and work.
Weak and default passwords
A weak password is a password that can be easily guessed.
A default password is a password that is set when you buy something
Why are weak and default passwords a threat
very easy to guess - easily get hacked
for default, you need to change it or people can easily find it out whether it's on the internet or somewhere else and easily get into your device/account
Misconfigured access rights
When a user has been given too much permission
Why are misconfigured access rights a cyber security threat?
lets you access things you are not supposed to
the principle of least permission
Removable Media
Any secondary storage medium (USB pen drive, floppy disk, portable hard drive, DVDs, SD cards)
Why is removable media a cyber security threat?
can easily access your things because you have uploaded your data onto it
write a virus/malware onto the device
operating systems automatically launch the content
Social aspect: "you can not bring a USB pen drive to school and plug it in"
Technological aspect: "you can not bring a USB pen drive into school however even if you do plug it in the computers will block it"
Unpatched and/or outdated software
Bugs or flaws which can be exploited by malware if they have not been fixed/patched
Why are unpatched/outdated software a cyber security threat
-device can easily be exploited by malware if not fixed/patched
What is Malware?
A virus, code or script put onto your computer that is an executable software and damages it
What can a hacker do with malware?
Leak data + information, collect personal data, identity theft, manipulate data, sell the data, payment and infect into your computer.
Computer Virus
A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data
Trojan
A program that appears harmless but is in fact malicious
It is piggybacking another piece of program
Adware
software that automatically displays or downloads advertising material (often unwanted) when a user is online.
Piggybacked off another program to trick the user into installing it
Spyware
software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.
E.g webpages visited, internet surfing habits, email addresses + passwords etc.
Worm
Stand-alone piece of software that spreads on its own
Difference between a worm and a virus
A virus is a code that relies on a host
A worm is a standalone piece of software that spreads on it's own
Ways to prevent malware
improved code
regular updates to software, operating systems, virus programs
installing firewalls
educating users
Code Red Worm
A form of malware activated online on July 13, 2001 that infected any web server using Microsoft's IIS web server software. It penetrated 975,000 hosts and displayed the words "Hacked by Chinese!" across infected web pages and ran entirely in each machine's memory and in most cases left no trace. It costed $2.4pm
What is Social Engineering?
the art of manipulating people so they give up confidential information
Blagging
Making up a story to get information out of you (passwords, emails, security pin codes)
Example Scenario of Blagging
One scenario is if someone calls you saying that someone has hacked into your bank account and robbed it and asked you to give out some of your details and you did it they could get your information.
How to prevent blagging
Train people how to recognise blagging
Phishing
Trying to get people to click on a link that is fake to gather and exploit your details
How to spot that an email is not genuine
The message is sent from a public email domain- no legitimate organisation would send an email that ends in @gmail.com
The domain name is misspelt - for example if the email address is @microsftonline.com it is spelt wrong
The email is poorly written - spelling mistakes
It includes suspicious attachments or links
The message creates a sense of urgency
Pharming
A cyber attack intended to redirect a websites traffic to another lookalike fake site
Pharming Attack
You would be lured to a website hosting malicious code and then it would download a trojan on your computer. It would then completely redirect you to websites. Then they would finally redirect you to a real bank and get your personal details when you enter them.
How do you prevent Pharming?
The web address will look slightly different so always check. Also check for the hhtps as that means it is a secure site.
Shouldering
Hearing/seeing your details like a password/PIN code etc.
If you were a hacker... explain some of the 'best' places to go to try and shoulder people. Include what kind of information you could steal.
When withdrawing cash as they could see you type in your pin code for your card.
How do you prevent Shouldering?
Privacy Screens
Security Measures
Any steps, actions or measures taken as a precaution against computer/data related theft, espionage, sabotage etc.
Biometric Measures
Technical term for body measurements and calculations. It refers to metrics related to human characteristics. Biometric is a factor to authenticate identification and access control.
Password Systems
Common method of preventing unauthorised access, requires a password to gain access. Can be made more secure by implementing password rules.
What does CAPTCHA stand for?
Completely Automated Public Turing Test To Tell Computers and Humans Apart
CAPTCHA (or similar)
Used to determine if the user is a machine or not
It works as it displays text in which is indecipherable by a computer using automated text recognition software.
Using Email confirmations
The user is not granted access until they click on the link sent to an email address they have supplied, therefore verifying and validating your email address. It provides some confidence that the user is a real one as the email address is real.
Automatic Software updates
The concept of keeping software's up to date. Automated software updates enable d help keeps a product up to date and flaws are fixed as soon as possible without the need of manual intervention.
Penetration Testing
Attempting to gain access to recourses, potentially without knowledge of usernames, passwords and other normal means of access
White hat hackers
security experts, sometimes ex- hackers, who are employed by a company. Using their expertise to find vulnerabilities and fix them - legal
Grey hat hackers
not employed by a company, try to find flaws in company systems. What they do is technically illegal but they then inform the company of the flaw so that they can fix them.
Black hat hackers
attempt to gain access via nefarious means. Maybe to steal company secrets or to cause damage to data - illegal.
White box penetration testing
simulates a malicious insider who has knowledge of and often basic credentials for the system being targeted - inside the company have access to the network, access to list of ip addresses. Simulating being a normal user in the company.
Black box penetration testing
simulates an external hacking attempt to a company or organisation or a cyber warfare attack - don't have physical access inside the company, don't have connection, don't have list orf server ip addresses. Outside the company.
Blagging
Make it up a story to try and get information out
Note
Flashcard