Fundamentals of Cyber Security Questions and Answers 100% Correct

Fundamentals of Cyber Security Questions and Answers 100% Correct what is adware A software program that delivers advertising content in a manner that is unexpected and unwanted by the user. normally this is to generate revenue what is a broswer hijacker a type of malware designed to change your browser's settings DoS (Denial Of Service) is... an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Encryption = The process of making data secret so that only the authorised viewers can decrypt and read the data, and third parties cannot. It does not prevent interception, only from it begin understood. EULA stands for.... End User License Agreement Hacker can be defined as.... A person who secretly gains access to computers and files without permission. Keystone Logger purpose = record your keystrokes and record your internet history Malware software designed to infiltrate or damage a computer system without the user's informed consent Mouse Trapping Technique used by some websites to keep visitors from leaving their website, either by launching an endless series of pop-up ads or by re-launching their website in a window that cannot be closed. Phishing An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information Pharming An online scam that attacks the browser's address bar. Users type in what they think is a valid website address and are unknowingly redirected to an illegitimate site that steals their personal information. Spam unwanted e-mail (usually of a commercial nature sent out in bulk) Spyware A type of Malware that locates and saves data from users without them knowing about it. then sends it back to the attack instigator e.g. recording passwords entered Social Engineering Hackers use their social skills to trick people into revealing access credentials or other valuable information because people, rather than technology, are the weak points in any system Virus insert themselves (the code) in normal programs, so when the host program gets executed so does the virus. It becomes embedded into the host program, just like how when you get sick the virus is within your body. Trojan Horse Virus installed inside other software, usually as an attachment or a downloadable file that is desirable, but after some time it turns out to be something else! Zombie A computer that is controlled by a hacker who uses it to launch attacks on other computer systems. what is malicious code anything that modifies, deletes and steals data etc. e.g. malware code; sql injection attack where you try to directly query a database; backdoor; logic bomb why is weak/default passwords a security threat constraints on passwords and no default passwords to make it more difficult Prompts you to change your password etc. why is misconfigured access rights a security threat? when people are given permissions they shouldn't have eg a student has a teacher's account and has the teacher's access rights. why is removable media a security threat Banning removable media - USB devices can contain malware which may be automatically installed with autoplay. Can bypass firewalls etc. could have anti-malware scan on USB ports too problems with unpatched software may have security holes that have since been fixed in newer releases but that the user hasn't installed. You are at risk for what has then be patched in later software. what is penetration testing Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access aim of white-box penetration testing simulate a malicious insider who has knowledge of and possibly basic credentials for the target system. black-box penetration test aim: simulate an external hacking or cyber warfare attack. four forms of social engineering: blagging phishing pharming shouldering blagging: inventing a scenario to engage the victim and gain their trust eg pretending you are a Nigerian prince and say you need some money to pay for a funeral phishing similar but it is obtaining private information often through an external link eg get an email that looks like its from your school but it isn't really pharming cyberattack where website's traffic is redirected to a fake site deliberately done by changing the domain name settings in your router etc. shouldering observing a person's private information over their shoulder eg cashpoint machine PIN numbers. examples of malware computer virus trojan spyware adware what can we do against : computer virus trojan spyware adware up to date anti-malware software explain: biometric measures These are measures of human characteristics. This is used as identification and access controls. Anything distinctive eg fingerprint, facial, eye and voice recognition. Touch ID, facial ID (doesnt work with twins) etc. explain: password systems automated procedures that ensure that sound password policies are followed: - may include different character types - changed on regular basis if you don't adhere to the policies you are not allowed into the system explain: CAPTCHA Used to determine whether a user is human. It prevents spam being sent, a website being flooded (DoS attacks) etc. It prevents a computer repeatedly sending a request so many times that the website goes down. The initial text ones could be "read" by robots, so now pictures are used (click on the square with the traffic sign). explain: using email con rmations to con rm a user's identity Email confirmations- confirm a user's identity to ensure they are an actual person and not a robot. The domain can also be used to include/exclude e.g. educational report may only allow you to use it if you have an email linked to "ac" for univesitities explain: automatic software updates automatic software updates to prevent outdated and unpatched software being a problem problems with outdated software especially for anti malware as the databases needs constant updates for latest malware. Not necessarily a security hole. Need to update constantly to have full protection because malware is always being updated define backdoor here is code that allows someone else to interact with a program, NSA would write back doors into encryption define logic bomb something triggers after a certain amount of time, eg if someone is interning in a company they could write code that would activate after they leave. method of encryption message is written in plaintext ie human readable form Message is encrypted into cipher text (scrambled data) using an algorithm not readable c) message is sent d) message is received E) it can be decrypted back into plaintext. Only an authorised person is able to decrypt it. what are firewalls these monitor network traffic and filter packets based on rules. They can block packets/connections from certain regions. It can be sfotware, dedicated hardware or embedded in routers too. how do firewalls work header contains info on IP address and Mac address. So, the firewall filters packets based on IP address and it allows packets going through depending on whether the specific IP address is allowed Stateful inspection: it looks at the context of the data. If one packet is out of place, it will be filtered. blackbox v whitebox penetration testing black box does not have information about the SECURITY SYSTEM define cyber security a series of processes, practices and technologies that protect networks, computers, software and data from damage, loss and unauthorised access define baiting leaving a malware infected portable storage device around hoping that a legitimate user will insert it into the computer system