Please enable JavaScript.
Coggle requires JavaScript to display documents.
Section 6: Cyber Security Threats (Methods of protection (Encryption (Data…
Section 6: Cyber Security Threats
What is cyber security?
Aims to protect networks, programs, data and computers against damage, cyber attacks and unauthorised access
Cyber attacks can target individuals, organisations and governments
Hackers aim to obtain sensitive information
Multiple people are impacted when organisations are targeted (e.g. banks)
Penetration Testing
Also known as pentesting
When governments or organisations employ a specialist to simulate potential attacks to their network
Results reported back and fixes are made
White box
Simulates a malicious insider who has knowledge of system.
Person carrying out test is given user credentials
Black box
Simulates an external cyber attack
Person employed will try to hack system any way they can without credentials
Social Engineering
Pharming
A user is directed to a fake version of a website
User then inputs personal information, which can be accessed by the criminals who own the copy website
Carried out with malware that redirects people.
Anti-malware being up to date can reduce the risk of this
Internet browsers use web filters to prevent people accessing these fake sites
Phishing
Criminals send texts or emails claiming they are from a well-known company. Often leads person to a fake website
Sent to 1000s of people in the hope someone believes it is legitimate
Email programs, browsers and firewalls often have anti-phishing features to reduce risk
Often obvious signs that it is illegitimate
Shouldering
Watching and observing a person's activity, over their shoulder typically
Spying someone's PIN number at a cash machine, watching someone put in a password to a secure computer
Doesn't require technical expertise or planning. Being discrete reduces risk
Blagging
When someone makes up a story or pretends to be someone they are not, to persuade victim to share personal information
Pretending to be a friend or relation
Victim can be phoned by someone pretending to be someone important to gain their trust
Used to pressure or rush victims into giving away data without thought.
Use security measures that ensure details can't be easily given away (e.g. biometrics)
Methods of protection
Encryption
Data translated into code which only someone with the correct key can access
unauthorised users can't read it
Encrypted text called cipher text
Essential for sending data over a network securely
Anti-malware software
Designed to find and stop malware from damaging a network or device
Lots of different types - firewalls examine data entering or leaving a network and blocks threats
Popular for organisations
User-access levels
Control which parts of the network different users can access
Business managers likely to have higher access level, allowing them to access more sensitive data
Limits the number of people who can access important data
Prevents attack from within the organisation
Automatic software updates
Used to patch (fix) any identified security holes in software
Unpatched or outdated software is more likely to be exploited
MAC address filtering
Way of making sure only people on a network are trusted users
Checks unique identification for each device that tries to connect to network and only lets allowed devices join
Authentication
Passwords
Simple way to check someone's identity
Should be strong - many characters, letters, numbers and symbols, and must be changed regularly
Weak or default passwords are more at risk of hacking
Brute force attacks get past short simple passwords
Biometrics
Use scanners to identify people by a unique part of their body (retina, fingerprint, etc)
Many uses - e.g. now used on smartphones
Quite secure and convenient for users (don't need to remember passwords or carry keycards)
More expensive to implement than other methods
Email Confirmation
Used by most web services that require account registration to ensure email belongs to user
Used to stop people from using fake email addresses to sign-up for things
CAPTCHA
C
ompletely
A
utomated,
P
ublic,
T
uring test to tell Computers and
H
umans
A
part
Prevents programs from automatically doing things
Consists of simple tasks - typing a blurred or distorted word, or recognising certain things in an image
Image recognition software and artificial intelligence is developing and machines are become capable of passing these tests.
Malware
Code that is designed to cause harm or gain unauthorised access to a computer system
Often installed on someone's device without permission or consent
Typical actions of malware
Deleting or modifying files
Locking files - ransomware encrypts files and user receives message asking for a sum of money to access the key
Monitoring the user - spyware tracks actions and sends info to hacker
Displaying unwanted adverts - adware can cause pop-adds that can't be closed
Altering permissions - rootkits give hackers administrator-level access to devices
How malware spreads
Viruses attach to certain files (by copying themselves). Users spread them by copying infected files
Worms - like viruses, but self-replicate without user help, can spread very quickly, exploit weaknesses
Trojans - malware disguised as legitimate software, don't replicate but users install them unknowingly