Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
32 views5 pages

Cyper Security

Cyber security encompasses processes, practices, and technologies aimed at protecting networks and data from threats such as malware, social engineering, and weak passwords. Penetration testing simulates attacks to identify vulnerabilities, while social engineering manipulates individuals into revealing confidential information. Preventative measures include biometric authentication, automatic software updates, and awareness of phishing and pharming tactics.

Uploaded by

Aarav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
32 views5 pages

Cyper Security

Cyber security encompasses processes, practices, and technologies aimed at protecting networks and data from threats such as malware, social engineering, and weak passwords. Penetration testing simulates attacks to identify vulnerabilities, while social engineering manipulates individuals into revealing confidential information. Preventative measures include biometric authentication, automatic software updates, and awareness of phishing and pharming tactics.

Uploaded by

Aarav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Cyber Security

Define the term Cyber Security:


Cyber security is the processes, practices and technologies designed to protect networks, computers,
programs and data from attach, damage and unauthorized access.

Describe each of the following Cyber Security Threats:


Malware: software that has been purposely developed to damage, disrupt or take control of computer
systems.
Social Engineering: techniques manipulate people into giving away confidential and personal information
Weak passwords: easy to guess. Passwords that use words are easy to crack using an algorithm that
systematically goes through all the words in a dictionary until the word matches the password.
Default passwords: Upon registration for an online account, users may be given a default password that
they do not change. Often these passwords are sent out unencrypted via email so pose a major security
vulnerability.
Removable media: such as a USB pen drive can be a vector for transmitting malware.
Unpatched/outdated software: Software needs regular updates to fix security vulnerabilities in computer
systems. Software that remains unpatched is vulnerable to attack.
Misconfigured access rights: Users should only have access to files and data that they need, but sometimes
they have access that they should not.

Explain the Different types of Penetration Testing:


Penetration testing is the process of attempting to gain access to resources without knowledge of
usernames, passwords and other normal means of access.
Malicious insider: The operation of the system is known and the tester is simulating a malicious insider. It
can be targeted to test specific vulnerabilities and it is known what is going to be tested. Since you know
what is going to be tested then all possible scenarios must be tested.
External attack: The tester does not know how the system operates and they are acting as an external
hacker. It requires a lot of investigation and guessing to find issues. May not test all of the system especially
if you do not know its full functionality.

Define Social Engineering


The art of manipulating people so they give up confidential information.
Types of Social Engineering
Blagging: Fraudsters make up a scenario to con victims into revealing something they would not ordinarily do. They
may have found out some personal information about you from social media sites, to pretend they already know
you.

How to prevent

 Use biometric measures because these cannot be divulged.


 Ensure you have your privacy settings on any social media to maximum so that fraudsters cannot find
information about you such as your date of birth, where you live etc.

Phishing: Normally an email or text messaging scam where victims are conned into believing that they are being
contacted by their bank for instance and can give sensitive personal details such as bank account passwords

How to prevent

 Awareness and vigilance. Be particularly aware of unsolicited texts, emails and phone calls. Do not give
personal confidential information away. Official organisations such as banks will never ask for this
information.
 Apply email filtering to prevent dubious emails getting through.

Pharming: Users are redirected to a fraudulent website that they believe to be genuine because it looks like the real
site. For instance, you could be directed site that pretends to be an online store that asks you for your credit card
information.

How to prevent

 Check the URL in the web address. For secure websites such as banking or e-commerce sites the HTTPS
protocol should be used.
 Website filter

Shouldering: Fraudsters look over the shoulder of users to see what passwords or pin numbers that are being typed
into the device. This can easily occur at computer terminals and at ATMs that are out in the street.

How to prevent

 Be aware of who is around you when typing in your pin into an ATM or into a chip and pin device. Make sure
you cover your hands and they are shielded from prying eyes.
 Place computers in locations that makes shoulder surfing difficult

Types of Malware
Computer Virus: replicate themselves and can transfer from one computer to another. They are activated
by a user often as email attachments and attachment to other files and programs.
Trojan: gains access to a computer by pretending to be legitimate software. The trojan allows unauthorised
backdoor access to a computer without the user being aware.
Spyware: records the activity on your computer such as your keystrokes, thereby logging your passwords
for instance and then send the data back over the network to a hacker. Spyware can also be used to control
your webcam and microphone.

Methods that help detect and prevent Cyber Security Threats


Biometric measures: such as fingerprints, facial recognition and iris scans are increasingly being used to
verify a user’s identity for mobile devices. These are more secure than passwords that can be guessed and
forgotten. Biometric measures require a user to be present when signing into a system.
Automatic software: updates to firewalls, operating systems, antivirus and other security software are
needed so that software can be kept up-to-date against new malware and to fix recently discovered
vulnerabilities
CAPTCHA: is a test that can distinguish between humans and bots. It uses images that machines cannot
interpret but humans can
Using email to confirm a person’s identity: Often when you register for an online service you need to
provide your email address. You are then requested to activate a link sent to you in an email. This is to
confirm that the email account is actually active. Helps to ensure that the users are human and not bots
Password systems: Virtually all accounts require passwords to access. Some secure sites such as online
banking require 2 passwords. Banks may also contact you by phone to confirm a large transaction. This is
called two-factor authentication. Password systems can force users to have strong passwords that regularly
need to be changed

Explain the concept of Authentication


 Authentication takes one or more pieces of data specific to the user and compares them to stored
credentials and only allows access to the system if the credentials are valid
 Example: Username and Password
 Security can be enhanced by asking the user to update their passwords regularly, have complex
passwords and limit login attempts

MAC Address Filtering


 MAC Address Filtering takes the specific MAC address for the device and checks to see if it is in the
safelist and only allows the device to connect to the system if it has permission to do so.
 If it is in the blocklist then the MAC address is not allowed to use the network
 Wi-Fi is offered to the public and so it is difficult to know the MAC addresses of all the devices
connecting to the network
 Not useful in cafes as Maintaining and updating the MAC address list is an inconvenience as there are
frequently changing devices.
Cyber Security Threats if Student Gain Unauthorized Access

Captcha: Log in Page, Checkout page (online payments), reset password page
Automatic software Update > Manual Update: The automatic update cannot be delayed and so the
software always remains up to date. Manual update may never be installed causing the software to be out
of date exposing it to malware and other types of cyber security threats.

You might also like