Cybersecurity Essentials - Module 3

Questions and Answers

Which of these is NOT a commonly recognized type of cybersecurity attack?

• Denial-of-service (DoS)
• Quantum Computing (correct)
• Malware
• Phishing

Which of the following is generally considered a best practice for enhancing password security?

• Storing passwords in a readily accessible location for easy retrieval
• Using the same password for multiple accounts
• Using a combination of upper and lowercase letters, numbers, and symbols (correct)
• Creating simple and easy-to-remember passwords

What does the acronym 'VPN' stand for in the context of cybersecurity?

• Very Private Network
• Variable Packet Network
• Virtual Private Network (correct)
• Virtual Packet Network

What is the primary function of a firewall in a cybersecurity context?

Filtering network traffic to block unauthorized access (B)

What is the primary goal of a social engineering attack?

Tricking individuals into providing confidential information (D)

Flashcards

Cybersecurity

Protection of internet-connected systems from cyber threats.

Cyber Threats

Potential harmful actions that can exploit vulnerabilities in systems.

Vulnerabilities

Weak points in a system that can be exploited by threats.

Malware

Malicious software designed to harm or exploit devices.

Phishing

Fraudulent attempts to obtain sensitive information via deceptive emails.

Study Notes

Cybersecurity Essentials - Module 3

• Learning Objectives: Identifying app/software security concerns, understanding app/software compromise methods, listing data types hackers target.

Mobile Applications

• Mobile apps prioritize functionality and ease of use, often at the expense of security.
• Weak passwords and poorly designed apps contribute to vulnerabilities.
• Malware infections pose a significant security risk.

Mobile Application Security Improvements

• Employ strong passwords (long, mixes of characters, upper/lowercase, symbols)
• Verify app origins through reputable app stores
• Utilize multi-factor authentication (MFA).

Rooting and Jailbreaking

• Some users modify device restrictions to install unauthorized apps.
• Such modifications increase device vulnerability.
• App stores implement security measures.

Desktop Software

• Desktop software, whether local or cloud-based, can be vulnerable to attacks.
• Weak passwords, lack of physical security, and non-HTTPS browsing are major concerns.
• Using antivirus and a VPN, strong passwords, physical security precautions,and HTTPS browsing are necessary for better security.

Business Software

• Business software often facilitates essential transactions and data handling.
• Ransomware and cyberattacks are used to compromise the data.
• Secure work practices, employee training, and robust systems are necessary to secure data.

Corporate Network

• Businesses must restrict access to data, systems, and resources to protect them.
• Data should be shared only on a "need-to-know" basis.
• Unauthorized access and insider threats are significant risks.
• Consumer-grade cloud and sharing solutions might not have robust security.
• You are only as secure as your weakest link.

Browser Security

• Social networking sites use HTTPS.
• Ensure safety before sharing data.
• Know and use site privacy settings.
• Avoid clicking on suspicious links.
• Use strong passwords and update software.
• Websites (even those using HTTPS) can still be compromised.

Instant Messaging

• Instant messaging systems are often lacking in security features.
• Data transmitted is usually unencrypted.
• Senders are rarely authenticated.
• Files and links are often not scanned for malicious content.

Security Certificates

• SSL certificates authenticate websites' identities and enable encrypted connections between web servers and browsers.
• Root certificate stores (like Apple, Microsoft, Mozilla, Google) certify these certificates.
• SSL certificates are crucial to maintain user privacy and trust.

Browser Updates

• Keeping browsers updated is essential due to their vulnerability to hacker attacks.
• Automatic updates are preferred.
• Mobile device updates can be performed through Wi-Fi or cellular networks.

Browser Caches & History

• Browser caches store downloaded webpages for rapid access.
• Large caches can slow system performance.
• Browser history is stored.
• Clearing browsing history & cache can reduce storage space and personal data vulnerabilities.

Private Browsing

• Private browsing mode does not store browsing history, cookies, or form data.
• However, browsing activity is often still visible to employers, schools, or ISPs.

Malicious Websites

• Malicious websites often look legitimate.
• Users should be cautious of misleading URLs and poorly designed sites.

Safe Websites

• Using the Whois Lookup tool, checking reviews, using HTTPS sites, and scrutinizing trust seals aid in identifying safe websites.

Adware & Popups

• Adware displays unwanted ads and often comes bundled with software.
• Adware can collect user data, track online activity, and redirect to malicious websites.

Redirection

• Redirection redirects users to unintended websites.
• Unwanted toolbars, malicious extensions, malware, or hackers' activity can cause redirection.
• Keeping software up-to-date and running regular security scans helps prevent redirection.

VPNs

• VPNs establish encrypted connections for secure data transmission.
• VPNs are categorized for secure communication(Site-to-site, Host-to-site, Host-to-host).
• VPN hardware (and software) devices can help maintain security.
• IPsec is a suite of protocols that enhance security for data transmission.

Warning Signs

• Search engines and browsers use algorithms to detect and warn users of harmful websites.
• Users should be wary of websites presenting warnings of any sort.

Recap

• Autofill features store sensitive information.
• Caches store downloaded webpages to speed up browsing.
• Safe websites utilize HTTPS, trust seals, and site reviews to maintain security.
• Adware poses a significant risk by collecting user data and slow performance.