Show Menu

Cyber Security - AQA Computer Science Cheat Sheet by [deleted]

What is 'cyber security'?

Methods and techno­logies designed to protect networks, computers and data from attack, damage and unauth­orised access.


Weak/d­efault passwords
These are easily guessed or found through brute force decryp­tion.
Miscon­figured access rights
This means that system­s/files that should be secure can be accessed by other users.
Removable media (e.g. USBs)
This can bypass security measures (like firewa­lls), so malware can be installed more easily.
Outdated software
Software that has not been patched is vulnerable to attackers.
In addition to this, malicious code and social engine­ering techniques also pose threats.

Cyber Security Threats


Methods of Protection

Identity authen­tic­ation: biometric, passwords, two-step authen­tic­ation
CAPTCHA (human or robot test)
Anti-Virus software (keep up-to-­date)
Updating software and installing patches

Social Engine­ering

Social engine­ering
The process of manipu­lating people into undert­aking certain actions or disclosing confid­ential inform­ation.
Blagging or Pretexting
Creating a fictional scenario in order to obtain a user’s personal inform­ation, then using this inform­ation for malicious purposes.
Contacting users (usually through fraudulent emails that mimic a legitimate organi­sat­ions) to cause users to disclose personal inform­ation (e.g. usernames, passwords)
Setting up and guiding users to a bogus website that is visually identical to a legitimate one, allowing the attacker to gain login details.
Should­ering or Shoulder surfing
Spying’ on people, usually while they’re logging in to accounts or using an ATM, to find sensitive inform­ation (e.g. passwords, PINs).

Phishing and Pharming


Penetr­ation Testing

What is penetr­ation testing?
Attempting to gain access to resources without knowledge of login details and other normal means of access, in order to test defences.
What is the difference between black-box and white-box penetr­ation testing?
White-box penetr­ation is where the tester already has some knowledge of the target system. This simulates an attack by a malicious insider. Black-box is where they have no prior knowledge. This simulates external hacking or cyber warfare.


Dangerous or intrusive software.
Malicious program that duplicates itself once inside a computer or network.
A malicious program disguised as a legitimate one to trick users into installing it.
Software enabling attackers to obtain inform­ation about another's computer activities by transm­itting data from their hard drive.
Ad ware
Software that automa­tically displays advert­isments when a user is online, generating revenue for the attacker.


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Bio Topic 1: Cell Biology Cheat Sheet

          More Cheat Sheets by [deleted]