CH 4 System Threats
PCI compliance levels
4 levels
Level 2 pci
: Applies to merchants processing between one and six million real-world credit or debit card transactions annually. Validation Requirements:Annual Self-Assessment Questionnaire (SAQ)Quarterly network scan by Approved Scan Vendor (ASV)Attestation of Compliance Form
identity theft
A crime that involves someone pretending to be another person in order to steal money or obtain benefits an imposter obtains key pieces of personal information, such as social security identification numbers, driver's license numbers, or credit card numbers, to impersonate someone else.
Payment Card Industry
A data security standard. A series of technology requirements for retailers and companies that process credit cards, which are designed to ensure the protection of the cardholder data.
botnet
A logical computer network of zombies under the control of an attacker. infecting other people's computers with bot malware that opens a back door through which an attacker can give instructions. the botnet to launch DDos attacks, phishing campaigns, or unsolicited "spam" e-mail.
Payment Card Industry Data Security Standard
A set of security standards that all U.S. companies processing, storing, or transmitting credit card information must follow.
Phishing
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information setting up fake Web sites or sending e-mail or text messages that look like those of legitimate businesses to ask users for confidential personal data. The message instructs recipients to update or confirm records by providing social security numbers, bank and credit card information,
pharming
An online scam that attacks the browser's address bar. Users type in what they think is a valid website address and are unknowingly redirected to an illegitimate site that steals their personal information.
Level 3: psi
Applies to merchants processing between 20,000 and one million e-commerce transactions annually. Validation Requirements:Annual SAQQuarterly network scan by ASVAttestation of Compliance Form
Level 4: pci
Applies to merchants processing fewer than 20,000 e-commerce transactions annually, or those that process up to one million real-world transactions. Validation Requirements:Depends on the merchant's acquiring bankTypically include an annual SAQ and Quarterly network scan by ASV
level 1 pci
Applies to merchants processing more than six million real-world credit or debit card transactions annually. Validation Requirements:Annual Report on Compliance (ROC) by a Qualified Security Assessor (QSA) (also known as a Level 1 onsite assessment)Quarterly network scan by Approved Scan Vendor (ASV)Attestation of Compliance Form
Symmetric Key Encryption
Encryption system in which a single key is used for both encryption and decryption. sender and receiver establish a secure Internet session by creating a single encryption key and sending it to the receiver so both the sender and receiver share the same key disadvantage: key itself must be shared somehow among the senders and receivers, which exposes the key to outsiders
Internet management tools
Firewalls, intrusion detection systems, and antivirus software have become essential business tools.
distributed denial-of-service (DDoS) attack
Many computers collaborate to shut down a target, usually by keeping it busy or overwhelming it with incoming requests. numerous computers to inundate and overwhelm the network from numerous launch points.
encryption
Process of converting readable data into unreadable characters to prevent unauthorized access. process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver.
computer worms
Programs that attack computer networks (or the Internet) by self-replicating and sending themselves to other users, generally via email without the aid of the operator. independent computer programs that copy themselves from one computer to other computers over a network. (Unlike viruses, they can operate on their own without attaching to other computer program rely less on human behavior destroy data and programs as well as disrupt or even halt the operation of computer networks.
PCI Requirement 11
Regularly test security systems and processes. Many organizations perform little or no regular testing on the adequacy of the security controls governing their network and Internet-facing Web site applications. Failure to periodically run internal and external network scans to identify weaknesses can prove costly when back doors are left open to hackers and malicious code. Nessus is a perfect tool to use for this requirement. PCI must perform penetration testing once a year or after any major upgrade or changes.
Ransomware
Software that encrypts programs and data until a ransom is paid to remove it. type of malware that restricts access to your computer or your files and displays a message that demands payment in order for the restriction to be removed. cyber extortion for financial gain
Fault-tolerant computer systems
Systems that contain extra hardware, software, and power supply components that can back a system up and keep it running to prevent system failure.
Public Key Encryption
Used prevalently on the web, it allows for secure messages to be sent between parties without having to agree on, or share, a secret key. It uses an asymmetric encryption scheme in which the encryption key is made public, but the decryption key is kept private.
Malicious software
Viruses, worms, and other forms of malware that may attack a computer connected to the Internet. malware and include a variety of threats, such as computer viruses, worms, and Trojan horses.
Evil twins
Wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet, such as those in airport lounges, hotels, or coffee shops. The bogus network looks identical to a legitimate public network. Fraudsters try to capture passwords or credit card numbers of unwitting users who log on to the network.
Intrusion Detection System (IDS)
a computer program that senses when another computer is attempting to scan or access a computer or network full-time monitoring tools placed at the most vulnerable points or "hot spots" of corporate networks to detect and deter intruders continually
denial of service attack
a cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources hackers flood a network server or Web server with many thousands of false communications or requests for services to crash the network
Cracker
a hacker with criminal intent gain unauthorized access by finding weaknesses in the security protections employed by Web sites and computer systems, often taking advantage of various features of the Internet that make it an open system that is easy to use.
Firewall
a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. a combination of hardware and software that controls the flow of incoming and outgoing network traffic. It is generally placed between the organization's private internal networks and distrusted external networks
Token
a physical device, similar to an identification card, that is designed to prove the identity of a single user
trojan horse
a program that appears desirable but actually contains something harmful software program that appears to be benign but then does something other than expected, such as the Zeus Trojan often a way for viruses or other malicious code to be introduced into a computer system
computer virus
a software program capable of reproducing itself and usually capable of causing great harm to files or other programs on the same computer a rogue software program that attaches itself to other software programs or data files in order to be executed, usually without user knowledge or permission display a message or image, or it may be highly destructive—destroying programs or data, clogging computer memory, reformatting a computer's hard drive, or causing programs to run improperly.
Computer Crime
any illegal act involving a computer defined by the U.S. Department of Justice as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution."
Unified Threat Management (UTM)
comprehensive security management tool that combines multiple security tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti-spam software
Hacker
individual who intends to gain unauthorized access to a computer system
antivirus software
scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware designed to check computer systems and drives for the presence of computer viruses. Often the software eliminates the virus from the infected area. only effective if virus has been written
PCI Compliance
simply means adhering to the PCI DSS. While the PCI SSC has no legal authority to compel compliance, it is a requirement for any business that processes credit or debit card transactions. PCI certification is also considered the best way to safeguard sensitive data and information, thereby helping businesses build long-lasting and trusting relationships with their customers.
spyware
software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive. install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising
Mariposa Botnet
started in Spain and spread across the world. Mariposa had infected and controlled about 12.7 million computers in its efforts to steal credit card numbers and online banking passwords. More than half the Fortune 1000 companies, 40 major banks, and numerous government agencies were infected—and did not know it.
Although DoS attacks do not destroy information?
they often cause a Web site to shut down, making it impossible for legitimate users to access the site
High-availability computing
tools and technologies, including backup hardware resources, to enable a system to recover quickly from a crash
biometric authentication
uses personal physical characteristics such as fingerprints, facial features, and retinal scans to authenticate users