MIS CH 19 REVIEW

intrusion detection systems

A system that monitors network use for potential hacking attempts. Such a system may take preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel.

hack

A term that may, depending on the context, refer to either (1) breaking into a computer system, or (2) a particularly clever solution.

hacker

A term that, depending on the context, may be applied to either (1) someone who breaks into computer systems, or (2) a particularly clever programmer.

certificate authority

A trusted third party that provides authentication services in public key encryption schemes.

encryption

Scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.

multi-factor authentication

When identity is proven by presenting more than one item for proof of credentials. Multiple factors often include a password and some other identifier such as a unique code sent via e-mail or mobile phone text, a biometric reading (e.g., fingerprint or iris scan), a swipe or tap card, or other form of identification.

8. Edward Snowden is:

a U.S. government contractor thought whistle-blower by many, who released (in violation of U.S. law) secret documents exposing state-run surveillance networks. Former CIA employee and NSA contractor, Edward Snowden, gathered over 1.7 million digital documents from U.S., British, and Australian agencies and began leaking them to the press. The Snowden disclosures revealed that several U.S. government agencies, including the NSA and FBI, had data-monitoring efforts far more pervasive than many realized.

cash-out fraudsters

Criminals who purchase assets from data harvesters to be used for illegal financial gain. Actions may include using stolen credit card numbers to purchase goods, creating fake accounts via identity fraud, and more.

data harvesters

Cybercriminals who infiltrate systems and collect data for illegal resale.

firewalls

A system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use.

1. Which of the following factors is thought to have been at work during the Target security breach?

- Malicious code was disguised by using the name of a legitimate software product. - Target's security software could have automatically deleted detected malware, but this function was turned off. - The database for credit card transactions wasn't sufficiently isolated from other parts of the system Security software notification went off shortly after unauthorized software began collecting data inside Target's network, but Target ignored the warning. While the area where credit card transactions are processed is supposed to be walled off from other areas of the Target network, hackers found holes and eventually nestled their code in a sweet spot for grabbing customer data, disguising the code with the label "BladeLogic" the name of a legitimate data center management product. The firm's security software has an option to automatically delete malware as it's detected but Target's security team had turned that function off.

phishing

A con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software.

hacktivists

A protester seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage.

honeypots

A seemingly tempting, but bogus target meant to draw hacking attempts. By monitoring infiltration attempts against a honeypot, organizations may gain insight into the identity of hackers and their techniques, and they can share this with partners and law enforcement.

public key encryption

A two-key system used for securing electronic transmissions. One key distributed publicly is used to encrypt (lock) data, but it cannot unlock data. Unlocking can only be performed with the private key. The private key also cannot be reverse engineered from the public key. By distributing public keys, but keeping the private key, Internet services can ensure transmissions to their site are secure.

CAPTCHAs

An acronym standing for completely automated public Turing test to tell computers and humans apart. The Turing test is, rather redundantly, an idea (rather than an official test) that one can create a test to tell computers apart from humans.

brute-force attacks

An attack that exhausts all possible password combinations in order to break into an account. The larger and more complicated a password or key, the longer a brute-force attack will take.

distributed denial of service (DDoS)

An attack where a firm's computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site's use. DDoS attacks are often performed via botnets.

zero-day exploits

Attacks that are so new that they haven't been clearly identified, and so they haven't made it into security screening systems.

key (encryption)

Code that unlocks encryption.

dumpster diving

Combing through trash to identify valuable assets.

black hat hackers

Computer criminals.

29. A best practice for information security is to stay with mandated security regulations requirements.

FALSE Companies should approach information security as a part of their "collective corporate responsibility…regardless of whether regulation requires them to do so."

20. One way to enhance security against malware on smartphones is to modify the phone to work off network.

FALSE Most smartphones have layers of security to block the spread of malware, so hackers typically hunt for the weakest victims. Easy marks include "jail-broken" iPhones, devices with warranty-voiding modifications in which security restrictions are overridden to allow phones to be used off-network, and for the installation of unsanctioned applications.

23. Public key encryption is considered far weaker than private key encryption, so most websites avoid using public key systems.

FALSE Most websites that deal with financial transactions (e.g., banks, online stores) secure transmissions using a method called public key encryption. The system works with two keys-a public key and a private key. The public key can "lock" or encrypt data, but it can't unlock it: that can only be performed by the private key. So a website that wants you to transmit secure information will send you a public key-you use this to lock the data, and no one that intercepts that transmission can break in unless they've got the private key. If the website does its job, it will keep the private key out of reach of all potentially prying eyes.

21. VPN software should only be used on an organization's internal network. Never use VPN software on a public wireless network, as this could give hackers an entryway from your computer into your organization's secure network

FALSE Public wireless connections pose significant security threats. The use of VPN (virtual private network) software can reduce threats by making Internet transmissions unreadable if they are intercepted. VPN networks use encryption to scramble data, making it difficult for hackers to access.

27. Students are discouraged from using over-the-Internet backup services since these are known sources for security vulnerability.

FALSE The most likely threat to your data doesn't come from hackers; it comes from hardware failure. Yet most users still don't regularly back up their systems. Internet backup services can provide off-site storage and access if disaster strikes.

24. The encryption math behind OpenSSL is so solid and would require such an extensive amount of computing power to execute a brute-force attack, that OpenSSL had (as of the writing of the textbook) never been compromised.

FALSE While encryption math is quite strong, that does not mean that all software using this math can't have other bugs that create vulnerabilities. The Heartbleed bug, a weakness in the OpenSSL security software, may have created a vulnerability in software used by two-thirds of Web sites and which is embedded into all sorts of Internet-connected products.

shoulder surfing

Gaining compromising information through observation (as in looking over someone's shoulder).

whitelists

Highly restrictive programs that permit communication only with approved entities and/or in an approved manner.

botnets

Hordes of surreptitiously infiltrated computers, linked and controlled remotely, also known as zombie networks.

28. The ______________ framework represents a series of standards for best practices in implementing, maintaining and improving organizational security.

ISO 27000 There are several frameworks, but perhaps the best known of these efforts comes from the International Organization for Standards (ISO), and is broadly referred to as ISO27k or the ISO 27000 series. According to ISO.org, this evolving set of standards provides "a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System."

3. Which of the following is a valid observation regarding information security?

Information security isn't just a technology problem. Information security isn't just a technology problem; a host of personnel and procedural factors can create and amplify a firm's vulnerability.

blacklists

Programs that deny the entry or exit of specific IP addresses, products, Internet domains, and other communication restrictions.

19. _______________ is an example of an exploit in which hackers target security vulnerabilities caused by software developers not validating user input.

SQL injection technique Some exploits, like the SQL injection technique, directly target poorly designed and programmed websites, zeroing in on a sloppy programming practice where software developers don't validate user input.

white hat hackers

Someone who uncovers computer weaknesses without exploiting them. The goal of the white hat hacker is to improve system security.

spoofed

Term used in security to refer to forging or disguising the origin or identity. E-mail transmissions and packets that have been altered to seem as if they came from another source are referred to as being "spoofed."

26. Which of the following is a precaution a user can take against hacking?

Stay armed Surf smart Stay Vigilant Stay Updated Surf smart. Think before you click—question links, enclosures, download requests, and the integrity of websites that you visit. Stay vigilant. Social engineering con artists and rogue insiders are out there. An appropriate level of questioning applies not only to computer use, but also to personal interactions, be it in person, on the phone, or electronically. Stay updated. Turn on software update features for your operating system and any application you use (browsers, applications, plug-ins, and applets), and manually check for updates when needed. Stay armed. Install a full suite of security software.

14. Two-factor or multi-factor authentication systems can slow consumers down, leading to consumer annoyance and dissatisfaction.

TRUE For most consumer applications, slowing down users with a two-factor or multi-factor authentication system would be an impractical mandate.

18. Keyloggers spyware can be either software-based or hardware-based.

TRUE Keylogger is a type of spyware that records user keystrokes. Keyloggers can be either software-based or hardware-based, such as a recording "dongle" that is plugged in between a keyboard and a PC.

7. Stuxnet showed that with computers at the heart of so many systems, it's now possible to destroy critical infrastructure without firing a shot.

TRUE Stuxnet showed that with computers at the heart of so many systems, it's now possible to destroy critical infrastructure without firing a shot.Stuxnet is an act of cyberwarfare which is suspected to have been launched by either U.S. or Israeli intelligence (or both).Stuxnet infiltrated Iranian nuclear facilities and reprogramed the industrial control software operating hundreds of uranium-enriching centrifuges.

2. Although the attack on Target was one of the largest credit card breaches in U.S. business history, the software that executed the attack was not considered to be especially sophisticated.

TRUE The malware used to breach Target was described by one security expert as "absolutely unsophisticated and uninteresting."

10. A white hat hacker looks for weaknesses in security mechanisms, with a view to help plug the holes that might be exploited by cyber-criminals.

TRUE White hats are the good guys who probe for weaknesses, but don't exploit them. Instead, they share their knowledge in hopes that the holes they've found will be plugged and security will be improved. Many firms hire consultants to conduct "white hat" hacking expeditions on their own assets as part of their auditing and security process. "Black hats" are the bad guys.

biometrics

Technologies that measure and analyze human body characteristics for identification or authentication. These might include fingerprint readers, retina scanners, voice and face recognition, and more.

voice-print

Technology that identifies users via unique characteristics in speech.

9. Why have U.S. technology firms complained that U.S. government surveillance techniques put them at a disadvantage relative to foreign firms?

U.S. firms complain that the actions of surveillance agencies have put them at a disadvantage by damaging their reputation. U.S. technology firms have complained that the actions of surveillance agencies have put them at a disadvantage, with customers looking for alternatives free of the tarnished perception of having (complicity or unwittingly) provided private information to authorities.

4. _____ are hordes of surreptitiously infiltrated computers linked and controlled remotely, and are also known as zombie networks.

botnets Botnets of zombie computers are networks of infiltrated and compromised machines controlled by a central command and are used for all sorts of nefarious activities.

5. An attack in which a firm's computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site, is known as:

distributed denial of service DDoS (distributed denial of service) attacks involve effectively shutting down websites by overwhelming them with a crushing load of seemingly legitimate requests sent simultaneously by thousands of machines.

22. One of the physical threats hackers use, sifting through trash searching for valuable data, is called__________________.

dumpster diving Anything valuable that reaches the trash in a recoverable state is also a potential security breach. Hackers and spies sometimes practice dumpster diving, sifting through trash in an effort to uncover valuable data or insights that can be stolen or used to launch a security attack.

6. _____ refer to protesters seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage.

hacktivists Hacktivists are protesters seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage. They target firms, Web sites, or even users as a protest measure.

30. A security tool that is deployed by firms as a phony target to lure or distract attackers and gain information about them is known as a:

honeypot Some firms deploy honeypots—bogus offerings meant to distract attackers. If attackers take the honeypot bait, firms may gain an opportunity to recognize the hacker's exploits, identify the IP address of intrusion, and take action to block further attacks and alert authorities.

12. Cons executed through technology and that often try to leverage the reputation of a trusted firm or friend to trick the victim into performing an action or revealing information constitute:

phishing Phishing refers to cons executed through technology. Many have masqueraded as a security alert from a bank or e-commerce site, a message from an employer, or even a notice from the government. Sophisticated con artists will lift logos, mimic standard layouts, and copy official language from legitimate websites or prior e-mails.

32. Malware _____ are a sort of electronic fingerprint often used to recognize malicious code.

signatures The malware signature is a sort of electronic fingerprint often used to recognize malicious code. Recent malware has become polymorphic, meaning different versions are created and deployed in a way that their signature is slightly altered.

11. Con games that trick employees into revealing information or performing other tasks that compromise a firm are known as _____ in security circles.

social engineering Con games that trick employees into revealing information or performing other tasks that compromise a firm are known as social engineering in security circles.

13. The term _____________ refers to forging or disguising the origin or identity.

spoof Spoofed is a term used in security to refer to forging or disguising the origin or identity. It's possible that the e-mail address has been spoofed (faked) or that it was sent via a colleague's compromised account.

15. The phrase __________________ refers to security schemes that automatically send one-time use representations of a credit card which can be received and processed by banking and transaction firms at the time of payment. They are used in Apple Pay and Android Pay.

tokenization A scheme called tokenization sends one-time use representations of a credit card over the Internet. While these tokens will buy your stuff, if stolen then can't be reused by bad guys.

16. Exploits that attempt to infiltrate a computer system by masquerading as something that they are not are called:

trojans Trojans are exploits that, like the mythical Trojan Horse, try to sneak in by masquerading as something they're not. The payload is released when the user is duped into downloading and installing the malware cargo, oftentimes via phishing exploits.

31. Programs that use _____ are highly restrictive, permitting communication only with pre-approved entities.

whitelists Whitelists are highly restrictive security tools that permit communication only with approved entities like specific IP addresses, products, and Internet domains in an approved manner.

17. The key difference between viruses and worms is that:

worms do not need an executable to spread, unlike viruses. Viruses infect other software and files and require an executable (running program) to spread, attaching to other executables. Worms exploit security vulnerability to automatically spread, but do not need an executable.

25. _____ are attacks that are so new that they haven't been clearly identified, and so they haven't made it into security screening systems.

zero-day exploits Zero-day exploits are attacks that are so new that they haven't been clearly identified, and so they haven't made it into security screening systems.