Chapter 8

Firewall

A combination of hardware and software that protects a network from attack by hackers that could gain access through public networks, including the Internet.

Worm

A computer virus capable of reproducing itself but does not alter any files on your machine. However, can cause havoc by multiplying so many times it takes up all available memory or hard disk space.

Security

A feeling of safey; the absence of threat. Policies and procedure who guarantee freedom.

Botnet

A group of computers that have been infected with bot malware without users' knowledge, enabling a hacker to use the amassed resources of the computers to launch distributed denial-of-service attacks, phishing campaigns or spam.

Hacker

A hacker can be either 1) a computer enthusiast, a person who enjoys learning programming languages and computer systems; or 2) a person who gains unauthorized access to computers or networks, often just for the challenge of it.

Sarbanes-Oxley Act

A landmark piece of securities law, designed to improve the effectiveness of corporate financial reporting through enhanced accountability of auditors, boards of directors, and management.

Trojan horse

A malicious program that hides within or looks like a legitimate program

Spoofing

A technique intruders use to make their network or internet transmission appear legitimate.

Evil twin

A wireless network with the same name as another wireless access point. Users unknowingly connect to it; hackers monitor the traffic looking for useful information.

Controls

All methods, policies, and procedure that ensure the protection of an organization's assets.

Phishing

Also known as carding and spoofing, it consists of illegally acquiring personal information, such as bank passwords and credit card numbers, by masquerading as a trustworthy person or business in what appears to be an official electronic communication, such as an email.

Symmetric Encryption

An encryption standard that requires all parties to have a copy of a shared key. A single key is used for both encryption and decryption.

Pharming

An online scam that attacks the browser's address bar. Users type in what they think is a valid website address and are unknowingly redirected to an illegitimate site that steals their personal information.

Social engineering

Attacks that involve manipulating and tricking an individual into divulging confidential info to be used for fraudulent purposes.

Denial of Service (DoS) attack

Attacks that occur when a large number of computers try to access a website at the same time, effectively overloading it and causing it to shut down.

keylogger

Captures and stores each keystroke that a user types on the computer's keyboard.

Encryption

Coding or scrambling process that renders a message unreadable by anyone other than the intended recipient

War driving

Driving around an area with a Wi-Fi-enabled computer or mobile device to find a Wi-Fi network to access and use without authorization.

Sniffing

Eavesdropping on network communications by a third party.

HIPAA

Established April 14, 2003. The Health Insurance Portability and Accountability Act, a federal law protecting the privacy of patient-specific health care information and providing the patient with control over how this information is used and distributed.

Identity theft

It is a crime where a criminal steals some of your personal information such as name, drivers license, or social security number. The info is used by the criminal to purchase items, and your name can be used to open new accounts.

Public Key Infrastructure (PKI)

Known as PKI. Necessary for widespread electronic commerce. No absolute definition or standard. A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate the validity of parties in Internet transactions.

Distributed DoS (DDoS)

Numerous computers inundating the and overwhelming a network from numerous launch points.

Intrusion detection systems

Software that monitors system and network resources and notifies network security personnel when it senses a possible intrusion.

Identity Management Software

Support the organization's security and authorization policies. Include business processes and technologies for identifying valid users of systems. Establish where and when a user is permitted to access certain parts of a web site or corporate database.

Fault-tolerant computer systems

Systems that contain extra hardware, software, and power supply components that can back a system up and keep it running to prevent system failure.

Gramm-Leach-Bliley Act

The ____ requires all financial service institutions to communicate their data privacy rules and honor customer preferences on sharing of data.

Secure Sockets Layer (SSL)

a standard security technology for establishing an encrypted link between a web server and a browser, ensuring that all data passed between them remain private.

Public key Encryption

an encryption system that uses two keys: a public key that everyone can have and a private key for only the recipient.

SQL injection attack

attacks against a web site that take advantage of vulnerabilities in poorly coded SQL (a standard and common database software application) applications in order to introduce malicious program code into a company's systems and networks.

Spyware

computer software that is designed to collect personal info about users without their informed consent

Malware

software designed to infiltrate or damage a computer system without the user's informed consent.

Antivirus Software

software that is specifically designed to detect viruses and protect a computer and files from harm.

Cracker

someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action