Chapter 8 MIS 8.1 & 8.4

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

SQL injection attacks

-major malware threat. -take advantage of vulnerabilities in poorly coded Web application software to introduce malicious program code into a company's systems and networks.

why do computers with Modems or DSL(digital subscriber line) more open to penetration from other users?

BC they use fixed internet addresses to where they can easily be identified, so its a fixed target for hackers.

malware

Malicious software such as computer viruses, worms, and Trojan horses.

Controls

Methods, policies, and organizational procedures that ensure safety of organization's assets; accuracy and reliability of its accounting records; and operational adherence to management standards

botnet.

Networks of "zombie" PCs infiltrated by bot malware Deliver 90% of world spam, 80% of world malware Grum botnet: controlled 560K to 840K computers

Security

Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems

Authentication

ability to know that a person is who he or she claims to be

Trojan horse

appears to be benign but then does something other than expected. The Trojan horse is not itself a virus because it does not replicate, but it is often a way for viruses or other malicious code to be introduced into a computer system.

computer viruses

attaches itself to other software programs or data files in order to be executed, usually without user knowledge or permission.

distributed denial-of-service (DDoS)

attack uses numerous computers to inundate and overwhelm the network from numerous launch points.

Digital certificates Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 320). Pearson HE, Inc.. Kindle Edition.

data files used to establish the identity of users and electronic assets for protection of online transactions Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 320). Pearson HE, Inc.. Kindle Edition.

smart card

device about the size of a credit card that contains a chip formatted with access permission and other data. (Smart cards are also used in electronic payment systems.) A reader device interprets the data on the smart card and allows or denies access.

war driving

eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic.

sniffer

eavesdropping program that monitors information traveling over a network. help identify potential network trouble spots or criminal activity on networks

Secure Sockets Layer (SSL)

enable client and server computers to manage encryption and decryption activities as they communicate with each other during a secure Web session.

Packet filtering

examines selected fields in the headers of data packets flowing back and forth between the trusted network and the Internet, examining individual packets in isolation.

Intrusion detection systems

feature full-time monitoring tools placed at the most vulnerable points or "hot spots" of corporate networks to detect and deter intruders continually. The system generates an alarm if it finds a suspicious or anomalous event

Application proxy filtering Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 318). Pearson HE, Inc.. Kindle Edition.

filtering examines the application content of packets. A proxy server stops data packets originating outside the organization, inspects them, and passes a proxy to the other side of the firewall. Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 318). Pearson HE, Inc.. Kindle Edition.

denial-of-service (DoS) attack,

hackers flood a network server or Web server with many thousands of false communications or requests for services to crash the network. most economically damaging kinds of computer crime are DoS attacks, introducing viruses, theft of services, and disruption of computer systems.

Click fraud

individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase. Click fraud has become a serious problem at Google and other Web sites that feature pay-per-click online advertising.

hacker

individual who intends to gain unauthorized access to a computer system. Within the hacking community, the term cracker is typically used to denote a hacker with criminal intent, although in the public press, the terms hacker and cracker are used interchangeably. Hackers and crackers gain unauthorized access by finding weaknesses in the security protections employed by Web sites and computer systems, often taking advantage of various features of the Internet that make it an open

spyware

install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising.

cybervandalism

intentional disruption, defacement, or even destruction of a Web site or corporate information system.

social engineering

intruders seeking system access sometimes trick employees into revealing their passwords by pretending to be legitimate members of the company in need of information.

Spoofing

involve redirecting a Web link to an address different from the intended one, with the site masquerading as the intended destination. For example, if hackers redirect customers to a fake Web site that looks almost exactly like the true site, they can then collect and process orders, effectively stealing business as well as sensitive customer information from the true site.

public key encryption Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 320). Pearson HE, Inc.. Kindle Edition.

more secure form of encryption. uses two keys: one shared (or public) and one totally private Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 320). Pearson HE, Inc.. Kindle Edition. Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 320). Pearson HE, Inc.. Kindle Edition.

drive-by downloads,

of malware that comes with a downloaded file that a user intentionally or unintentionally requests.

token

physical device, similar to an identification card, that is designed to prove the identity of a single user.

Firewall

prevent unauthorized users from accessing private networks. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic. It is generally placed between to organization's private internal networks and distrusted external networks,

Antivirus software

prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware, and adware. However, most antivirus software is effective only against malware already known when the software was written. To remain effective, the antivirus software must be continually updated.

Encryption

process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver.

Network Address Translation (NAT)

provide another layer of protection when static packet filtering and stateful inspection are employed. NAT conceals the IP addresses of the organization's internal host computer(s) to prevent sniffer programs outside the firewall from ascertaining them and using that information to penetrate internal systems.

Stateful inspection Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 318). Pearson HE, Inc.. Kindle Edition.

provides additional security by determining whether packets are part of an ongoing dialogue between a sender and a receiver. Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 318). Pearson HE, Inc.. Kindle Edition.

Keyloggers

record every keystroke made on a computer to steal serial numbers for software, to launch Internet attacks, to gain access to e-mail accounts, to obtain passwords to protected computer systems, or to pick up personal information such as credit card numbers.

Pharming

redirects users to a bogus Web page, even when the individual types the correct Web page address into his or her browser.

phishing.

setting up fake Web sites or sending e-mail messages that look like those of legitimate businesses to ask users for confidential personal data.

Cyberwarfare

state-sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks for the purposes of causing damage and disruption.

symmetric key encryption, Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 319). Pearson HE, Inc.. Kindle Edition.

the sender and receiver establish a secure Internet session by creating a single encryption key and sending it to the receiver so both the sender and receiver share the same key. Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 319). Pearson HE, Inc.. Kindle Edition.

Public key infrastructure (PKI), Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 320). Pearson HE, Inc.. Kindle Edition.

use of public key cryptography working with a CA, is now widely used in e-commerce. Laudon, Kenneth C.; Laudon, Jane (2013-03-06). Managing Information Systems: Managing the Digital Firm (13th Edition) (Page 320). Pearson HE, Inc.. Kindle Edition.

Secure Hypertext Transfer Protocol (S-HTTP)

used for encrypting data flowing over the Internet, but it is limited to individual messages, whereas SSL and TLS are designed to establish a secure connection between two computers.

Biometric authentication

uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices, in order to grant or deny access.

Evil twins

wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet, such as those in airport lounges, hotels, or coffee shops.


Kaugnay na mga set ng pag-aaral

ME 383 Exam 3- CH 23: Cutting Tool Technology

View Set

Lipincott Q&A Review for NCLEX (Billing)

View Set

BA 396 - Foundations of Marketing Research

View Set

1/15 completed Exam: Therapist Development Center

View Set