Ch12: Network Security

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Pretty Good Privacy (PGP)

Encryption software that can be used for creating secure email messages and encryption of other types of data files

Another means of securing communications is a firewall, a system or combination of systems that supports an access control policy between two networks. Firewalls come in three basic types

(1) packet filters, which examine all incoming and outgoing transmissions and filter out those transmissions that have been deemed illegal; (2) proxy servers, which are computers running at the entrance to a computer network and acting as gatekeepers into the corporate network; and (3) application-based firewalls that follow application-level packets into and out of a site.

Vigenere cipher

Possibly the earliest example of a polyalphabetic cipher, created by Blaise de Vigenere in 1586

pharming

a Web-based attack in which a user seeking to visit a particular company's Web site is unknowingly redirected to a bogus Web site that looks exactly like that company's official Web site

phishing

a Web-based attack that involves sending the victim an email that is designed to look like a legitimate request coming from a well-known company, and thereby lure the victim into revealing private information

surveillance

a common security measure used to monitor key locations to deter vandalism and theft by using video cameras and intrusion detection

Data encryption Standard (DES)

a commonly employed encryption method used by businesses to send and receive secure transactions

proxy server

a computer running proxy server software that acts as the "rare books librarian" into a corporate network; a proxy server can accept or reject access into a network

Trojan horse

a destructive piece of code that hides inside a harmless-looking piece of code, such as an email message or an application macro

monoalphabetic substitution-based cipher

a fairly simple encryption technique that replaces a character or group of characters with a different character or group of characters

application layer firewall

a firewall that accepts or denies access to a network based upon the application layer of the packet

ping storm

a form of attack in which the Internet ping program is used to send a flood of packets to a server to make the server inoperable

symmetric encryption

a form of encryption in which the same key is used to encode and decode the dat; often called private key encryption

spread spectrum technology

a high-security transmission technique that instead of transmitting the signal on one fixed frequency bounces the signal around on a seemingly random set of frequencies

certificate revocation list (CRL)

a list of certificates that have been revoked either before or on their originally scheduled expiration date

email bombing

a malicious hacking technique in which a user sends an excessive amount of unwanted email to someone

denial-of-service attacks

a malicious hacking technique that bombards a computer site with so many messages that the site is incapable of performing its normal duties

frequency hopping spread spectrum

a modulation technique in which data is transmitted over seemingly random frequencies in order to hide the transmissions from the enemy

war drivers

a person who tries to pick up someone else's wireless LAN signals

computer auditing

a process in which a software program monitors every transaction within a system

rootkit

a program, often malicious, that is stored deep within a user's operating system and is capable of redirecting user requests and performing errant operations

keylogger

a program, often malicious, that records each keystroke a user makes on a keyboard at a computer workstation

packet filter

a router that has been programmed to filter out certain IP addresses or TCP port numbers, or allow them to pass

IPSec

a set of protocols, created by the Internet Engineering Task Force, that can provide for secure transmission using the Internet Protocol (IP)

Wi-Fi Protected Access (WPA)

a set of security standards used to protect wireless LAN transmissions that is an improvement over Wired Equivalency Protocol (WEP) in that it provides dynamic key encryption (although it, too, uses a 40-bit key) and mutual authentication for wireless clients

virus

a small program that alters the way a computer operates without the knowledge of the computer's users, and often does various types of damage by deleting and corrupting data and program files, or altering operating system components so that the computer operation is impaired or even halted

worm

a special type of virus that copies itself from one system to another over a network, without the assistance of a human being

IEEE 802.11i (WPA2)

a standard created by IEEE to support security in wireless local area networks

firewall

a system or combination of systems that supports an access control policy between two networks

spoofing

a technique (commonly used by hackers) in which the data sender's identity is disguised, as in the case of an email message that has a return address of someone other than the person sending the email. A modem can also perform spoofing by mimicking older protocols that are rarely used today

digital signature

a technology that uses public key cryptography to assign to a document a code for which only the creator of the document has the key

triple-DES

a temporary solution for the shortcomings of DES security (which has now been replaced with AES) in which data is encrypted using DES three times; in many cases, the first time by the first key, the second time by a second key, and the third time by the first key again

honeypot

a trap that is set by network personnel in order to detect unauthorized use of a network resource

public key cryptography

a two-key system in which one key encrypts the plaintext and another key decrypts the ciphertext

mobile malicious code

a virus or worm that is designed to get transported over the Internet

malware

an abbreviation for malicious software; any type of software code or transaction whose purpose is to interfere with (to the point of rendering useless) the operation of a host computer

Secure Sockets Layer (SSL)

an additional layer of software added between the application layer and the transport (TCP) layer that creates a secure connection between the sender and the receiver

signature-based scanning

an antivirus technique that works by recognizing the unique pattern of a virus

socially engineered attack

an attack that uses malicious software that tries to trick a user into giving up confidential information or clicking on a link, which might result in dangerous software downloaded to the user's computer

Kerberos

an authentication protocol that uses secret key cryptography and is designed to work on client/server networks

certificate

an electronic document, similar to a passport, that establishes your credentials when you are performing transactions on the World Wide Web

direct sequence spread spectrum

an encoding technique that converts a binary 0 or 1 to a larger sequence of 0s and 1s

transposition-based cipher

an encryption technique in which the order of the plaintext is not preserved, as it is in substitution-based ciphers

asymmetric encryption

an encryption technique in which two keys are used: one to encrypt and one to decrypt; often known as public key cryptography

Advanced Encryption Standard (AES)

an encryption technique selected by the US government to replace the aging Data Encryption Standard (DES). AES is based on the Rijndael algorithm and uses 128-.192-. or 256-bit keys

Transport Layer Security (TLS)

an updated version of Secure Sockets Layer (SSL)

terminate-and-stay-resident monitoring

antivirus software that is activated and then runs in the background while users perform other computing tasks

plaintext

data before any encryption has been performed

botnet

malicious programs that take over operations on a compromised computer

HTTPS (Hypertext Transfer Protocol Secure)

not really a single protocol but a collection of protocols that offer a secure connection over a network; in particular creating a secure Internet connection

Public key cryptography uses two keys

one key to encode messages and a second key to decode messages. HTTPS (Hypertext Transfer Protocol Secure) incorporates the Secure Sockets Layer/Transfer Layer Security, a form of public key cryptography, which is used to encrypt data that travels back and forth between Web servers and WEb browsers.

access rights

permissions assigned to a file or device; determine how a user or group of users may access the file or device

biometric techniques

security techniques that use parts of the body, such as fingerprints or iris prints, for verification

In order to secure communications, network administrators and users must be aware of standard computer attacks and viruses that can damage computer systems. They must also be aware of software and hardware that can help to protect a system and its users from computer attacks and viruses. Virus scanners have three basic forms

signature-based scanning, terminate-and-stay-resident monitoring, and integrity checking.

polyalphabetic substitution-based cipher

similar to the monoalphabetic cipher, except that it uses multiple alphabetic strings to encode the plaintext rather than one alphabetic string

intrusion detection

the ability to electronically monitor data flow and system request into and out of a system

public key infrastructure (PKI)

the combination of encryption techniques, software, and services that involves all the necessary pieces to support digital certificates, certificate authorities, and public-key generation, storage, and management

encryption algorithm

the computer program that converts plaintext into an enciphered form

ciphertext

the data after the encryption algorithm has been applied

Wired Equivalency Protocol (WEP)

the first security protocol used to encrypt wireless LAN transmissions; it uses 40-bit-long encryption keys that are static (as opposed to dynamic). Due to the existence of a number of weaknesses, WEP is being replaced

password

the most common form of protection from unauthorized use of a computer system; often a string of letters, numbers, and symbols

smurfing

the name of an automated program that attacks a network by exploiting Internet Protocol (IP) broadcast addressing and other aspects of Internet operation

integrity checking

the process by which a firewall observes transactions and their characteristics for irregularities

certificate authority (CA)

the specialized software issued by a trusted third-party organization or business that issues and manages certificates

cryptography

the study of creating and using encryption and decryption techniques

steganography

the technology of hiding data within another unrelated document

key

the unique piece of information that is used to create ciphertext and then decrypt the ciphertext back into plaintext


Ensembles d'études connexes

Gov 312L Midterm 2 UT Study Guide

View Set

ch. 5 quiz 1 - (vocab, joshua, judges, and kings)

View Set

ap gov civil liberties and judicial branch

View Set

Module 3: Pharmacology Ch. 19 - 21

View Set