Computer Security
GUID
'Globally Unique Identifier' (or 'Universally Unique Identifier'). It is a 128-bit integer number used to identify resources, and information in computer systems
proxy
In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.
tripwire
Is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.
plain text
Message data before it is encrypted.
Hashing
- only for passwords, 100% non reversible because it's encrypted so many times, hashing algorithms are how passwords are stored in server.,
Piggybacking
- similar to tailgating, refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint.
Spoofing
- technique used to gain unauthorized acess; intruder assumes a trusted IP address
VLAN (Virtual Local Area Network)
-a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. -logically segment a network, dont neeed multiple different pieces of hardware
Man in the Middle Attack
-attackers are able to eavesdrop on the communtication between the 2 targets -attacker pretends to be the real person, but actually isn't - attacker montiors network , modifies it and ins
IAN (Internet Area Network)
-concept for a communications network that connects voice and data endpoints within a cloud environment over IP - cloud computing
IDS (Intrusion Detection System)
-device or software application that monitors a network or systems for malicious activity or policy violations. - tools do not take action on thier own, requires another human or syste, - difference in two types only depends on bandwith 2 types- NIDS and HIDS
FISA (Foreign Intelligence Surveillance Act)
-federal law which establishes procedures for the physical and electronic surveillance and collection of "foreign intelligence information" between "foreign powers" and "agents of foreign powers" suspected of espionage or terrorism.
Spyware/Trojan Horse
-malicious program that looks like a real software. - when installed on a computer, it runs automatically and will spy on the system or delete files
MAC (Mandatory Access Control)
-most restrictive access control model - found in military settings - given to CEOs and people of high clearance
Threat
-object,person or other entity representating a constant danger to an asset via attacks
Virus
-operates by inserting or attaching itself to a computer file -program made of malicious code that can propagate itself from device to device. -needs a host
logic bomb
-piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. - uses logic, and can be broken
Rootkit
-program that hides in a computer and allows someone from a remote location to take full control of the computer - user doens't know this is installed
infrastructure security
-security provided to protect airports, highways, rail transport, hospitals, bridges, electricity grid - seek to limit vulnerability of these structures and systems to sabatoge, terriosm, and contamination
Computer Worm
-self-replicating type of malware (and a type of virus) that enter networks by exploiting vulnerabilities -Thus, worms can propagate themselves and spread very quickly -worms don't attach to a file or program, like a virus -enter through a vulnerability in the network, - doesnt need a host - enters when, for example a bad link is clicked, silently goes to work wthout user knowing.
RBAC (Role Based Access Control)
A "real-world" access control model in which access is based on a user's job function within the organization.
RAT (Remote Access Trojan)
A Remote Access Trojan is a type of malware that controls a system through a remote network connection
MAN (Metropolitan Area Network)
A network that covers an area equivalent to a city or other municipality.
PBX (private branch exchange)
A telephone switch used to connect and manage an organization's voice calls.
EMI
Electromagnetic Interference
Phishing
Fake emails that appear to come from a legitimate source looking to trick users into entering personal information
accountable
- who is responsible for authorized activities, not illegal
Social Engineering
-hackers use their social skills to trick people into revealing access credentials or other valuable information
TCP/IP
Transmission Control Protocol/Internet Protocol. Protocol that connects computers to the Internet. Tells computers how to exchange information over the Internet.
mantrap
physical security access control system comprising a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens.
DoS (Denial of Service)
similar to DDos but only one computer
Latency
the delay before a transfer of data begins following an instruction for its transfer
DMZ (demilitarized zone or perimeter network)
-A small section of a private network that is located between two firewalls and made available for public access. - public can access cause they can get through first firewall, but then they can't acess private company files as there's an another firewall.
stealth virus
-A virus that attempts to avoid detection by masking itself from applications. - hides modifications made to files or boot records
zero-day attack
-An attack between the time a new software vulnerability is discovered and "released it into the wild" and the time a software developer releases a patch to fix the problem. - refers to a newly discovered software vulnerability
DDoS (Distributed Denial of Service)
-An attack on a specfic website or server - network of computers (botnet) attack server so the volume of trafic increases and shuts down the website - purposley overflows a computer
AES (Advanced Encryption Standard)
-An encryption standard used by WPA2 and is currently the strongest encryption standard used by Wi-Fi. -128 bits
DES(Data Encryption Standard)
-Data Encryption Standard is a symmetric-key algorithm for the encryption of electronic data -56 bits (+ 8parity bits)
VPN (Virtual Private Network)
-Encrypted connection over the Internet between a computer or remote network and a private network. - creates a "tunnel"
Enigma Machine
-German code machine broken by the Allies and used to predict what the Germans would do -used Rot 3-6 ( rotation of letters from 3 spaces up to 6 spaces -invented by German engineer Arthur Scherbius
Secondary Storage Devices
-Hard disk, floppy disks, CD, DVD, jump drives
Pharming
-Modifies DNS entries, which causes users to be directed to the wrong website when they vist a certain web adress - "phishing with no lure" (Ex. the popup links on 123movies.com)
Perimeter Security
-Security set up on the outside of the network or server to protect it. -FIREWALL
Backdoor
-Software code that gives access to a program or a service that circumvents normal security protections.
authorization
-The process of giving someone permission to do or have something, based on your identification and authentication
digital certificate
-a notice that guarantees a user or a website is legitimate - electronic "password" that allows a person, organizaion to exchange data securely over the Internet using the public key infrastructure - used to keep people liable, not for trust - uses encryption and decryption to make sure
Firewall
-a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. - blocks wesbites, malware -monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
subnet
-a subdivision of a network that is created either to conserve addresses or to support specific network requirements. - have a same part of IP adress
Zoning
-allows for an administrator to control who can see what in storage area network
PSK (pre-shared key)
-also referred to as personal mode, is a type of WPA used on most home networks. All workstation has the same key to connect to the network. - common for securing at home wifi networks
attack
-any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset.
IP Address (Internet Protocol Address)
A unique number identifying every computer on the Internet (like 197.123.22.240), does sometimes change
polymorphic virus
A virus that can change its own code or periodically rewrites itself to avoid detection
DNS (Domain Name System)
The phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.
risk analysis
The process by which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it.
SYN flood attack
Type of DoS attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
TPM (Trusted Platform Module)
a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.
sniffer
a program or device that can monitor data traveling over a network
Access Control List
a set of IF-THEN rules used to determine what to do with arriving packets or data
fuzzing
a technique of penetration testing that can include providing unexpected values as input to an application to make it crash
armored virus
a virus that is protected in a way that makes disassembling it difficult - it is 'armored' against antivirus programs trying to understand or analyze its code
PATRIOT
act signed into law to counter terrorism
digital signature
an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the message sender
brute force attack
attacker submits many passwords or passphrases with the hope of eventually guessing correctly.
"C" in CIA Triad
confidentality- ensures that data remains private when it is at rest, in transit, and when it is in use, hiding very sensitive data
Fork Bomb
denial-of-service attack wherein a process continually replicates itself to deplete available system resources, slowing down or crashing the system due to resource starvation.
PKI (Public Key Infrastructure)
enables users of a public network such as the Internet to securely and privately exchange data through the use of a pair of keys—a public one and a private one—that is obtained from a trusted authority and shared through that authority. - combining symmetric, assymetric, digital signatures, and certficates to create a fast yet secure way crypting, hybrid cryptography.
Malware
genral term given to software that is intended to damage or disable computers systems
Group Policy
hierarchical infrastructure that allows a network administrator in charge of Microsoft's Active Directory to implement specific configurations for users and computers.
Spam
unsolicited email, that will phish for information by tricking user into certain links
MAC (Media Access Control) address
-A node's unique physical address, which is assigned to its network interface card (NIC) by the card's manufacturer. -MM:MM:MM:SS:SS:SS - used for communications in data link layer - 48 bits
WAN (Wide Area Network)
-A network that spans a long distance and connects two or more LANs. - not restricted by geographical location
OSI Model
- Open Systems Interconnection model -conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers.
Transpostion ciphers
- assign each column of words a number, put the columns in a different order, and that number is the "key", now read the letters downward
Important principles used in Cryptography
- confidentiality -integrity -authentication - non-repudiation
Cryptography
- creating written or generated codes that allow information to be kept secret - "secret code" - used to meet 4 main goals : confidentality, integrity, authentication and nonrepudiation
identification
- identifies someone, as the legal user 3 types: who you are (biometrics, fingerprints, palm scan, voice recongnition), what you have (passport, ID card), what you know(pin, password)
hardened
- making something secure
auditing
- monitoring actions one is responsible for
TUN/TAP
- used to provide packet reception and transmission for user space programs. -TUN stands fr network TUNnel) is a network layer device - TAP stands for network TAP and it is a link layer device - both are virtual network kernel devices.
Vulnerability
- weakness or fault that can lead to an exposure
Vunerability
- weakness or fault that can lead to an exposure
Non-repudiation
- you cannot deny what you are responsible for -providing proof that a transaction occurred between identified parties. -Repudiation occurs when one party in a transaction denies that the transaction took place.
Network of Zombie Computer
-A general way to execute several security threats - hacker takes control of several computers and controls them remotley Ex. part of DDos
authentication
-A method for confirming and verifying users' identities, acess
LAN(Local Area Network)
-A network of computers and other devices that is confined to a relatively small space, such as one building or even one office.
OSI Order
Application, Presentation, Session, Transport, Network, Data Link, Physical
"A" in CIA Triad
Availability-data should be available whenever authenticated or legal user needs it.
Partitioning
Break in separate parts, separate drives or subnets
"I" in CIA Triad
Integrity- no alterations or modifications done to data, making sure data remains intact and the same
NAT (Network Address Translation)
NAT translates the IP addresses of computers in a local network to a single IP address. This address is often used by the router that connects the computers to the Internet.
RAID
RAID is a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both.
RAID 0, RAID 1, RAID 5
Raid 0= stripping Raid 1 = mirroring Raid 5= both, parity
RAM
Random Access Memory - temporary place to store material that works quickly. erased when computer turns off. Volatile.
ROM
Read Only Memory- Permanent instructions that cannot be changed, can hold data without power
XOR Gate
Result is true if either input is true but not if both inputs are true or if both inputs are false
RBAC (rule)
Rule-based access control. An access control model that uses rules to define access. Rule-based access control is based on a set of approved instructions.
Cipher text
Scrambled form of the message or data
Ransomware
Software that encrypts programs and data causing restriction to ones's sytem and files until a ransom is paid to remove it.
2 Types of Cryptography
Symmetric: one key used to cipher and decipher, but a con is that all parties must be involved Asymetric : uses two keys--public and private, more new of a method, public key is for encryption, private is for decryption