Intro to Info Management Chapter 17
black hat hackers
A computer criminal.
Phishing
A con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software.
hacktivists
A protester seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage.
honeypot
A security tool that is deployed by firms as a phony target to lure or distract attackers and gain information about them is known as a:
honeypots
A seemingly tempting, but bogus target meant to draw hacking attempts. By monitoring infiltration attempts against this, organizations may gain insight into the identity of hackers and their techniques, and they can share this with partners and law enforcement.
firewalls
A system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use.
Intrusion detection systems
A system that monitors network use for potential hacking attempts. Such a system may take preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel.
hack
A term that may, depending on the context, refer to either 1) breaking into a computer system, or 2) a particularly clever solution.
distributed denial of service (DDoS)
An attack where a firm's computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site's use. Attacks are often performed via botnets.
dumpster diving
Combing through trash to identify valuable assets.
What does CAPTCHAs stand for?
Completely Automated Public Turing Test to Tell Computers and Humans Apart
social engineering
Con games that trick employees into revealing information or performing other tasks that compromise a firm are known as _____ in security circles.
phishing
Cons executed through technology and that often try to leverage the reputation of a trusted firm or friend to trick the victim into performing an action or revealing information constitute:
data harvesters
Cybercriminals who infiltrate systems and collect data for illegal resale.
Trojans
Exploits that attempt to infiltrate a computer system by masquerading as something that they are not are called:
whitelists
Highly restrictive programs that permit communication only with approved entities and/or in an approved manner.
signatures
Malware _____ are a sort of electronic fingerprint often used to recognize malicious code.
Public key encryption
Most Web sites that deal with financial transactions (e.g., banks, online stores) secure transmissions using a method called
blacklists
Programs that deny the entry or exit of specific IP addresses, products, Internet domains, and other communication restrictions.
Whitelists
Programs that use _____ are highly restrictive, permitting communication only with pre-approved entities.
encryption
Scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.
white hat hackers
Someone who uncovers computer weaknesses without exploiting them. The goal is to improve system security.
False
T or F The encryption math behind OpenSSL is so solid and would require such an extensive amount of computing power to execute a brute-force attack, that OpenSSL had (as of the writing of the textbook) never been compromised.
True
T or F Two-factor or multi-factor authentication systems can slow consumers down, leading to consumer annoyance and dissatisfaction
Biometrics
Technologies that measure and analyze human body characteristics for identification or authentication. These might include fingerprint readers, retina scanners, voice and face recognition, and more.
spoofed
Term used in security to refer to forging or disguising the origin or identity.
ISO 27000
The ______________ framework represents a series of standards for best practices in implementing, maintaining and improving organizational security.
worms do not need an executable to spread, unlike viruses.
The key difference between viruses and worms is that:
hardware failure
The most likely threat to your data doesn't come from hackers; it comes from
tokenization
The phrase __________________ refers to security schemes that automatically send one-time use representations of a credit card which can be received and processed by banking and transaction firms at the time of payment. They are used in ApplePay and Android Wallet.
Spoof
The term _____________ refers to forging or disguising the origin or identity.
reduce threats by making Internet transmissions unreadable if they are intercepted.
The use of VPN (virtual private network) software can
Botnets
_____ are hordes of surreptitiously infiltrated computers linked and controlled remotely, and are also known as zombie networks.
SQL injection technique
_______________ is an example of an exploit in which hackers target security vulnerabilities caused by software developers not validating user input.
CAPTCHAs
scrambled character images that many sites require to submit some sort of entry (account setup, ticket buying) and are meant to be a Turing Test—a test to distinguish if a task is being performed by a computer or a human.
