Unit 10 - Cybersecurity Review

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Multi-Factor Authentication

which requires multiple pieces of information to authenticate.

Spear-Phishing

a phishing expedition in which the emails are carefully designed to target a particular person or organization

Caesar Cipher

a technique for encryption that shifts the alphabet by some number of characters

Cryptomining Malware

utilizes a computer's resources to mine for cryptocurrency Allows the creators to earn cryptocurrency without needing to spend money on powering their own computers.

Benefits of Geolocation

Find our lost phone Discover a local café to satisfy our craving for a quiche Document an epic cross-country bike ride Law enforcement agencies can locate violent offenders Ambulances can rush to a caller's location

Electronic Frontier Foundation (EFF)

A nonprofit organization that seeks to increase the understanding of civil liberties and other legal issues in cyberspace, or what it called the electronic frontier.

Geolocation

An HTML5 application programming interface that allows developers to retrieve the geographical location information for a client-side device.

PII theft

Attackers can steal PII from companies. Once attackers had access to that data, they could use the Social Security numbers to impersonate people or use the credit card numbers to make unauthorized purchases

Virtual Private Network (VPN)

Companies can establish direct private network links among themselves or create private, secure Internet access, in effect a "private tunnel" within the Internet

third-party cookies

Cookies put on a computer by those other than the website being visited, such as advertisers inserting their own cookies on a web page. A website can also include resources from other domains, like an image, iframe, or script. When the browser requests those resources, their servers can also send back cookies, which will now be associated with their domain

Techniques to Crack the Cipher

Frequency Analysis, Known Plaintext, Brute force

Ransomware

Holds a computer hostage by encrypting user data or blocking access to applications Then, demands the user pay a ransom to the anonymous malware creators.

Personally Identifiable Information (PII)

Information about individuals that can be used to trace a person's identity, such as a full name, birthdate, biometric data, and identifying numbers such as a Social Security number (SSN). Organizations have an obligation to protect PII and often identify procedures for handling and retaining PII in data policies.

PII regulations

Laws regulate how institutions store and process PII to prevent PII to fall into wrong hands

Digital Certificate/ Public Key Certificate/ Identity Certificate

Proves the ownership of an encryption key.

Signs of Phishing

Suspicious email, URL, Non-secured HTTP connections, Requests for sensitive information, Urgency/Scare attacks in emails

Types of Malware

Trojan Horse, Virus, Worm

Cell tower trilateration

can estimate the distance between the tower and a phone by measuring the round-trip delivery time and signal strength improve that estimate by knowing which of the three antenna arrays sent the signal Single tower enough improve that estimate by knowing which of the three antenna arrays sent the signal

Session cookies

cookies stored in memory and deleted when the browser is closed

Certificate Verification: Server's Digital Certificate

the server's way of saying "Yes, I really am who you think I am".

First-Party Cookie

A cookie that is created from the website currently being viewed. When you visit a website and its server sends back an HTTP response with a cookie, the browser associates that cookie with the domain of the server

Passive Interception

A rogue access point can read your data but cannot manipulate it If connect to a network with a rogue access point and enter password on a site over HTTP, the rogue access point can read the password. Also collect a user's Internet footprint by monitoring DNS requests and other Internet traffic Since rogue access point profile Internet Behavior, expose private information about you such as the types of websites you visit.

Search engine

A software program you can use to find Web sites, Web pages, and Internet files.

Global positioning system (GPS)

A system that determines the precise position of something on Earth through a series of satellites, tracking stations, and receivers.

Firewall

A system that monitors incoming and outgoing network traffic to a computer or internal network, and determines what traffic to allow. Perform automated detection of suspicious traffic and can also be configured manually. Cannot identify and block all malware, but they are a useful line of defense for what they can identify.

Malware is...

A virus is a type of computer malware, but there are other types of malware. Malware can affect desktops, laptops, phones, and servers.

Password

A word or phrase that you must type for access to an encrypted file

Security Patch

An update to the code of an application or the entire operating system, and often fixes a bug that's been exploited by malware. Computers, including mobile phones and hardware devices, should always keep up to date with security patches to reduce the risk of malware.

Rogue Access Point

An access point installed on a network w/o the network owner's permission If an attacker owns the access point, they can intercept the data (e.g. PII) flowing through the network.

Public key encryption

An asymmetric encryption technique which uses different keys for encryption and decryption, allowing computers over the Internet to securely communicate with each other

Phishing Attack

An attempt to trick a user into divulging their private information.

Browsing History

List of all websites you have visited over a period of time. it isn't very private => can be tracked by websites, browsers, ISPs, and even the government

Antivirus software

Once an antivirus program finds a piece of malware, guides the user through deleting or repairing the file to be safe again. Since new kinds of malware are invented all the time, antivirus programs must constantly update their list of known malware.

Keylogging Software

Records keystrokes with the aim of gaining access to confidential such as passwords. It typically sends the data to the attacker somehow, so that they can use the confidential information to break into user accounts

Encrypting Data

Scramble the original data to hide the meaning of the text, while still making it possible for the data to be unscrambled using a secret key Enables two people or computers to share private information over open networks preventing the hacker to read the text because they can only read the scrambled data

Difference Between Session and Persistent cookies

Session expires once browser is exited while persistent cookies can be set for long periods of time

Fingerprinting

The systematic survey of a targeted organization's Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range.

Risks of Geolocation

There have been multiple cases of people using publicly accessible geolocation data to stalk a former partner or a stranger. Law enforcement agencies have been accused of using an inaccurate geolocation to wrongly accuse someone of a crime. Websites can choose to censor information based on where they think a user lives.

Standard HTTP connections

URLs start with "http://".

Secure HTTP connections

URLs that start with "https://".

Femke went to a computer lab and connected her laptop to the WiFi network. She later received an email from the lab administrator warning that the WiFi network was in fact a rogue access point. What could have occurred while she was connected to the rogue access point?

When she used her laptop to submit an online form, the rogue access point could have modified her form submission on its way to the server. Rogue can intercept a packet, change its contents, and then forward the changed packet to the website server

Internet Service Provider (ISP)

a company that provides access to the internet for a monthly fee

Active Interception

a rogue access point can also manipulate your data can read the incoming user data, modify the data however they want, and send the modified user data to the destination endpoint.

Two-factor authentication (2FA)

a security process that requires two means of identification from separate categories of credentials; usually one form of identification is a physical token (a credit card) while the other is memorized (a PIN)

HTTP Cookies

a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website.

Wi-Fi Positioning System

a strategy that works well in dense, urban areas filled with Wi-Fi networks (nearly the opposite of where GPS works well)

Adware

pops up advertisements to users.

GPS receivers

record positions of multiple satellites simultaneously to determine latitude, longitude, altitude, and time

Malware

software that is intended to damage or disable computers and computer systems.

Spyware

steals data and sends it back to the malware creators.

Persistent cookies

stored on the browser-side (client-side) computer even after the browser is closed


Ensembles d'études connexes

plastic research paper note cards

View Set

NUFT 442 Community Exam 3 Practice Questions

View Set

new religious movements - stark and bainbridge

View Set

Network+ 1.1 Compare the layers of the OSI and TCP/IP models

View Set

Exam 4 (new material) - Ch. 11, Ch. 16, Ch. 25, Ch. 69, Ch. 44

View Set

Universal Gravitation Review Set

View Set

Chapter 13 and 14 study guide evolution,Chisholm.

View Set

Grade 6, Lesson 1: What Grade Are You In?

View Set