Computer Security

GUID

'Globally Unique Identifier' (or 'Universally Unique Identifier'). It is a 128-bit integer number used to identify resources, and information in computer systems

proxy

In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.

tripwire

Is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.

plain text

Message data before it is encrypted.

Hashing

- only for passwords, 100% non reversible because it's encrypted so many times, hashing algorithms are how passwords are stored in server.,

Piggybacking

- similar to tailgating, refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint.

Spoofing

- technique used to gain unauthorized acess; intruder assumes a trusted IP address

VLAN (Virtual Local Area Network)

-a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. -logically segment a network, dont neeed multiple different pieces of hardware

Man in the Middle Attack

-attackers are able to eavesdrop on the communtication between the 2 targets -attacker pretends to be the real person, but actually isn't - attacker montiors network , modifies it and ins

IAN (Internet Area Network)

-concept for a communications network that connects voice and data endpoints within a cloud environment over IP - cloud computing

IDS (Intrusion Detection System)

-device or software application that monitors a network or systems for malicious activity or policy violations. - tools do not take action on thier own, requires another human or syste, - difference in two types only depends on bandwith 2 types- NIDS and HIDS

FISA (Foreign Intelligence Surveillance Act)

-federal law which establishes procedures for the physical and electronic surveillance and collection of "foreign intelligence information" between "foreign powers" and "agents of foreign powers" suspected of espionage or terrorism.

Spyware/Trojan Horse

-malicious program that looks like a real software. - when installed on a computer, it runs automatically and will spy on the system or delete files

MAC (Mandatory Access Control)

-most restrictive access control model - found in military settings - given to CEOs and people of high clearance

Threat

-object,person or other entity representating a constant danger to an asset via attacks

Virus

-operates by inserting or attaching itself to a computer file -program made of malicious code that can propagate itself from device to device. -needs a host

logic bomb

-piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. - uses logic, and can be broken

Rootkit

-program that hides in a computer and allows someone from a remote location to take full control of the computer - user doens't know this is installed

infrastructure security

-security provided to protect airports, highways, rail transport, hospitals, bridges, electricity grid - seek to limit vulnerability of these structures and systems to sabatoge, terriosm, and contamination

Computer Worm

-self-replicating type of malware (and a type of virus) that enter networks by exploiting vulnerabilities -Thus, worms can propagate themselves and spread very quickly -worms don't attach to a file or program, like a virus -enter through a vulnerability in the network, - doesnt need a host - enters when, for example a bad link is clicked, silently goes to work wthout user knowing.

RBAC (Role Based Access Control)

A "real-world" access control model in which access is based on a user's job function within the organization.

RAT (Remote Access Trojan)

A Remote Access Trojan is a type of malware that controls a system through a remote network connection

MAN (Metropolitan Area Network)

A network that covers an area equivalent to a city or other municipality.

PBX (private branch exchange)

A telephone switch used to connect and manage an organization's voice calls.

EMI

Electromagnetic Interference

Phishing

Fake emails that appear to come from a legitimate source looking to trick users into entering personal information

accountable

- who is responsible for authorized activities, not illegal

Social Engineering

-hackers use their social skills to trick people into revealing access credentials or other valuable information

TCP/IP

Transmission Control Protocol/Internet Protocol. Protocol that connects computers to the Internet. Tells computers how to exchange information over the Internet.

mantrap

physical security access control system comprising a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens.

DoS (Denial of Service)

similar to DDos but only one computer

Latency

the delay before a transfer of data begins following an instruction for its transfer

DMZ (demilitarized zone or perimeter network)

-A small section of a private network that is located between two firewalls and made available for public access. - public can access cause they can get through first firewall, but then they can't acess private company files as there's an another firewall.

stealth virus

-A virus that attempts to avoid detection by masking itself from applications. - hides modifications made to files or boot records

zero-day attack

-An attack between the time a new software vulnerability is discovered and "released it into the wild" and the time a software developer releases a patch to fix the problem. - refers to a newly discovered software vulnerability

DDoS (Distributed Denial of Service)

-An attack on a specfic website or server - network of computers (botnet) attack server so the volume of trafic increases and shuts down the website - purposley overflows a computer

AES (Advanced Encryption Standard)

-An encryption standard used by WPA2 and is currently the strongest encryption standard used by Wi-Fi. -128 bits

DES(Data Encryption Standard)

-Data Encryption Standard is a symmetric-key algorithm for the encryption of electronic data -56 bits (+ 8parity bits)

VPN (Virtual Private Network)

-Encrypted connection over the Internet between a computer or remote network and a private network. - creates a "tunnel"

Enigma Machine

-German code machine broken by the Allies and used to predict what the Germans would do -used Rot 3-6 ( rotation of letters from 3 spaces up to 6 spaces -invented by German engineer Arthur Scherbius

Secondary Storage Devices

-Hard disk, floppy disks, CD, DVD, jump drives

Pharming

-Modifies DNS entries, which causes users to be directed to the wrong website when they vist a certain web adress - "phishing with no lure" (Ex. the popup links on 123movies.com)

Perimeter Security

-Security set up on the outside of the network or server to protect it. -FIREWALL

Backdoor

-Software code that gives access to a program or a service that circumvents normal security protections.

authorization

-The process of giving someone permission to do or have something, based on your identification and authentication

digital certificate

-a notice that guarantees a user or a website is legitimate - electronic "password" that allows a person, organizaion to exchange data securely over the Internet using the public key infrastructure - used to keep people liable, not for trust - uses encryption and decryption to make sure

Firewall

-a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. - blocks wesbites, malware -monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

subnet

-a subdivision of a network that is created either to conserve addresses or to support specific network requirements. - have a same part of IP adress

Zoning

-allows for an administrator to control who can see what in storage area network

PSK (pre-shared key)

-also referred to as personal mode, is a type of WPA used on most home networks. All workstation has the same key to connect to the network. - common for securing at home wifi networks

attack

-any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset.

IP Address (Internet Protocol Address)

A unique number identifying every computer on the Internet (like 197.123.22.240), does sometimes change

polymorphic virus

A virus that can change its own code or periodically rewrites itself to avoid detection

DNS (Domain Name System)

The phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

risk analysis

The process by which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it.

SYN flood attack

Type of DoS attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

TPM (Trusted Platform Module)

a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.

sniffer

a program or device that can monitor data traveling over a network

Access Control List

a set of IF-THEN rules used to determine what to do with arriving packets or data

fuzzing

a technique of penetration testing that can include providing unexpected values as input to an application to make it crash

armored virus

a virus that is protected in a way that makes disassembling it difficult - it is 'armored' against antivirus programs trying to understand or analyze its code

PATRIOT

act signed into law to counter terrorism

digital signature

an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the message sender

brute force attack

attacker submits many passwords or passphrases with the hope of eventually guessing correctly.

"C" in CIA Triad

confidentality- ensures that data remains private when it is at rest, in transit, and when it is in use, hiding very sensitive data

Fork Bomb

denial-of-service attack wherein a process continually replicates itself to deplete available system resources, slowing down or crashing the system due to resource starvation.

PKI (Public Key Infrastructure)

enables users of a public network such as the Internet to securely and privately exchange data through the use of a pair of keys—a public one and a private one—that is obtained from a trusted authority and shared through that authority. - combining symmetric, assymetric, digital signatures, and certficates to create a fast yet secure way crypting, hybrid cryptography.

Malware

genral term given to software that is intended to damage or disable computers systems

Group Policy

hierarchical infrastructure that allows a network administrator in charge of Microsoft's Active Directory to implement specific configurations for users and computers.

Spam

unsolicited email, that will phish for information by tricking user into certain links

MAC (Media Access Control) address

-A node's unique physical address, which is assigned to its network interface card (NIC) by the card's manufacturer. -MM:MM:MM:SS:SS:SS - used for communications in data link layer - 48 bits

WAN (Wide Area Network)

-A network that spans a long distance and connects two or more LANs. - not restricted by geographical location

OSI Model

- Open Systems Interconnection model -conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers.

Transpostion ciphers

- assign each column of words a number, put the columns in a different order, and that number is the "key", now read the letters downward

Important principles used in Cryptography

- confidentiality -integrity -authentication - non-repudiation

Cryptography

- creating written or generated codes that allow information to be kept secret - "secret code" - used to meet 4 main goals : confidentality, integrity, authentication and nonrepudiation

identification

- identifies someone, as the legal user 3 types: who you are (biometrics, fingerprints, palm scan, voice recongnition), what you have (passport, ID card), what you know(pin, password)

hardened

- making something secure

auditing

- monitoring actions one is responsible for

TUN/TAP

- used to provide packet reception and transmission for user space programs. -TUN stands fr network TUNnel) is a network layer device - TAP stands for network TAP and it is a link layer device - both are virtual network kernel devices.

Vulnerability

- weakness or fault that can lead to an exposure

Vunerability

- weakness or fault that can lead to an exposure

Non-repudiation

- you cannot deny what you are responsible for -providing proof that a transaction occurred between identified parties. -Repudiation occurs when one party in a transaction denies that the transaction took place.

Network of Zombie Computer

-A general way to execute several security threats - hacker takes control of several computers and controls them remotley Ex. part of DDos

authentication

-A method for confirming and verifying users' identities, acess

LAN(Local Area Network)

-A network of computers and other devices that is confined to a relatively small space, such as one building or even one office.

OSI Order

Application, Presentation, Session, Transport, Network, Data Link, Physical

"A" in CIA Triad

Availability-data should be available whenever authenticated or legal user needs it.

Partitioning

Break in separate parts, separate drives or subnets

"I" in CIA Triad

Integrity- no alterations or modifications done to data, making sure data remains intact and the same

NAT (Network Address Translation)

NAT translates the IP addresses of computers in a local network to a single IP address. This address is often used by the router that connects the computers to the Internet.

RAID

RAID is a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both.

RAID 0, RAID 1, RAID 5

Raid 0= stripping Raid 1 = mirroring Raid 5= both, parity

RAM

Random Access Memory - temporary place to store material that works quickly. erased when computer turns off. Volatile.

ROM

Read Only Memory- Permanent instructions that cannot be changed, can hold data without power

XOR Gate

Result is true if either input is true but not if both inputs are true or if both inputs are false

RBAC (rule)

Rule-based access control. An access control model that uses rules to define access. Rule-based access control is based on a set of approved instructions.

Cipher text

Scrambled form of the message or data

Ransomware

Software that encrypts programs and data causing restriction to ones's sytem and files until a ransom is paid to remove it.

2 Types of Cryptography

Symmetric: one key used to cipher and decipher, but a con is that all parties must be involved Asymetric : uses two keys--public and private, more new of a method, public key is for encryption, private is for decryption