Module 1 - Information Security Basics
Types of malware
- spyware - keylogger - Trojan horse - trap door - packet sniffer - virus - worm -adware -rootkits
Information security is important because:
1. Most of the world's valuable information is stored on computer systems. 2. The Internet has created a high degree of connectivity.
Hacker:
1. a person trained to find weaknesses in a computer or computer network and exploit them. 2. a person who refers to someone with advanced understanding of computers and networks who misuses their talents and is motivated by a multitude of reasons, such as profit, political activism, or challenge.
Data Breach:
A data breach occurs when unauthorized users gain access to private or confidential data.
Spoofing Attack
A false website with a login prompt has you enter your credentials. You get a login error but the attacker obtains your username and password.
Control/Mitigation
A measure put in place to mitigate risk. Example of mitigation/controls include: * Wireless device control *Incident response capability * Data back-up * Anti-malware defenses
eavesdropping attack
A network attack that uses special monitoring software to gain access to private communications on the network wire or across a wireless network. Also known as a sniffing attack.
Trojan
A piece of malicious software hidden inside a seemingly legitimate program or file that performs an activity without the user's knowledge. Trojans may erase data, corrupt files, or allow remote access to a computer.
Keylogger malware
A program that records every key struck on a keyboard and sends that information to an attacker.
Man-in-the-middle
A security attack in which network communication is intercepted in an attempt to obtain key data
penetration testing
A test by an outsider to actually exploit any weaknesses in systems that are vulnerable. hired by the organization.
Vulnerability
A weakness that can be exploited by one or more threats.
An interruption attack is an example of a(n) _____________attack
Active
___________ is a goal of attackers that seeks to directly defeat the information security goal of integrity.
Alteration
Interruption Attack
An attack on availability. This occurs when an attacker makes and asset unavailable or unstable.
Cross-Site Scripting (XSS)
An attack that injects scripts into a Web application server to direct attacks at clients.
Passive attack
An attempt to learn or make use of information from the system that does not affect system resources Goal: obtain Information * Hard to detect *Can occur over a long time *Example: Interception attack.
DNS cache poisoning
An exploit in which the DNS database is changed in such as way that a URL no longer connects to the correct Web site
Cracker
An individual who modifies software to remove or disable features usually related to software protection methods. Also refers to a black hat hacker- one who hacks for malicious purpose as opposed to white hat hackers who perform security research and penetration testing.
Attack
Any attempt to destroy, expose, alter, disable, steal or gain unauthorized access or use of an information technology asset.
Threat
Any circumstance or event with the potential to adversely impact an information system through unauthorized access, destruction, disclosure, modification of data, and/or denial of service.
An ________ is the result when a vulnerability has been exploited.
Attack
Dictionary attack
Attempt to break a password by trying all possible words.
Three principles of Information security are:
Confidentiality Integrity Availability
A _______________ is any tool that helps prevent or mitigate an attack.
Control
When authorized users and systems are unable to access a particular asset, this is known as a _________of service attack.
Denial
________________ is a goal of attackers that seeks to directly defeat the information security goal of confidentiality.
Disclosure
DAD Triad
Disclosure, Alteration, and Denial
A(n) _______________ attack occurs when an unauthorized party inserts a counterfeit object into a system.
Fabrication
"Script Kiddies"
Individuals who want to attack computers yet they lack the knowledge of computers and networks needed to do so.
A(n) __________________ attack occurs when an attacker makes an asset unavailable or unusable.
Interruption
Spyware
Malware designed to collect information about users without their knowledge. Spyware is typically installed without the user's knowledge.
Rootkits
Malware designed to hide the existence of certain processes or programs and use administrator access to maintain access to the computer without detection.
Keylogger attack
Malware such as a Trojan records keystrokes and sends data back to the attacker to find out passwords and other information.
Virus
Malware that replicates once activated through an action performed by a user. Viruses may corrupt or modify files.
A(n) ________________ attack occurs when an attacker gain access to an asset and changes it.
Modification
You manage the records system for a major university. Your primary area of responsibility is academic records (i.e. grades and transcripts). You do not have enough resources to defend against every possible type of attack, meaning that you must prioritize your defenses. Which of the four broad categories of attack would you be most likely to make your lowest priority? Select one: a. Fabrication b. Interception c. Interruption d. Modification
Not interruption
Fabrication attack
Occurs when an unauthorized party inserts a counterfeit object into a system. (attack on authenticity) Pirated copies of songs
An interception attack is an example of a(n) ___________attack
Passive
graphical passwords
Passwords that use graphics as part of the authentication mechanism. Also called CAPTCHA passwords.
ethical hacking
Planned attempts to penetrate the security defenses of a system in order to identify vulnerabilities not contracted by the company but meaning no harm.
HOIC (High Orbit Internet Cannon) and LOIC (Low Orbit Internet Cannon)
Pre-made delivery mechanisms that implement attacks. Making amateurs able to attack. (use zombie botnet computers)
Motive
Reason for carrying out the attack.
Malware
Short for malicious software used to interrupt computer operations, gain unauthorized access to computer systems or gather sensitive information.
SCADA (Supervisory Control and Data Acquisition or ICS (Industrial Control Systems)
Standards for industrial environments that are controlled by strictly mechanical means.
Social Engineering
The act of tricking someone into revealing information they wouldn't normally reveal, such as usernames and passwords or information that cold be used to guess their username and/or password.
Threat agent
The person who carries out an attack, sometimes referred to as a threat source.
Information Security
The practice of ensuring we have control over who, what, when, where, and how our information is accessed and modified.
Risk
The probability that a vulnerability will be exploited by a threat.
Opportunity
The target system must be available to the attacker if he is to conduct his attack.
single sign-on (SSO)
Using one authentication credential to access multiple accounts or applications.
Resetting/Recovery Attack
Using social engineering techniques they gather enough personal information to successfully go through the password reset process. This would give them access to your account and lock you out.
A _____________ is a system defect that leaves the system open to an attack.
Vulnerability
Exploit:
a method or software program designed to take advantage of a vulnerability.
back-door
a program or set of instructions in a program that allows users to bypass security controls when accessing a program, computer, or network
two-factor authentication (2FA)
a security process that requires two means of identification from separate categories of credentials; usually one form of identification is a physical token (a credit card) while the other is memorized (a PIN)
Spoofing
a technique intruders use to make their network or internet transmission appear legitimate to a victim computer or network
What is the difference between a virus and a Trojan? Select one: a. A virus infects a system secretly; a Trojan tricks the user into downloading it b. A Trojan infects a system secretly; a virus tricks the user into downloading it by masquerading as something desirable like a game or a screensaver c. A virus appears to be something desirable, such as a game or funny joke d. None of the above
a. A virus infects a system secretly; a Trojan tricks the user into downloading it
What is a control? Select one: a. Any countermeasure that prevents a vulnerability from being exploited b. Actions taken by an individual to exploit a vulnerability and gain root access to a machine c. A weakness that has already been exploited by a hacker d. A weakness that can potentially be exploited by a hacker
a. Any countermeasure that prevents a vulnerability from being exploited
In regard to information security, what is availability? Select one: a. Ensuring a resource is accessible to authorized users b. Data is hidden from unauthorized users c. The condition of the contents of the object d. Ensuring users only use an asset or object in the manner it was intended
a. Ensuring a resource is accessible to authorized users
Which of the following is an example of a case where alteration is a more tempting form of attack than disclosure? Select one: a. Financial data used by analysts to make decisions b. Subscription-based website c. The public telephone system d. Current weather forecasts
a. Financial data used by analysts to make decisions
A subordinate becomes angry with his supervisor. He want to sabotage the supervisor's work, but does not wish to get caught or leave the company. So, he decides to secretly modify some of the supervisor's files, causing the supervisor to make work decisions based on faulty information. This is an example of what type of attack? Select one: a. Modification b. Interruption c. Interception d. Fabrication
a. Modification
Which of the following are examples of a case in which disclosure is a more tempting form of attack than alteration? Select one: a. Schematics for a new type of military vehicle b. Medical records c. Financial data that is used by analysts to make decisions d. All of the above
a. Schematics for a new type of military vehicle
Active attacks
an actual attack against a targeted system to either gain complete control over that system or enough control to cause certain threats to be realized Goal: Tangible impact *Easier to detect *One-time event *Example: Interruption, Modification or Fabrication attacks
Interception attack
an attacker gains unauthorized access to an asset. (difficult to detect) examples: eavesdropping, link monitoring, packet capturing.
Modification Attacks
an unauthorized party gains access to an asset and tampers with it. (attack on integrity)
Personally Identifiable Information (PII)
any piece of information that when used either alone or in combination with other pieces can positively identify one single person. Examples: 1. Social security number 2. Credit Card Number 3. Marriage License
Adware
any software program that automatically displays advertisements. The goal of the adware is to generate revenue for its author. Some adware may include spyware such as keyloggers and other privacy-invasive software.
Hybrid Attack
attackers target passwords made of words from the dictionary followed by a letter or a number. (brute force + dictionary attacks)
Regarding information assurance, what is a control? Select one: a. A vulnerability that has been exploited b. A defensive measure to counteract a threat c. A known exploit for a vulnerability d. A vulnerability that has not yet been exploited
b. A defensive measure to counteract a threat
A typographical error, although not malicious, is a failure to ensure integrity and would be considered an example of . Select one: a. Damage b. Alteration c. Disclosure d. Denial
b. Alteration
Confidentiality refers to: a. Ensuring that information resources are accessible when needed. b. Data is hidden from those that are not supposed to see it. c. The trustworthiness of information resources D. An attack on a vulnerable asset
b. Data is hidden from those that are not supposed to see it.
Information security is: a. the practice of ensuring only the confidentiality and integrity of information resources. b. Ensuring control over who, when, where, and how information is accessed and modified. c. The practice of exploiting a vulnerability in information resources. d. The practice of ensuring information resources are
b. Ensuring control over who, when, where, and how information is accessed and modified.
Availability refers to: a. Limiting information resources to only those who need them. b. Ensuring information resources are accessible when needed. c. The trustworthiness of information resources. d. An attack on a vunerable asset.
b. Ensuring information resources are accessible when needed.
Does an attacker require full access to an asset for a modification attack to succeed? Select one: a. Yes b. No c. Sometimes d. It depends on the asset
b. No
Integrity refers to: a. An attack on a vulnerable asset b. The trustworthiness of information resources. c. Data is hidden from those that are not supposed to see it. d. ensuring that information resources are accessible when needed.
b. The trustworthiness of information resources.
black hat hackers
breaking the systems to destroy information or for illegal gain
Which of the following is not a category of attacker? Select one: a. Crackers/hackers b. Professional/Career Criminals c. Administrators d. Amateurs
c. Administrators
You designed the computer systems in your organization so that everything requires a username and password. An attacker who has targeted your organization realizes this and adjusts his/her strategy accordingly. Which of the following methods of attack is an attacker most likely to use? Select one: a. Physically show up on-site and attempt to explore the building until finding someone who has carelessly taped his/her username and password to their monitor b. Write a computer program to try every combination of letters and numbers until a usable username and password is found c. Call the IT helpdesk and pretend to be someone who has lost their password, causing the helpdesk to reset their account with a blank or default password d. Attempt to guess usernames and passwords at random
c. Call the IT helpdesk and pretend to be someone who has lost their password, causing the helpdesk to reset their account with a blank or default password
An employee is angry with his boss and wants to sabotage the company. To accomplish this he secretly changes some of the values in his boss's copy of the quarterly report. His boss then reads this false data and makes decisions based on this fraudulent information. In this instance, what quality of information security has been damaged? Select one: a. Confidentiality loss b. Availability loss c. Integrity loss d. Access loss
c. Integrity loss
Which of the following is an example of an attack? Select one: a. Your wireless network not having any form of encryption b. Your email password being insecure and widely known c. Your screensaver not being password protected d. An unauthorized person using your wireless network for access to sensitive information
d. An unauthorized person using your wireless network for access to sensitive information
A(n) is the result of a vulnerability being exploited. Select one: a. Disclosure b. Virus c. Proxy d. Attack
d. Attack
The process of revealing confidential information is known as: Select one: a. Alteration b. Integrity c. Denial d. Disclosure
d. Disclosure
The revealing of corporate espionage is what type of component of the DAD triad? Select one: a. Alteration b. Damage c. Denial d. Disclosure
d. Disclosure
What type of attack occurs when an attacker inserts a forged record into a database? Select one: a. Modification b. Alteration c. Interruption d. Fabrication
d. Fabrication
Which of the following is not an item that an attacker must have before a successful attack can be carried out? Select one: a. Opportunity b. Motive c. Method d. Credibility
d. credibility
white hat hackers
ethical hackers that break into the systems for non malicious reasons such as to test the system security vulnerabilities or to expose undisclosed weaknesses
Internet of Things or Embedded Device
everyday electronic devices connected to the Internet.
Career criminals
have a high degree of technical sophistication and experience.
Amateurs
individuals who have no real experience or training in cyber attacks.
shoulder surfing attack
is a non-technical attack that occurs when some watches you type in your username and password.
What aspect of security is most impacted when someone forges an e-mail? Select one: a. Integrity b. Confidentiality c. Availability d. Disclosure
not confidentiality
Eavesdropping
observing network traffic flow between computers.
Denial
occurs when authorized users and systems are unable to access a particular asset.
DNS Attacks (Domain Name Service)
redirect users from legitimate website to malicious websites.
Hacker
skilled individual that use technical skills to find weaknesses in computers or computer networks and exploit them.
brute force attack
the password cracker tries every possible combination of characters
Method
the set of specific skills, knowledge and resources required for a particular attack, including the technical expertise to successfully complete the attack.
Access Control
type of control accomplished through authentication. (Password, Key, Fingerprints)
corporate espionage
unauthorized access of corporate information, usually to the benefit of a competitor
biometric authentication
uses personal physical characteristics such as fingerprints, facial features, and retinal scans to authenticate users
Alteration
when data is added, modified, or removed without proper authorization.
Disclosure
whenever information that is intended to be confidential is accessed by unauthorized people/systems.