ISEC - Ch. 3 Vocabulary

Ace your homework & exams now with Quizwiz!

URL

A Uniform Resource Locator is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it

Syn flood

A popular technique for launching a packet flood; the attacker sends a large number of packets requesting connections to the victim computer; however, the ACK bit is never received

Zero-day

Exploiting a new vulnerability or software bug for which no specific defenses yet exist.

Evil Twin

Faking an open or public wireless network to use a packet sniffer on any user who connects to it.

Backdoor

Hidden access method that give developers or support personnel easy access to a system without having to struggle with security controls

Vishing

Performing a phishing attack by telephone in order to elicit personal information; using verbal coercion and persuasion ("sweet talking") the individual under attack.

Whaling

Targeting the executive user or most valuable employees, otherwise considered the "whale" or "big fish" (often called spear phishing).

CVE

The Common Vulnerabilities & Exposure list is maintained and managed by the Mitre Corporation on behalf of the U.S. Department of Homeland Security

DDoS

The distributed denial of service attack is a type of DoS attack that also impacts a user's ability to access a system. It overloads computers and prevents legitimate users from gaining access

VoIP

Voice over IP

Vulnerability

a bug or weakness in the program

Netcat

a computer networking utility for reading from and writing to network connections using TCP or UDP; one of the most popular backdoor tools in use today

Wardialer

a computer program that dials telephone numbers, looking for a computer on the other end. The program works by automatically dialing a defined range of phone numbers

Gray-hat hacker

a hacker with average abilities who may one day become a black-hat hacker but could also opt to become a white-hat hacker. Another common definition is a hacker who will identify but not exploit discovered vulnerabilities, yet may still expect a reward for not disclosing the vulnerability openly.

Trojan horse

a malware that masquerades as a useful program; use their outward appearance to trick users into running them

Firewall

a program or dedicated hardware device that inspects network traffic passing through it and denies or permits that traffic based on a set of rules you determine at configuration. It's basic task is to regulate the flow of traffic between computer networks of different trust levels—for example, between the LAN-to-WAN domain and the WAN domain, where the private network meets the public Internet

Worm

a self-contained program that replicates and sends copies of itself to other computers, generally across a network, without any user input or action

Virus

a software program that attaches itself to or copies itself into another program on a computer. The purpose of a _________ is to trick the computer into following instructions not intended by the original program developer.

Packet sniffer

a software program that enables a computer to monitor and capture network traffic, whether on a LAN or a wireless network.

Cracker

a software program that performs one of two functions: a brute-force password attack and a dictionary password attack

Password cracker

a software program that performs one of two functions: a brute-force password attack and dictionary password attack

Dictionary Attack

a subset of brute-force attacks

Cookie

a text file that contains details gleaned from past visits to a website

Port scanner

a tool used to scan IP host devices for open ports that have been enabled

Spoofing

a type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resources

Hijacking

a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them

Birthday Attack

a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier

Phishing

a type of fraud in which an attacker attempts to trick the victim into providing private information such as credit card numbers, passwords, dates of birth, bank account numbers, automated teller machine (ATM) PINs, and Social Security numbers

Spyware

a type of malware that specifically threatens the confidentiality of information. It gathers information about a user through an Internet connection, without his or her knowledge

Keystroke logger (Keylogger)

a type of surveillance software or hardware that can record to a log file every keystroke a user makes with a keyboard

Media Access Control Address (MAC Address)

a unique identifier assigned to network interfaces for communications at the data link layer of a network segment. They are used as a network address for most IEEE 802 network technologies, including Ethernet and Wi-Fi

Script kiddie

a wannabe hacker, a person of any age with little or no skill; simply follows direction/uses the "cookbook" approach

Cryptographic attack

an algorithm that converts a large amount of data to a single (long) number. Once mathematically hashed, the hash value can be used to verify the integrity of those data.

Pharming

another type of attack that seeks to obtain personal or private financial information through domain spoofing. A _______ attack doesn't use messages to trick victims into visiting spoofed websites that appear legitimate, however. Instead, ________ "poisons" a domain name on the domain name server (DNS), a process known as DNS poisoning

Threat

any action that can damage or compromise an asset

Asset

any item that has value

PBX (Private branch exchange)

attackers would use wardialers to gain access to ________________ phone systems in an attempt to obtain dial tone or international dialing capability to commit toll fraud

DoS (Denial of service)

attacks that result in downtime or inability of a user to access a system. They impact the availability tenet of information systems security. It is a coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks

CIA

confidentiality, integrity, or availability

Phreaking

is a slang term that describes the activity of a subculture of people who study, experiment with, or explore telephone systems, telephone company equipment, and systems connected to public telephone networks. ___________ is the art of exploiting bugs and glitches that exist in the telephone system.

White-hat

is an information systems security professional who has authorization to identify vulnerabilities and perform penetration testing. The difference between _____ hackers and black-hat hackers is that ______ hackers will identify weaknesses for the purpose of fixing them, and black-hat hackers find weaknesses just for the fun of it or to exploit them.

Downtime

is the time during which a service is not available due to failure or maintenance

Rootkit

malicious software programs designed to be hidden from normal methods of detection. They allow an attacker to gain access to a computer system

Promiscuous mode

means that every data packet can be seen and captured by the sniffer

Disclosure

occurs any time unauthorized users access private or confidential information that is stored on a network resource or while it is in transit between network resources. It can also occur when a computer or device containing private or confidential data, such as a database of medical records, is lost or stolen

Masquerade attack

one user or computer pretends to be another user or computer. They usually include one of the other forms of active attacks, such as IP address spoofing or replaying

Malicious attack

overtaking a persons computer in order to spread the bug to other peoples devices and profiles

Typo squatting

same as URL hijacking

Protocol analyzer

same as packet sniffer

Adware

similar to spyware but does not transmit personally identifiable information (PII)

Malware

software used to conduct a malicious attack

Hacker

someone who breaks into a computer system without authorization

Passive wiretap

tapping telephone/communication lines; an unauthorized user simply listens to the transmission without changing the contents

Espionage

the act of spying to obtain secret information, typically to aid another nation state. Terrorists and enemy agents might well be involved in activities to obtain sensitive government information that they can use to perpetuate future attacks

Opportunity cost

the amount of money a company loses due to downtime

Session hijack

the attacker attempts to take over an existing connection between two network computers. The first step in this attack is for the attacker to take control of a network device on the LAN, such as a firewall or another computer, in order to monitor the connection. Then the attacker generates traffic that appears to come from one of the communicating parties. This steals the session from one of the legitimate users

URL Hijacking (or browser hijacking)

the user is directed to a different website than what he or she requested, usually to a fake page that the attacker has created

Brute-force password attack

to gain unauthorized access to a system or recovery of passwords stored as a cryptographic hash on a computer system

Black-hat hacker

tries to break IT security and gain access to systems with no authorization in order to prove technical prowess. They generally develop and use special software tools to exploit vulnerabilities. They generally exploit holes in systems, but they generally do not attempt to disclose vulnerabilities they find to the administrators of those systems

SPAM

unwanted emails

Spim

unwanted instant messages or IM chats

Cyberattackers

use a number of hardware and software tools to discover exploitable weaknesses and other tools to perform the actual attack

Logic attack

use software flaws to crash or seriously hinder the performance of remote servers. You can prevent many of these attacks by installing the latest patches to keep your software up to date.

ARP Poisoning

used to map an Internet Protocol (IP) address to a physical or MAC address.

Wardialing

useful for finding access points to computers

Smurf attack

uses a directed broadcast to create a flood of network traffic for the victim computer.


Related study sets

#4 Quiz: Confirming Placement of a Nasogastric Tube

View Set

Chapter 20: Achieving Success in the Small Business

View Set

Marketing Management 5504 Quiz 15-28

View Set

CNA: Chapter 26: Measuring Vital Signs

View Set

Exam 3: Integumentary, Endocrine, Management, Respiratory, and Immune

View Set

micro exam #3 poliomyelitis (polio) document

View Set

OB Exam 2 Success Questions LP 4 & 5

View Set