Network Security CH 1

Ace your homework & exams now with Quizwiz!

Threat

A category of objects, persons, or other entities that present a danger to an asset.

Exposure

A condition or state of being exposed. In InfoSec, exposure exists when a vulnerability known to an attacker is present.

Denial-of-service Attack

A cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources.

Man-in-the-middle Attack

A form of eavesdropping where the attacker makes an independent connection between two victims and steals information to use fraudulently.

Brute Force Attack (guessing attack)

A password-cracking program that tries every possible combination of characters.

Worms

A program that resembles a computer virus in that it can spread from one computer to another. It can propagate over a computer network and does not require a user to execute a program.

McCumber Cube

A representation of a 3x3x3 cube, with 27 cells representing areas that must be addressed to secure today's information systems.

Security Policy

A set of rules that protect an organization's assets.

Loss

A single instance of an information asset suffering damage, unintended or unauthorized modifications or disclosure. When information is stolen from an company, its considered a loss.

Sniffers

A specially designed software (and in some cases hardware) applications that capture network packets as they traverse a network, displaying them for the attacker.

Rainbow Table

A table of hashed phrases/words that can be used in a password attack.

Exploit

A technique used to compromise a system.

Risk Appetite

Amount of risk that a business is willing to accept.

Attack

An act or action that takes advantage of a vulnerability to compromise a controlled system using intentional or unintentional steps that can cause damage or loss.

Subject

An agent entity used to conduct the attack.

Buffer Overflow

An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

Asset

An organizational resource that has value to the organization. In InfoSec, this is often the resource that is being protected.

C.I.A. triad

Confidentiality, Integrity, and Availability of data (aka the CIA triad) are the main characteristics of secured data. Confidentiality, refers to preventing unauthorized use of data. Integrity and availability were discussed in previous slides

Distributed denial-of-service Attack

Cyber attack uses numerous computers (zombies/bots) to inundate and overwhelm the network from numerous launch points

Availability

Enables authorized users, persons or computer systems to access information without interference or obstruction, and to receive it in the required format.

Data Users

End users who work with the information to perform their daily jobs supporting the mission of the organization, and who therefore share the responsibility for data security.

Spoofing

Faking the sending address of a transmission in order to gain illegal entry into a secure system.

Policy

Guidance or instructions that an organization's senior management implements to regulate the activities of the organization members who make decisions, take actions, and perform other duties.

Social Engineering

Hackers use their social skills to trick people into revealing access credentials or other valuable information

Phreaker

Hacks the public telephone network to make free calls or disrupt services.

Dictionary Attack

Helps hackers guess your password by stepping through a dictionary containing thousands of the most commonly used passwords.

Hacktivist (Cyberactivist)

Individuals who interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.

Boot Virus

Infects the master boot record of a hard drive. (MBR contains program necessary to start computer

Privacy

Information is used in accordance with the legal requirements mandated for employees, partners, and customers.

Integrity

Information remains whole, complete, and uncorrected.

Accuracy

Information that is free from mistakes/errors and has the value that the end user expects it to have.

Well-known vulnerabilites

Is a type of vulnerability that has been examined, documented, and published; other remain latent (or undiscovered).

Enterprise Information security policy (EISP) (General Security Policy, IT security policy, information security policy)

Is an executive-level document, usually drafted by, or in cooperation with, the CIO of the organization. Shapes the philosophy of security in the IT environment.

Software Piracy

Is the unauthorized copying and selling of software.

De jure Standard

Legally binding industry standards that all manufactures have to agree on

E-mail Attack

Like a DOS for email.

Trojan Horse

Masquerades as beneficial program while quietly destroying/damaging your system.

Script Kiddies

Novice hackers who download scripts written by someone else to exploit known vulnerabilities.

Intellectual Property

Often referred to as IP; IP is defined as works of the mind, such as inventions, literature, art etc... IP is protected by law and any use, whether or not it requires payments or permission, should be properly credited.

Possession

Ownership or control of some object or item.

Password Cracking

Penetrating system defenses, stealing passwords, and decrypting them to access system programs, files, and data

Data Owners

People responsible for the security and use of a particular set of information.

Chief Information Officer (CIO)

Person who is primarily responsible for advising the CEO, president or company owner on the strategic planning that affects the management of information in the organization.

Rootkit

Program that hides in a computer and allows someone from a remote location to take full control of the computer.

Four Important Organizational Fuctions

Protect the organization's ability to function. Enables the safe operation of applications implemented on the organization's IT system. Protects the data the organization collects and uses. Safeguards the technology assets in use at the organization.

Information security policy

Provides rules for the protection of the information assets of the organization.

Chief Information Security Officer (CISO)

Responsible for the assessment, management, and implementation of securing the information in the organization

Packet Monkey

Script kiddies who use automated tools to inundate a Web site with a barrage of network traffic, usually resulting in a DOS.

Countermeasure (Control, Safeguard)

Security mechanisms, policies, or procedures that can successfully counterattack, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.

Computer Virus

Segments of code that perform malicious actions.

Mail bomb

Sends a massive amount of email to a specific person or system that can cause that user's server to stop functioning

Backdoor

Software code that gives access to a program or a service that circumvents normal security protections.

Malicious Code (malcode) Malware (malicious software)

Software components or programs designed to damage, destroy, or deny service to the target systems.

Hacker

Someone who accesses a computer or network illegally

Cracker

Someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action

Cyberterrorist

Someone who uses the internet or network to destroy or damage computers for political reasons

De facto Standard

Standards that have developed over time through common usage until they become the accepted way of doing things.

Access

The ability to use, manipulate, modify, or affect an asset or resource.

Confidentiality

The act of holding information in confidence, not to be released to unauthorized individuals

Protection Profile (Security Posture)

The entire set of controls and safeguards (including policy, education, training, and awareness, and technology) that the organization implements (or fails to implement) to protect the asset.

Risk

The probability that something unwanted will happen.

Strategic Planning

The process of moving the organization towards its vision.

Communication Security

The protection of an organization's communications media, technology, and content.

Information Security

The protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.

Network Security

The protection of networking components, connections, and contents, which is the primary focus of this textbook.

Operations Security

The protection of the details of a particular operation or series of activities.

Personal Security

The protection of the people who are authorized to access the organization and its operations.

Physical Security

The protection of the physical items or areas of an organization from unauthorized access and misuse.

Authenticity

The quality or condition of being authentic, trustworthy, or genuine

Utility

The quality or state of having value for some purpose or end. Information must be in a format that is meaningful to the end user

Threat agent

The specific instance of a threat or a particular component of a threat.

Object

The target entity of an attack.

Spam

Unwanted e-mail (usually of a commercial nature sent out in bulk)

Rainbow Attack

Uses the hashed password table from an organization and compares it to a rainbow table, which contains hash values of text strings.

Shoulder Surfing

Watching an authorized user enter a security code on a keypad.

Vulnerability

Weaknesses or faults in a system or protection mechanism that open it to the possibility of attack or damage.

Timing Attacks

Works by measuring the time required to access a Web page and deducing that the user has visited the site before by the presence of the page in the browser's cache.

Data Custodians

Works directly with data owners and are responsible for the storage, maintenance, and protection of the information.

Vision

Written statement of the organization's long term goals.

Mission

Written statement of the organization's purpose.

Macro Virus

a virus that attaches itself to a document that uses macros A software exploitation virus that works by using the macro feature included in many application, such as Microsoft Office.


Related study sets

Krueger, Explorations in Economics 1e, Module 36

View Set

transcription, translation and replication

View Set

Logic: Chapter 1- What Logic Studies

View Set

Unit 4 (Chapter 20)- The 20th Century Early Years

View Set

Chapter 10: Substance related & impulse control

View Set

ATI Neuro/Musculoskeletal Focused

View Set

Kitchener's Five Moral Principles

View Set