Chapter 10 Flashcards
sources of threats
human error
computer crime
natural disaster
types of security loss
unauthorized data disclosure incorrect data modification faulty service denial of service loss of infrastructure
unauthorized data disclosure
when a threat obtains data that is supposed to be protected
pretexting
when someone deceives by pretending to be someone else
phishing
used for obtaining unauthorized data by using pretexting through email
spoofing
same as pretexing
IP spoofing
an intruder uses another site’s IP address as a disguise
sniffing
intercepting computer communications
wardrivers
take computers with wireless connections through an area and search for unprotected networks
faulty service
problems that result from incorrect system operations
usurpation
when computer criminals invade a computer system and replace legitimate programs with their own
unauthorized data disclosure (example)
if a professor were to release students names and grades to the public, which is illegal
incorrect data modification (example)
if an employee incorrectly increases a sales discount for a customer
an employee’s salary is incorrectly modified
faulty service (example)
if a person incorrectly preforms a task like putting the wrong box of cereal on the shelf
if a system developer were to incorrectly write programs
denial of service (example)
if a person inadvertently shuts down a Web server
loss of infrastructure (example)
a bulldozer cutting a conduit of fiber-optic cables and a floor buffer crashing into a rack of web servers
intrusion detection system (IDS)
a computer program that senses when another computer is attempting to scan or access a computer or network
brute force attack
a password cracker tries every possible combination of characters
encryption
the process or transferring clear text into coded, unintelligible text for secure storage or communication
key
a number used to encrypt the data
symmetric encryption
the same key used to encode and decode
asymmetric encryption
two keys used to encode and decode
public key encryption
each site has a public key for encoding messages and a private key for decoding them
Secure Sockets Layer
combination of public key and encryption and symmetric encryption
firewall
computing device that prevents unauthorized network access
packet-filtering firewall
examines each part of a message and determines whether to let that part pass
malware
a broad category of software that includes viruses, spyware, and adware
payload
can delete programs or data
Trojan horses
viruses that masquerade as useful programs or files
worm
a virus that self-propagates using the internet or other computer network
spyware
programs installed on the user’s computer without the user’s knowledge or permission
adware
similar to spyware but resides in the background and observes user behavior
malware safeguards
antivirus programs
antimalware programs
open email attachments from known sources
key escrow
when data are encrypted, a trusted party should have a copy of the encryption key
three systems procedures
normal operation
backup
recovery
honeypots
false targets for computer criminals to attack
