Chapter 10: Cybersecurity Flashcards
What is accurate data?
Data that is true to the source. How close the data is to its true or accepted value
What is correct data?
If the data is free from error
If data is precise, what does this mean?
How close the data is to other sets of data
What is authentic data?
If the data is from a trusted source
If data is reasonable, what does this mean?
The data meets the expected range, values
What is data mining?
Process of extracting and discovering patterns in large sets of data, to come to conclusions
Give examples of accidental threats
1) Deletion of files without having a backup
2) Files saved in the wrong format, causing it to be lost or corrupt
3) Physical loss of hardware
What are Event-based threats, give examples
Particular events that occur where the user has NO CONTROL over them, such as:
1) Failure of hardware, power failure, Software freezing all cause a file to be corrupt
2) Natural disasters -> significant loss of data
What are deliberate threats?
Where unauthorised people try to gain access to an organisations information, and can be both from the inside and outside of an organisation.
What is internet security?
Application of security measures based on a cost/benefit analysis, for instance a company can have a large range of security measures placed on it, but the cost of it will be very large
Define protection
What can be done to prevent malicious attacks on the data within the organisation, AKA “front door”
Define User Authentication
Process where a person who wishes to gain access to an information system provides satisfactory credentials to allow them to be confirmed
What are the 3 categories of user authentication?
1) Ownership factors (what the user has)
- ID Card
- Phone
2) Knowledge factors (something the user knows)
- Password
- PIN
- Answer to a specific question
3) Inherence factors
- fingerprint
- biometrics
What is defined as a “complex” password?
Consisting of:
1) At least 8 characters
2) A mix of numbers, letters and special case characters
3) Upper and Lowercase
What is password entropy?
How easily a password can be “cracked”, which is why the length of a password is important.
What is a dictionary attack?
Trying all the strings in a pre-arranged list, think “Dictionary”
How can you prevent a dictionary attack?
By choosing a password that is not simple and common and isn’t found in any dictionary
How do you encrypt data using hashing?
When a user enters their username and password, both are hashed using a key to produce a hashed value of each that is SIGNIFICANTLY different from the original.
This hashed value can be compared to the hashed valuethat is stored in the database
What is the benefit of encrypting data using hashing, and how can hashing be bypassed?
The main benefit is the database only contains hashed values, however, if a hacker obtains the hashed database, they can take their time and brute force all the different hash table keys, or by using a rainbow table.
What are rainbow tables?
List of all possible permutations of encrypted passwords, which are specific to a given hash table
How do rainbow tables work?
Once a hacker gains access the password database, they can compare the rainbow table’s PRECOMPILED list of potential hashes to the hashed passwordsin the database
(Reverse engineering of the hash is applied to the username and password basically)