Chapter 19

Question 1

A term that, depending on the context, may be applied to either (1) someone who breaks into computer systems, or (2) a particularly clever programmer.

Answer 1

Hacker

Question 2

Someone who uncovers computer weaknesses without exploiting them. The goal of the white hat hacker is to improve system security.

Answer 2

white hat hackers

Question 3

Computer criminals.

Answer 3

black hat hackers

Question 4

Hordes of surreptitiously infiltrated computers, linked and controlled remotely, also known as zombie networks.

Answer 4

botnets

Question 5

An attack where a firm’s computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site’s use. DDoS attacks are often performed via botnets.

Answer 5

distributed denial of service (DDoS)

Question 6

A protester seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage.

Answer 6

hacktivists

Question 7

A term that may, depending on the context, refer to either (1) breaking into a computer system, or (2) a particularly clever solution.

Answer 7

hack

Question 8

Criminals who purchase assets from data harvesters to be used for illegal financial gain. Actions may include using stolen credit card numbers to purchase goods, creating fake accounts via identity fraud, and more.

Answer 8

cash-out fraudsters

Question 9

Cybercriminals who infiltrate systems and collect data for illegal resale.

Answer 9

data harvesters

Question 10

Code that unlocks encryption.

Answer 10

key (encryption)

Question 11

When identity is proven by presenting more than one item for proof of credentials. Multiple factors often include a password and some other identifier such as a unique code sent via e-mail or mobile phone text, a biometric reading (e.g., fingerprint or iris scan), a swipe or tap card, or other form of identification.

Answer 11

multi-factor authentication

Question 12

A con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software.

Answer 12

phishing

Question 13

Scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.

Answer 13

encryption

Question 14

Term used in security to refer to forging or disguising the origin or identity. E-mail transmissions and packets that have been altered to seem as if they came from another source are referred to as being “spoofed.”

Answer 14

spoofed

Question 15

Attacks that are so new that they haven’t been clearly identified, and so they haven’t made it into security screening systems.

Answer 15

zero-day exploits

Question 16

A two-key system used for securing electronic transmissions. One key distributed publicly is used to encrypt (lock) data, but it cannot unlock data. Unlocking can only be performed with the private key. The private key also cannot be reverse engineered from the public key. By distributing public keys, but keeping the private key, Internet services can ensure transmissions to their site are secure.

Answer 16

public key encryption

Question 17

Combing through trash to identify valuable assets.

Answer 17

dumpster diving

Question 18

Technology that identifies users via unique characteristics in speech.

Answer 18

voice-print

Question 19

A trusted third party that provides authentication services in public key encryption schemes.

Answer 19

certificate authority

Question 20

An acronym standing for completely automated public Turing test to tell computers and humans apart. The Turing test is, rather redundantly, an idea (rather than an official test) that one can create a test to tell computers apart from humans.

Answer 20

CAPTCHAs

Question 21

An attack that exhausts all possible password combinations in order to break into an account. The larger and more complicated a password or key, the longer a brute-force attack will take.

Answer 21

brute-force attacks

Question 22

Technologies that measure and analyze human body characteristics for identification or authentication. These might include fingerprint readers, retina scanners, voice and face recognition, and more.

Answer 22

biometrics

Question 23

Gaining compromising information through observation (as in looking over someone’s shoulder).

Answer 23

shoulder surfing

Question 24

Highly restrictive programs that permit communication only with approved entities and/or in an approved manner.

Answer 24

whitelists

Question 25

A system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use.

Answer 25

firewalls

Question 26

A system that monitors network use for potential hacking attempts. Such a system may take preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel.

Answer 26

intrusion detection systems

Question 27

A seemingly tempting, but bogus target meant to draw hacking attempts. By monitoring infiltration attempts against a honeypot, organizations may gain insight into the identity of hackers and their techniques, and they can share this with partners and law enforcement.

Answer 27

honeypots

Question 28

Programs that deny the entry or exit of specific IP addresses, products, Internet domains, and other communication restrictions.

Answer 28

blacklists