Chapter 19

Question 1

botnets

Answer 1

Hordes of surreptitiously infiltrated computers, linked and controlled remotely, also known as zombie networks.

Question 2

distributed denial of service (DDoS)

Answer 2

An attack where a firm’s computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site’s use. DDoS attacks are often performed via botnets.

Question 3

zero-day exploits

Answer 3

Attacks that are so new that they haven’t been clearly identified, and so they haven’t made it into security screening systems.

Question 4

hack

Answer 4

A term that may, depending on the context, refer to either (1) breaking into a computer system, or (2) a particularly clever solution.

Question 5

CAPTCHAs

Answer 5

An acronym standing for completely automated public Turing test to tell computers and humans apart. The Turing test is, rather redundantly, an idea (rather than an official test) that one can create a test to tell computers apart from humans.

Question 6

biometrics

Answer 6

Technologies that measure and analyze human body characteristics for identification or authentication. These might include fingerprint readers, retina scanners, voice and face recognition, and more.

Question 7

hacker

Answer 7

A term that, depending on the context, may be applied to either (1) someone who breaks into computer systems, or (2) a particularly clever programmer.

Question 8

intrusion detection systems

Answer 8

A system that monitors network use for potential hacking attempts. Such a system may take preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel.

Question 9

cash-out fraudsters

Answer 9

Criminals who purchase assets from data harvesters to be used for illegal financial gain. Actions may include using stolen credit card numbers to purchase goods, creating fake accounts via identity fraud, and more.

Question 10

encryption

Answer 10

Scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.

Question 11

honeypots

Answer 11

A seemingly tempting, but bogus target meant to draw hacking attempts. By monitoring infiltration attempts against a honeypot, organizations may gain insight into the identity of hackers and their techniques, and they can share this with partners and law enforcement.

Question 12

whitelists

Answer 12

Highly restrictive programs that permit communication only with approved entities and/or in an approved manner.

Question 13

blacklists

Answer 13

Programs that deny the entry or exit of specific IP addresses, products, Internet domains, and other communication restrictions.

Question 14

certificate authority

Answer 14

A trusted third party that provides authentication services in public key encryption schemes.

Question 15

spoofed

Answer 15

Term used in security to refer to forging or disguising the origin or identity. E-mail transmissions and packets that have been altered to seem as if they came from another source are referred to as being “spoofed.”

Question 16

white hat hackers

Answer 16

Someone who uncovers computer weaknesses without exploiting them. The goal of the white hat hacker is to improve system security.

Question 17

voice-print

Answer 17

Technology that identifies users via unique characteristics in speech.

Question 18

multi-factor authentication

Answer 18

When identity is proven by presenting more than one item for proof of credentials. Multiple factors often include a password and some other identifier such as a unique code sent via e-mail or mobile phone text, a biometric reading (e.g., fingerprint or iris scan), a swipe or tap card, or other form of identification.

Question 19

brute-force attacks

Answer 19

An attack that exhausts all possible password combinations in order to break into an account. The larger and more complicated a password or key, the longer a brute-force attack will take.

Question 20

hacktivists

Answer 20

A protester seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage.

Question 21

black hat hackers

Answer 21

Computer criminals.

Question 22

public key encryption

Answer 22

A two-key system used for securing electronic transmissions. One key distributed publicly is used to encrypt (lock) data, but it cannot unlock data. Unlocking can only be performed with the private key. The private key also cannot be reverse engineered from the public key. By distributing public keys, but keeping the private key, Internet services can ensure transmissions to their site are secure.

Question 23

phishing

Answer 23

A con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software.

Question 24

dumpster diving

Answer 24

Combing through trash to identify valuable assets.

Question 25

firewalls

Answer 25

A system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use.

Question 26

key (encryption)

Answer 26

Code that unlocks encryption.

Question 27

shoulder surfing

Answer 27

Gaining compromising information through observation (as in looking over someone’s shoulder).

Question 28

data harvesters

Answer 28

Cybercriminals who infiltrate systems and collect data for illegal resale.