Chapter 3 Flashcards
What is Cloud Computing
Software and Data services provided via the Internet
Exploit
Attack on an information system that takes advantage of a system vulnerability
Organizations that capture and report information about software vulnerabilities
Open Source Vulnerability Database (OSVDB), Computer Emergency Response Team (CERT), Common Vulnerabilities and Exposures (CVE)
Types of Exploits
Virus, Worm, Trojan horse, distributed denial-of-service, rootkit, spam, phishing, spear-phishing, smishing, and vishing
Virus
Piece of programming code, disguised as something else, that cause a computer to behave in an unexpected and usually undesirable manner.
Does not spread on it own.
Macro Virus
Insert unwanted words, numbers, or phrases into documents.
Worms
Program that resides in the active memory of the computer and duplicates itself.. Spread without Human intervention
Trojan Horse
Program which harmful code is hidden inside a seemingly harmless program.
Logic bomb
Type of Trojan Horse
Triggered by a specific event
Distributed denial-of-service attack (DDoS)
Hacker takes over computers(uknowingly to owners of those computers) via the Internet and causes them to flood a target site with demands for data and small tasks
Rootkits
set of programs that enables it user to gain administrator level access to a computer without the end user’s consent or knowledge.
CAPTCHA
Completely Automated Public Turing Test to tell Computers And Humans Apart
Phising
using email to try to get the recipient to reveal personal data
Spear-phishing
Variation of phishing that target certain organization’s employee
Looks like the employee’s higher up
Smishing
SMS texting variation of phishing
Vishing
Voice mail version of phishing
Hacker
Test limits of system and/or gain publicly
Cracker
Cause problems, steal data, and corrupt systems
Malicious Insider
Financial gain and/or disrupt company’s information systems and business operations.
Cybercriminal
Gain financially
Hacktivist
Promote political ideology
Cyberterroritst
Destroy infrastructure components of financial institutions, utilities, and emergency response units
lamers/Script kiddies
Technically inept hackers
Steps to reduce potential for attack
Perform a thorough background check as well as psychological and drug testing of candidates for sensitive position
Establish an expectation of regular and ongoing psychological and drug testing as a normal routine for people in sensitive positions
Limit The number of people who can perform sensitive operation and grant only the minimum rights and privileges necessary to perform essential duties
Define job roles and procedures so that same person cannot initiate and approve an action.
Periodically rotate people in sensitive positions
Immediately revoke all rights and privileges necessary to perform essential duties when someone leaves a sensitive position
Implement an ongoing audit process