Chapter 4 Network and Internet Security Flashcards
what is unauthorized access?
Gaining access to a computer, network, file or other resource without permission
What is unauthorized use?
Using a computer resource for unapproved activities
What is hacking?
Using a computer to break into another computer system
What are codes of conduct?
Codes that address prohibited activities such as playing games, installing personal software, violating copyright laws, causing harm to computers or the network and snooping in other peoples files.
What is the Heartland Payment systems data breach
in 2009, the theft of consumer data such as theft of credit card numbers occurred from the epsilon mass email marketing company and more than 77 million sony playstation network accounts.
What is the National electric sector cyber security organization?
An organization created by President Obama for cybersecurity
What is war driving?
Driving around an area with a Wi-Fi enabled computer or mobile device to find a Wi-Fi network to access and use without authorization
Wi-Fi piggybacking
Accessing an unsecured Wi-Fi network from your current location without authorization
What is the Payment Card Industry Data Security Standard
PCI DSS
Requires companies to limit the credit card data stored on company servers and to encrypt the data that is allowed to be stored.
Access control Systems
used to control access to facilities, computer networks, company databases, web site accounts etc.
Egs are identification systems
and authentication systems
and identity management systems
What is a possessed knowledge access system?
An access control system that uses information only the individual should know to identify that individual
What is a password?
A secret combination of characters used to gain access to a computer, computer network or other resource.
What is two-factor authentication systems
Using two different methods to authenticate a user
What is possessed object access system?
An access control system that uses physical object and individual has in his or her possession to identify that individual.
Egs: RFID encoded badges, magnetic a cards or USB security keys
What is a biometric access system?
An access control system that uses one unique physical characteristic of an individual such as a fingerprint face or voice to authenticate that individual
What is WEP and WPA and WPA2?
WEP: is Wired Equivalent privacy which is now considered insecure and has been replaced by
WPA: Wi-Fi protected access.
WPA2 is more protected than WPA.
Most Wi-Fi hardware today is shipped with the security features turned off and most people never enable them which leaves the networks unsecured
Why should we use a network key or a passphrase when setting up a WiFi network?
To make sure the WiFi network is secured
What is a SSID?
The name of the WiFi network.
What is a firewall?
A collection of hardware and or software intended to protect a computer or computer network from unauthorized access
How does a firewall work?
It closes off all external communications port addresses which are the electronic connections that allow a computer to communicate with other computers to unauthorized computer programs.
What is an intrusion prevention system?
A system related to a firewall which is used by businesses that instead of blocking unauthorized traffic it continuously monitors traffic to detect possible attacks as they are occurring then blocks them.
What are secure web pages?
Web pages that use encryption so that sensitive data such as credit card numbers are protected.
What are the most commonly used security protocols used with secure webpages?
SSL: Secure sockets layer
EV SSL: Extended Validation Secure Sockets Layer
Note: the URL’s will begging with https. rather than just http.
What is self encrypting and where is it used?
Many computers and storage devices esp. those that are used for portable computers automatically encrypt all information
What is private key encryption?
a type of encryption that uses a single key to encrypt and decrypt the file or message
What is a public key encryption
A type of encryption that uses key pairs to encrypt and decrypt the file or message
What are a Virtual Private networks?
A private, secure path over the internet that provides authorized users a secure means of accessing a private network via the internet.
What are some public hotspot precautions to take to protect your information?
Name approx. 10
- Turn off automatic connections and pay at ten to the list of available hotspots to make sure you connect to a legitimate spot.
- use a personal firewall to control the traffic going to and from your computer
- Use a virtual private network to secure all activity
- only enter passwords, credit card numbers, and other data on secure web pages using VPN
- if you’re not using a VPN, encrypt all sensitive files before transferring or emailing them.
- Avoid online shopping if you are not using a VPN
- Turn off file sharing so others can’t access the files on your hard drive
- Turn off blue tooth and Wi-Fi when you are not using them
- Disable ad hoc capabilities to prevent another computer from connecting to your computer without using and access point
- use antivirus software and make sure your operating system and browser are up to date
What is an evil twin?
is a fake Wi-Fi hotspot set up by a thief to masquerade as a legitimate Wi-Fi hotspot
What is computer sabotage?
acts of malicious destruction to a computer or computer resource is another common crime today
What is a Bot?
a computer that is controlled by a hacker or other computer criminal
What is a Botnet?
A group of bots that are controlled by one individual
What is Malware
Any type of malicious software
What is a computer virus?
A software program installed without the users knowledge and designed to alter the way a computer operates or to cause harm to the computer
What is a computer worm?
A malicious program designed to spread rapidly to a large number of computers by sending copies of itself to other computers
What is a Trojan horse?
A malicious program that masquerades as something else.
What is Mobile malware?
malware that affects mobile phones, portable digital media, printers and other devices.
Some are designed to crash that euphonies operating system and can be infected via bluetooth by just being in range
What is Denial of Service Attack? (DoS Attack)
An act of sabotage that attempts to flood a network server or a Web server with so much activity that is unable to function.
What is DDoS attacks?
Distributed denial of service attacks
This is where attacks are performed by botnets created by hackers and the computers in the bonnet participate in the attacks without the owners knowledge.
What is security software?
software that is installed to protect the computer against a variety of threats
What is antivirus software?
Software used to detect and eliminate computer viruses and other types of malware
What are 8 virus prevention strategies?
- use antivirus
- Limit sharing of USB flash drives and other removable storage devices
- only download from reputable sites
- only open email attachments from people you know.
- for any downloaded file you are unsure of, upload it to a website such as VirusTotal.com that test files for viruses before you open them
- Keep email preview window closed
- regularly download latest security patches
- avoid downloading from P2P sites.
What is a dot con?
a fraud or dcm carried out through the internet
What is data theft or information theft?
is the theft of data or information located on or being sent from a computer
can be done by actually stealing the computer or it can take place over the internet by gaining unauthorized access to the computer
What is salami shaving?
Money that is stolen via a computer. Company insiders steal money by altering company programs to transfer small amounts of money for example a few cents worth of bank account interest form a ver large number of transactions to an account controlled by thief.
What is identity theft?
occurs when someone obtains enough information about a person to be able to masquerade as that person usually to buy products.
What is skimming?
Skimming involves stealing credit cards or debit card numbers by using an illegal device attached to credit cardreader or an ATM mating that reads and stores the card numbers
What is social engineering?
this involves pretending typically via a phone or email to be a bank officer, potential employer or other trusted individual in order to get the potential victim to supply personal information
What is phishing?
the use of a spoofed email messages to gain credit card numbers and other personal data to be used for fraudulent purposes (e.g. mail that appears to have come from paypal or a bank etc)
What is spear phishing?
a personalized phishing scheme targeted at and individual.
What is pharming?
the use of spoofed domain names to obtain personal information in order to use that information in fraudulent activities
What is online auction fraud?
When an item is “purchased” through and online auction is never delivered after payment or the item is not specified by the seller
What are some characteristics of phishing emails? Name 7
- Tries to scare you into responding by sounding urgent including warnings that acct will be cancelled etc
- Asks you to provide personal info
- Contains links that do not go where they are supposed to go.
- Uses legit logos of companies
- Appears to come from a known organization
- Appears to be text and text and images but is actually a single image and has been created to avoid being caught in a spam filter
- Contains spelling or grammatical errors
What are some tips for avoiding id theft? Name 9.
- Protect your SIN
- Be careful with mail…shred documents
- Keep security of computers upto date
- Be cautious never click on a link in an email message or respond to a too good to be true offer
- Use strong passwords
- Verify sources before sharing info. Never respond to phone or email requests for sensitive information
- Be vigilant while on the go…keep wallet, phone etc secure
- Watch bills and monitor credit cards… React immediately if you suspect fraud
- Use security software that warns you if you may be accessing a phishing site
What is a digital certificate?
A group of electronic data that can be used to verify the id of a person or organization; includes a key pair that can be used for encryption and digital signatures
What is a digital signature?
A unique digital code that can be attached to a file or an email to verify the identity of the sender and guarantee the file or message hasn’t been changed since it was signed
What is cyberbullying?
Children or teenagers bullying other children or teens on the internet
What is cyberstalking?
Repeated threats or harassing behaviour between adults carried out via email or another internet communication method
What is the Identity Theft Penalty Enhancement Act?
Created in 2004.
Adds extra years to prison sentences for criminals who use ID theft to commit other crimes, including credit card fraud and terrorism
What is the CAN-SPAM Act?
Created in 2003.
Implements regulations for unsolicited email messages
What is the Fair and Accurate Credit Transactions Act (FACTA)?
Amends the fair credit reporting act (fcra) to require, among other things, that the three nationwide consumer reporting agencies (Equifax, Experian, and TransUnion) provides consumers, upon request a copy of their credit report once a year
What is the Protect Act?
Includes provisions to prohibit virtual child pornography
What is the Health Insurance Portability and Accountability Act (HIPAA)
Created in 2003
Includes a security rule that sets minimum security standards to protect health information stored electronically
What is the Homeland Security Act?
Created in 2002.
Includes provisions to combat cyberterrorism include ins protecting ISPs against lawsuits from customers for revealing private information to law enforcement agencies
What is the Serbanese-Oxley Act?
Created in 2002.
Requires archiving a variety of electronic records and protecting the integrity of corporate financial data
What is the USA Patriot Act?
Created 2001
Grants federal authority expanded surveillance and gathering power.
What is the Identity Theft and Assumption Deterrence Act of 1998?
Makes it a federal crime to knowingly use someone else’s Identity such as name , credit card numbers etc to commit a crime
What is the No Electronic Theft (NET) Act?
Created in 1997.
Expands computer piracy laws to include distribution of copyrighted material over the internet.
What is the National Information Infrastructure Protection Act?
Created in 1996
Amends the computer fraud and abuse act of 1984 to punish info theft crossing state lines and to crack down on network trespassing
What is the Computer Fraud and Abuse Act of 1984
Makes it a crime to break into computers owned by the federal government. This act has been regularly amended over the years as technology has changed