Chapter 5 Flashcards
software to detect and remove viruses and other malware
anti-virus
another term for public key encryption
asymmetric key encryption
establishing a user’s identity
authentication
method of by-passing security in a system, built in by the system designers
backdoor
process of registering a user for a biometric system by taking an initial sample
biometric enrolment
measurements taken from a biometric sample
biometric template
use of fingerprints, retina scans, or other body features as an authentication mechanism
biometrics
group of zombie computers under the control of a criminal
botnet
attempt to break a password by trying all possible combinations of letters, numbers, and symbols
brute force attack
system designed to create text that is unreadable to a computer but understandable to a person, to reduce spam
CAPTCHA
organization that issues digital certificates to individuals and companies
Certificate Authority
result of encrypting plaintext
ciphertext
UK law governing criminal offenses committed using a computer
Computer Misuse Act
another word for hacking
cracking
flooding a computer system with data so that it cannot respond to genuine users
Denial of Service Attack
attempt to break a password by trying all possible words
dictionary attack
technique used to authenticate remote users, such as online shopping businesses
digital signatures
denial of service attack committed using dozens of computers, usually zombies on a botnet
Distributed Denial of Service attack
technique used by criminals to alter domain name system (DNS) records and drive users from faking sites to committing phishing
DNS poisoning
program which automatically downloads when a user visits a webpage, usually without their knowledge or consent
drive-by download
system of encoding plaintext so that it cannot be understood with access to an encryption key
encryption
used to encrypt and decrypt data
encryption key
Extended Validation SSL; digital certificate validation technique used on the world wide web
EV SSL
when a system incorrectly rejects an action instead of accepting it
false negative
when a system incorrectly accepts an action instead of rejecting it
false positive
system that encrypts all data saved to a hard disk automatically and transparently
full disk encryption
gaining illegal access to a computer system
hacking
directory that contains a users personal files
home directory
secure version of HyperText Transfer Protocol (HTTP) which offers encrypted communication
HTTPS
stealing personal data in order to impersonate a person
identity theft
idea of having encryption keys stored by a third party company so the government can access them if needed
key escrow
software or hardware which records all key strokes on a computer system
key logger
a public key and private key that work together in a public encryption system
key pair
virus that takes advantage of the macro programming languages built into some software
macro virus
generic name for malicious software
malware
use of several authentication techniques together, such as passwords and security tokens
multi-factor authentication
password generated by a security token, which expires as soon as it is used
one time password
software or hardware used to collect data traveling over a network
packet sniffer
another word for password
passphrase
word or phrase used to authenticate a user
password
another word for DNS poisoning
pharming
use of fake emails and web sites to trick users into revealing sensitive data
phishing
locks, alarms, and other techniques used to secure a building or computer room
physical security
message before it is encrypted, or after it has been decrypted
plaintext
key used for decryption in a public key encryption system
private key
key used for encryption in a public key encryption system
public key
user with full control over a computer system
root user
type of malware which infiltrates the operating system and attempts to hide itself from view
rootkit
encryption system in which a single key is used for both encryption and decryption
secret key encryption
system used to encrypt https web traffic
Secure Socket Layer / Transport Layer Security
hardware device that must be present during login to authenticate a user
security token
software update to fix a security problem discovered in software
security update
phishing attacks committed using text messages (SMS)
smishing
tricking a user into revealing their password or other sensitive data
social engineering
unwanted, bulk email
spam
program that scans web pages for email address, in order to send spam
spam bot
program designed to identify and block spam messages while letting genuine messages through
spam filters
malware which covertly records a user’s actions, such as their key presses
spyware
another word for secret key encryption
symmetric key encryption
person in overall charge of a computer system in an organization
system administrator
malware which pretends to be a genuinely useful program to trick the user into using it
Trojan horse
gaining illegal access to a computer system
unauthorized access
computer program which damages files and data spreads when infected programs are copied
virus
used by anti-virus programs to recognize known viruses
virus definition file
phishing attacks committed using telephone calls or VoIP systems
vishing
software to scan a system for potential security problems
vulnerability scanner
technique used by spammers to detect if an email address is valid or not
web bug
Wired Equivalence Protocol; wireless network encryption system
WEP
malicious software which replicates itself and spreads between computer systems and over networds
worm
Wireless Protected Access; wireless network encryption system
WPA
Wireless Protected Access 2; wireless network encryption system
WPA2
computer which has been compromised by malware and is part of a botnet
zombie
