Chapter 5: Security Flashcards

1
Q

4 Costs of Cyber crime

A
  1. Stolen identities, intellectual property, trade secrets
  2. Damaged reputations
  3. Cost of upgrading security after an attack
  4. Opportunity costs associated with downtime, lost trust, loss of sensitive business information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Spyware

A
  • Software that secretly gathers information about users while they browse the web
  • Install antivirus or anti spyware software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Adware

A
  • Type of spyware that collects information about the user to determine which advertisements to display in the user’s Web browser
  • Install ad-blocking feature
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Phishing

A
  • Sending fraudulent e-mails that seem to come from legitimate sources that direct recipients to false Web sites to capture private information
  • Provides http address and attaches file
  • User types in password
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Pharming

A
  • Hijacking and altering the Internet Patrol (IP) address of an official Web site
  • Users who enter the correct Web address are directed to the pharmer’s fraudulent Web site
  • Similar to phishing, it directs internet users to fraudulent web sites with the intention of stealing their personal information, such as social security numbers, passwords, bank account numbers, and credit card numbers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Baiting

A

Similar to phishing (sending emails to fake websites) but the the baiter promises something to the recipient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Quid pro quo

A
  • Hacker requests the exchange of critical data or login information in exchange for a service or prize
  • Requests exchange of data or login information for service or prize
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Keystroke Loggers

A
  • Know everything that you are typing by reading key strokes
  • Monitor and record keystrokes
  • Can be software or hardware
  • Prevented by antivirus and anti spyware programs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Sniffing

A

Intercepts information by recording and capturing network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Spoofing

A

Poses as an authorized user to find information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Computer fraud

A

Unauthorized use of computer data for personal gain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

CIA Triangle

A
  1. Confidentiality: Disclosing information from unauthorized users
  2. Integrity: Accuracy of information
  3. Availability: Authorized users can access information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Virus

A
  • Attaches itself to other programs or files, cycle continues
  • Not independent
  • Triggered by specific time or event
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Worm

A
  • Take up space and makes computer unable to work properly
  • Does not usually erase data
  • Independent programs that spread themselves without having to be attacked to a host program
  • Multiple, replicates, takes computer resources (space)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Logic bombs

A
  • Sits in system and waits to be activated
  • Type of trojan program
  • Releases virus, worm, or other destructive code
  • If-then statement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Trojan program

A
  • Contain code intended to disrupt a computer, network, or Web site
  • Hidden inside a popular program
17
Q

Denial of service (DoS)

A

Flooding a network or server with service requests to prevent user from accessing the system

18
Q

Mirror disks

A

Back up disk

19
Q

Uninteruptable power supply (UPS)

A

Back up battery like generator

20
Q

Fraud tolerant systems

A

Ensures availability in the event of a system failure by using a combination of hardware and software

21
Q

Backdoor (trapdoor)

A

Allows the designer to bypass system security and sneak into the system later to access programs or files

22
Q

Blended threat

A

Security threat that combines the characteristics of computer viruses, worms, and other malicious codes found on public and private networks.

23
Q

Botnet

A

Type of internal threat (Denial of service DoS) attack that includes a network of computer and loT (internet of things: interrelated computing devices) devices infected with malicious software

24
Q

Telephony denial of service (TDoS) attacks

A

Use high volumes of automated calls to tie up a target phone system, halting incoming and outgoing calls

25
Q

Intentional Threats: Social Engineering

A

Using “people skills” to trick others into revealing private information

26
Q

Biometric Security Measures

A
  • Use a physiological element unique to a person that cannot be stolen, lost, copied, or passed on to others
  • Ex: Facial recognition, fingerprints, hand, eye, palm, signature, vein and voice recognition
27
Q

Nonbiometric Security Measures (3 of them)

A

1) Callback modems: Logs user off after and calls them back later to try again
2) Firewall: Wall/barrier that protects private network
3) Intrusion detection system: In front of a firewall, identifies attacks and alarms network administrator

28
Q

Nonbiometric Security Measure: Callback Modems

A

Verifies whether a user’s access is valid by logging the user off and then calling the user back at a predetermined number

29
Q

Nonbiometric Security Measure: Firewall

A
  • Firewall acts as a filter between a private network and external networks
  • Network administrator defines rules for access, and all other data transmissions are blocked
  • Wall/barrier that protects private network against external access
  • Protects data that goes in and out of network
  • Types: Packet-filtering firewalls, application-filtering firewalls, and proxy servers (software that acts as an intermediary between 2 systems such as the user and the internet)
  • Private network -> outgoing data -> firewall -> internet
  • Internet -> incoming data -> firewall -> private network
30
Q

Nonbiometric Security Measure: Intrusion Detection System (IDS)

A
  • Protects against external and internal access
  • Placed in front of a firewall
  • Can identify attack signatures, trace patterns, and alarms the network administrator
  • Causes routers to terminate connections with suspicious sources
  • Prevents DoS attacks
31
Q

Physical Security Measures

A
  • Control access to computers and networks and include devices for securing computers and peripherals from theft
  • Ex: Cable shielding, room ceiling, corner bolts and steel encasements, electronic trackers, ID badges, proximity release door openers
32
Q

Access Controls

A
  • Designed to protect systems from unauthorized access in order to preserve data integrity
  • 2 Types:
    1) Terminal resource security: Erases the screen and signs the user off automatically after a specified length of inactivity
    2) Passwords: Combination of numbers, characters, and symbols that is entered to allow access to a system
33
Q

Virtual Private Network (VPN)

A
  • Provides a secure “tunnel” through the Internet for transmitting messages and data via a private network
  • Used so that remote users have a secure connection to the organization’s network
  • Used to provide security for extranets (blend of internet, public network and intranet, private network)
  • Data is encrypted (coded) before sent through tunnel
34
Q

E-Commerce Transaction Security Measures

A

Concerned with the issues such as:

1) Confidentiality
2) Authentication
3) Integrity
4) Nonrepudiation of origin
5) Nonrepudiation of receipt

35
Q

Computer Emergency Response Team (CERT)

A
  • Focuses on security breaches and DoS attacks

- Offers guidelines on handling or preventing attacks

36
Q

Business Continuity Planning

A
  • Outlines procedures for keeping a firm operational in the event of a natural disaster or network attack
  • Disaster recovery plan: Lists the tasks that must be performed to restore damaged data and equipment and steps to prepare for disaster