Chapter 8 Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

What is the importance behind information security?

A

Keep information safe

Control access to authorized people only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are physical aspects of security?

A

lock doors

maintain control of devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some aspects of online security?

A

Secure assembly language
Secure operating system
Secure network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Are threats online more or less dangerous than threats to physical items?

A

Online threats are often more dangerous

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are hackers generally after

A

easily accessible data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the purpose of identification?

A

establishing identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What two pieces of information are generally required for authentication

A

Usernames and Passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How are password files usually secured

A

Using a hash function and one way encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an example of a hashfunction/one way encryption

A

Example: password = badboy2
Replace letters by numbers: 2 1 4 2 15 25 2
Add digits: 2 + 1 + 4 + 2 + 15 + 25 + 2 = 51
Remainder of sum/7: 51 mod 7 = 2
Add 1 and multiply by 9: (2 + 1) × 9 = 27
Reverse digits and convert to letters: 72 = gb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Is storing passwords in plaintext considered secure?

A

no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What occurs on login during the authentication process

A

Read username and password
Look up entry for username in a password file
Hash input password and compare

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the more secure method of password storage

A

Keep password creation time
Add creation time to password before hashing
Identical passwords won’t hash to identical values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are three common ways that passwords are targeted and attacked

A
  • Guess password, brute force or from knowledge
  • Steal password file and use password cracking software
  • Social engineering: get a person to tell their password
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some common ways to guess someones password or brute force it

A

Try common passwords (e.g,123456)
Try personal references (e.g., pet name)
Try all possible passwords (computationally difficult)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does password cracking software work

A

Tries words and word combinations, millions of password possibilities per second

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How do you use social engineering to attack someones password

A

get a person to tell password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are some other authorization authentication methods

A

Answer personal information question
Biometric information (fingerprint or retinal scans)
One-time password scheme
Dual authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Describe the one-time password scheme

A

User enters ID and a partial password
System or user device generates last half of the password
Last half of the password is good for only a few seconds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Describe dual authentication

A

Temporary code or password is sent to a trusted device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is authorization

A

set of permitted actions for each authorized person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What type of control access is maintained in the operating system

A
Read access (read a file)
Write access (modify a file)
Execute access (run a program)
Delete access (remove a file)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What type of access does a system administrator or superuser have

A

They have universal access and can set up authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is malware

A

malicious software arriving from the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a virus

A

program embedded within another program or file, replicates itself and attacks other files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a worm

A

program that can send copies of itself to other nodes on the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is a trojan horse

A

program that seems beneficial but hides malicious code within it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is a keystroke logger trojan horse

A

Records all keys typed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is a keystroke drive-by-exploit/drive by download

A

Trojan horse downloaded by simply visiting an infected website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What does DOS stand for

A

Denial of service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What occurs during a denial of service attack

A

many computers try to access the same URL at the same time

31
Q

Why is a denial of service attack a problem

A

Clogs the network, prevents legitimate access, and causes the server to crash

Distributed DoS uses thousands of computers

32
Q

What is the use of a zombie army in a denial of service

A

Uses a zombie army (botnet): many innocent computers infected with malware

33
Q

What is phishing

A

Obtain sensitive information by impersonating legitimate sources

34
Q

What is the most common phishing technique

A

By email

35
Q

What are “white hats”

A

White hats are security experts and those who work to help protect systems from attackers.

36
Q

What are “black hats”

A

Black hats are individuals or groups who work toward getting around security to steal information, get money, or do other nefarious, immoral, and illegal acts.

37
Q

What is cryptography

A

science of “secret writing”

38
Q

What is encryption and decryption

A

Convert from plaintext to ciphertext and back again

39
Q

What is a symmetric encryption algorithm

A

A secret key shared by the sender and the receiver

Same key is used to encrypt and decrypt

40
Q

What are the two types of keys used in asymmetric encryption algorithm

A

Uses two keys: public and private

41
Q

What is the public key used for in asymmetric encryption algorithms

A

The public key (generally known) is used to encrypt

42
Q

What is the private key used for in asymmetric encryption algorithms

A

The private key (known only to the receiver) is to decrypt

43
Q

What is the caesar cipher (Shift cipher)

A

Map characters to others a fixed distance away in the alphabet - shift 3 characters forwards
Example: AE, BF, CG…UY, VZ, WA

44
Q

How does a stream cipher work

A

encode each character as it comes

45
Q

How does a substitution cipher work

A

Similar to a caesar cipher but implements other mapping techniques

46
Q

What are the pros of a substitution cipher

A

Easy and fast, can do it character by character

47
Q

What are the cons of a substitution cipher

A

Letter frequency, double letters, still pertain and make it easy to break

48
Q

What is a block cipher

A

Block of plaintext encoded into a block of ciphertext

Each character contributes to multiple characters

49
Q

Describe a (matrix based) block cipher

A

Group characters into blocks n characters long

Find invertible n by n matrix, M, and its inverse, M′ as keys

Map characters to letters A1, B2, etc.

Wrap values 26 and above back to zero: 260, 271, etc.

50
Q

What is the algorithm for encoding

A

Apply S mapping to plaintext block.
Multiply result times M, applying wraparound.
Apply S’ to the result.

51
Q

What is the algorithm for decoding

A

Apply S mapping to ciphertext block.
Multiply result times M’, applying wraparound.
Apply S’ to the result.

52
Q

What is the data encryption standard

A

Symmetric encryption algorithm

53
Q

What type of data was the data encryption standard designed for

A

Digital data

54
Q

What type of encryption standard was designed for plain text?

A

Binary String

55
Q

What does the Data encryption standard use as a key

A

Uses 64-bit binary key (56 bits actually used)

56
Q

How many rounds of manipulations does the data encryption standard perform

A

Sixteen rounds of the same series of manipulations

57
Q

How does decryption work with the data encryption standard

A

Decryption uses the same algorithm; keys in reverse

58
Q

Describe the efficiency, speed and drawbacks of using the data encryption standard

A

Fast and effective but requires shared key

56 bits is too small for modern technology

59
Q

What is similar and different about the advanced encryption standard

A

uses a similar approach; longer keys than the data encryption standard

60
Q

What are the manipulations that occur during the data encryption standard

A
Split string
Duplicating some bits
Omit some bits
Permute bit order
Combine bit strings with XOR (exclusive OR)
61
Q

How do you create a RSA key for public key systems

A

Pick 2 large prime numbers: p and q
Compute n = p× q, and m = (p - 1)× (q - 1)
Choose large number e at random so that e and m are relatively prime (no common factors except 1)
Find unique value d, between 0 and m, such that
(e × d) modulo m = 1
Public key = (n, e); Private key = d

62
Q

Describe the process of RSA encryption

A

Given public key (n, e)
Convert message to integer P
Calculate C = Pe modulo n

63
Q

Describe the process of RSA decryption

A

Given private key d

Calculate Cd modulo n

64
Q

What does ecommerce require

A

Ecommerce requires secure transmission of names, passwords, and credit card numbers

65
Q

What are the web protocols involved in ecommerce

A

SSL (Secure Sockets Layer) and TLS (Transport Layer Security)

66
Q

What occurs when SSL (Secure Sockets Layer) and TLS (Transport Layer Security)
are used

A

Client-server applications
Server provides certificate of authentication and server’s public key
Client sends its DES key, encrypted using RSA
Data is sent encrypted by the (now shared) DES key

67
Q

What are the general steps for web transmission security?

A
  1. client initiate TLS/SSL, request RSA/DES encryption
  2. Authentication certificate, acknowledge RSA/DES and server public key by web server
  3. client sends DES key, encrypted with server’s public key
  4. Web server sends acknowledgement encrypted with DES key
  5. SECURE DATA EXCHANGE BETWEEN CLIENT AND WEB SERVER
68
Q

What is an embedded computer

A

special-purpose, limited computers in other systems

69
Q

What are some examples of embedded computers

A

Examples: automobiles, smart appliances, remote controls, and patient monitoring systems

70
Q

What is the new trend with embedded computers

A

Connect embedded computers to a network to allow for the transmission of data and receive updates

71
Q

What could occur if embedded systems were targeted

A

Targeting embedded systems could cause chaos

Change thermostats, disrupt patient care, or disable aircraft or automobiles

72
Q

What is the most common asymmetric algorithm?

A

RSA is the most common asymmetric algorithm

73
Q

What are DES, AES based on (mathematically)

A

XOR (its true if an odd number are true, if it is an even number it isn’t true)