Chapter 8 Flashcards

1
Q

What is the importance behind information security?

A

Keep information safe

Control access to authorized people only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are physical aspects of security?

A

lock doors

maintain control of devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are some aspects of online security?

A

Secure assembly language
Secure operating system
Secure network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Are threats online more or less dangerous than threats to physical items?

A

Online threats are often more dangerous

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are hackers generally after

A

easily accessible data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the purpose of identification?

A

establishing identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What two pieces of information are generally required for authentication

A

Usernames and Passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How are password files usually secured

A

Using a hash function and one way encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an example of a hashfunction/one way encryption

A

Example: password = badboy2
Replace letters by numbers: 2 1 4 2 15 25 2
Add digits: 2 + 1 + 4 + 2 + 15 + 25 + 2 = 51
Remainder of sum/7: 51 mod 7 = 2
Add 1 and multiply by 9: (2 + 1) × 9 = 27
Reverse digits and convert to letters: 72 = gb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Is storing passwords in plaintext considered secure?

A

no

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What occurs on login during the authentication process

A

Read username and password
Look up entry for username in a password file
Hash input password and compare

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the more secure method of password storage

A

Keep password creation time
Add creation time to password before hashing
Identical passwords won’t hash to identical values

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are three common ways that passwords are targeted and attacked

A
  • Guess password, brute force or from knowledge
  • Steal password file and use password cracking software
  • Social engineering: get a person to tell their password
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are some common ways to guess someones password or brute force it

A

Try common passwords (e.g,123456)
Try personal references (e.g., pet name)
Try all possible passwords (computationally difficult)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does password cracking software work

A

Tries words and word combinations, millions of password possibilities per second

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How do you use social engineering to attack someones password

A

get a person to tell password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are some other authorization authentication methods

A

Answer personal information question
Biometric information (fingerprint or retinal scans)
One-time password scheme
Dual authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Describe the one-time password scheme

A

User enters ID and a partial password
System or user device generates last half of the password
Last half of the password is good for only a few seconds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Describe dual authentication

A

Temporary code or password is sent to a trusted device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is authorization

A

set of permitted actions for each authorized person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What type of control access is maintained in the operating system

A
Read access (read a file)
Write access (modify a file)
Execute access (run a program)
Delete access (remove a file)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What type of access does a system administrator or superuser have

A

They have universal access and can set up authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is malware

A

malicious software arriving from the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a virus

A

program embedded within another program or file, replicates itself and attacks other files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is a worm
program that can send copies of itself to other nodes on the network
26
What is a trojan horse
program that seems beneficial but hides malicious code within it
27
What is a keystroke logger trojan horse
Records all keys typed
28
What is a keystroke drive-by-exploit/drive by download
Trojan horse downloaded by simply visiting an infected website
29
What does DOS stand for
Denial of service
30
What occurs during a denial of service attack
many computers try to access the same URL at the same time
31
Why is a denial of service attack a problem
Clogs the network, prevents legitimate access, and causes the server to crash Distributed DoS uses thousands of computers
32
What is the use of a zombie army in a denial of service
Uses a zombie army (botnet): many innocent computers infected with malware
33
What is phishing
Obtain sensitive information by impersonating legitimate sources
34
What is the most common phishing technique
By email
35
What are "white hats"
White hats are security experts and those who work to help protect systems from attackers.
36
What are "black hats"
Black hats are individuals or groups who work toward getting around security to steal information, get money, or do other nefarious, immoral, and illegal acts.
37
What is cryptography
science of “secret writing”
38
What is encryption and decryption
Convert from plaintext to ciphertext and back again
39
What is a symmetric encryption algorithm
A secret key shared by the sender and the receiver | Same key is used to encrypt and decrypt
40
What are the two types of keys used in asymmetric encryption algorithm
Uses two keys: public and private
41
What is the public key used for in asymmetric encryption algorithms
The public key (generally known) is used to encrypt
42
What is the private key used for in asymmetric encryption algorithms
The private key (known only to the receiver) is to decrypt
43
What is the caesar cipher (Shift cipher)
Map characters to others a fixed distance away in the alphabet - shift 3 characters forwards Example: AE, BF, CG…UY, VZ, WA
44
How does a stream cipher work
encode each character as it comes
45
How does a substitution cipher work
Similar to a caesar cipher but implements other mapping techniques
46
What are the pros of a substitution cipher
Easy and fast, can do it character by character
47
What are the cons of a substitution cipher
Letter frequency, double letters, still pertain and make it easy to break
48
What is a block cipher
Block of plaintext encoded into a block of ciphertext | Each character contributes to multiple characters
49
Describe a (matrix based) block cipher
Group characters into blocks n characters long Find invertible n by n matrix, M, and its inverse, M′ as keys Map characters to letters A1, B2, etc. Wrap values 26 and above back to zero: 260, 271, etc.
50
What is the algorithm for encoding
Apply S mapping to plaintext block. Multiply result times M, applying wraparound. Apply S’ to the result.
51
What is the algorithm for decoding
Apply S mapping to ciphertext block. Multiply result times M’, applying wraparound. Apply S’ to the result.
52
What is the data encryption standard
Symmetric encryption algorithm
53
What type of data was the data encryption standard designed for
Digital data
54
What type of encryption standard was designed for plain text?
Binary String
55
What does the Data encryption standard use as a key
Uses 64-bit binary key (56 bits actually used)
56
How many rounds of manipulations does the data encryption standard perform
Sixteen rounds of the same series of manipulations
57
How does decryption work with the data encryption standard
Decryption uses the same algorithm; keys in reverse
58
Describe the efficiency, speed and drawbacks of using the data encryption standard
Fast and effective but requires shared key | 56 bits is too small for modern technology
59
What is similar and different about the advanced encryption standard
uses a similar approach; longer keys than the data encryption standard
60
What are the manipulations that occur during the data encryption standard
``` Split string Duplicating some bits Omit some bits Permute bit order Combine bit strings with XOR (exclusive OR) ```
61
How do you create a RSA key for public key systems
Pick 2 large prime numbers: p and q Compute n = p× q, and m = (p - 1)× (q - 1) Choose large number e at random so that e and m are relatively prime (no common factors except 1) Find unique value d, between 0 and m, such that (e × d) modulo m = 1 Public key = (n, e); Private key = d
62
Describe the process of RSA encryption
Given public key (n, e) Convert message to integer P Calculate C = Pe modulo n
63
Describe the process of RSA decryption
Given private key d | Calculate Cd modulo n
64
What does ecommerce require
Ecommerce requires secure transmission of names, passwords, and credit card numbers
65
What are the web protocols involved in ecommerce
SSL (Secure Sockets Layer) and TLS (Transport Layer Security)
66
What occurs when SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are used
Client-server applications Server provides certificate of authentication and server’s public key Client sends its DES key, encrypted using RSA Data is sent encrypted by the (now shared) DES key
67
What are the general steps for web transmission security?
1. client initiate TLS/SSL, request RSA/DES encryption 2. Authentication certificate, acknowledge RSA/DES and server public key by web server 3. client sends DES key, encrypted with server's public key 4. Web server sends acknowledgement encrypted with DES key 5. SECURE DATA EXCHANGE BETWEEN CLIENT AND WEB SERVER
68
What is an embedded computer
special-purpose, limited computers in other systems
69
What are some examples of embedded computers
Examples: automobiles, smart appliances, remote controls, and patient monitoring systems
70
What is the new trend with embedded computers
Connect embedded computers to a network to allow for the transmission of data and receive updates
71
What could occur if embedded systems were targeted
Targeting embedded systems could cause chaos | Change thermostats, disrupt patient care, or disable aircraft or automobiles
72
What is the most common asymmetric algorithm?
RSA is the most common asymmetric algorithm
73
What are DES, AES based on (mathematically)
XOR (its true if an odd number are true, if it is an even number it isn't true)