Chapter 8 Flashcards
What is the importance behind information security?
Keep information safe
Control access to authorized people only
What are physical aspects of security?
lock doors
maintain control of devices
What are some aspects of online security?
Secure assembly language
Secure operating system
Secure network
Are threats online more or less dangerous than threats to physical items?
Online threats are often more dangerous
What are hackers generally after
easily accessible data
What is the purpose of identification?
establishing identity
What two pieces of information are generally required for authentication
Usernames and Passwords
How are password files usually secured
Using a hash function and one way encryption
What is an example of a hashfunction/one way encryption
Example: password = badboy2
Replace letters by numbers: 2 1 4 2 15 25 2
Add digits: 2 + 1 + 4 + 2 + 15 + 25 + 2 = 51
Remainder of sum/7: 51 mod 7 = 2
Add 1 and multiply by 9: (2 + 1) × 9 = 27
Reverse digits and convert to letters: 72 = gb
Is storing passwords in plaintext considered secure?
no
What occurs on login during the authentication process
Read username and password
Look up entry for username in a password file
Hash input password and compare
What is the more secure method of password storage
Keep password creation time
Add creation time to password before hashing
Identical passwords won’t hash to identical values
What are three common ways that passwords are targeted and attacked
- Guess password, brute force or from knowledge
- Steal password file and use password cracking software
- Social engineering: get a person to tell their password
What are some common ways to guess someones password or brute force it
Try common passwords (e.g,123456)
Try personal references (e.g., pet name)
Try all possible passwords (computationally difficult)
How does password cracking software work
Tries words and word combinations, millions of password possibilities per second
How do you use social engineering to attack someones password
get a person to tell password
What are some other authorization authentication methods
Answer personal information question
Biometric information (fingerprint or retinal scans)
One-time password scheme
Dual authentication
Describe the one-time password scheme
User enters ID and a partial password
System or user device generates last half of the password
Last half of the password is good for only a few seconds
Describe dual authentication
Temporary code or password is sent to a trusted device
What is authorization
set of permitted actions for each authorized person
What type of control access is maintained in the operating system
Read access (read a file) Write access (modify a file) Execute access (run a program) Delete access (remove a file)
What type of access does a system administrator or superuser have
They have universal access and can set up authorization
What is malware
malicious software arriving from the network
What is a virus
program embedded within another program or file, replicates itself and attacks other files
What is a worm
program that can send copies of itself to other nodes on the network
What is a trojan horse
program that seems beneficial but hides malicious code within it
What is a keystroke logger trojan horse
Records all keys typed
What is a keystroke drive-by-exploit/drive by download
Trojan horse downloaded by simply visiting an infected website
What does DOS stand for
Denial of service