Exam 1 Review (Module 1-3)

Question 1

What are the three security goals?

Answer 1

Confidentiality, Integrity, Availability

Question 2

people cannot read sensitive information, either while it is on a computer or while it is travelling across the network

Answer 2

Confidentiality

Question 3

Means that attackers cannot change or destroy information, either while it is travelling across a network. Or, at least, if information is changed or destroyed, then the receiver can detect the change or restore destroyed data

Answer 3

Integrity

Question 4

Means that people who are authorized to use information are not prevented from doing so

Answer 4

Availability

Question 5

Successful attacks

Also called incidents

Also called breaches

Answer 5

Compromises

Question 6

Tools used to thwart attacks

Also called safeguards, protections, and controls

Answer 6

Counter measures

Question 7

an attack that involves sending modified SQL statements to a web application that will, in turn, modify a database.

Answer 7

SQL injection

Question 8

A shared key for encryption and decryption

Answer 8

Symmetric

Question 9

Repeatedly guessing the password/key

Answer 9

Brute force attack

Question 10

Have knowledge of internal systems

Have permissions to access systems

Often know how to avoid detection

Generally are trusted

Answer 10

Ways employees and ex-employees are dangerous

Question 11

generic name for any “evil software”

Answer 11

Malware

Question 12

programs that attach themselves to legitimate programs on the victim’s machine

Spread today primarily by e-mail

Also by instant messaging, file transfers, etc.

Answer 12

Viruses

Question 13

do not attach themselves to other programs; can spread by email, instant messaging, and file transfers

Answer 13

worms

Question 14

worms that spread extremely rapidly because they do not have to wait for users to act

Answer 14

Direct-propagation worms

Question 15

Motivated by thrill, validation of skills, sense of power

Motivated to increase reputation among other hackers

Often do damage as a byproduct

Engage in petty crime

Answer 15

Traditional Hackers

Question 16

Call and ask for passwords and other confidential information

Email attack messages with attractive subjects

Piggybacking

Shoulder surfing

Pretexting

Often successful because it focuses on human weaknesses instead of technological weaknesses

Answer 16

Social engineering hacking

Question 17

Makes prosecution difficult​

Dupe citizens of a country into being transshippers of fraudulently purchased goods to the attacker in another country​

These are examples of…

Answer 17

Cybercrimes

Question 18

Using black market forums (stealing credit card numbers and identity information​,vulnerabilities​, Exploit software (often with update contracts) are used by …

Answer 18

Cybercriminals

Question 19

Attacks on confidentiality​

Public information gathering

Answer 19

Commercial Espionage

Question 20

May only be litigated if a company has provided reasonable protection for those secrets​

Reasonableness reflects the sensitivity of the secret and industry security practices​

Answer 20

Trade secret espionage

Question 21

-Trade secret theft approaches​
-Theft through interception, hacking, and other traditional cybercrimes​
-Bribe an employee​
-Hire your ex-employee and solicit or accept trade secrets​

These are examples of…

Answer 21

Commercial Espionage

Question 22

-Attacks on availability​
-Rare, but can be devastating

Answer 22

Denial-of-Service Attacks by Competitors

Question 23

Attacks by national governments

Answer 23

cyberwar

Question 24

attacks by organized terrorists

Answer 24

cyberterror

Question 25

• Jump to other computers w/o human intervention on receiving computer
• Computer must have vulnerability for this to work
• Spread extremely rapidly

Answer 25

Direct-Propagation worms

Question 26

• Program that replaces an existing system file, taking its name
• MASQUERADES AS A BENEFICIAL PROGRAM

Answer 26

Trojan Horses

Question 27

• Executable code on a webpage
• Executed automatically when the webpage is downloaded
• Javascript, Microsoft Active-X controls, etc.
• Does damage if computer has vulnerability

Answer 27

Mobile Code

Question 28

• Strong technical skills and dogged persistence
• Create hacker scripts to automate work
• Scripts also used to write viruses and other malware

Answer 28

Expert Attackers (Elite Hackers)

Question 29

• Use premade scripts to make attacks
• Low technical skill
• Dangerous b/c of large numbers

Answer 29

Script Kiddies

Question 30

Readable message

Answer 30

Plain text message

Question 31

Encrypted (unreadable) message

Answer 31

Ciphertext

Question 32

Process of transforming plain text into ciphertext for secure storage or communication

Answer 32

Encryption

Question 33

Process of transforming ciphertext message back to plain text message

Answer 33

Decryption

Question 34

Mathematical calculation used in encryption/decryption

Answer 34

Cryptographic algorithm