Info Systems Exam 2 Flashcards
Computer security, cybersecurity or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
Cyber Security
Bad things happen online
Spyware SPAM Vishing
Adware Phishing Smishing
Malware Pharming Spear Phishing
Hackers are not all the same
Script Kiddies
Sophisticated Networks
White Hats
Criminal Organizations
Black Hats
Government Sponsored
Happens to Everyone
The question is not “Have we been hacked”
The right question is “To what extent have we been hacked, and how vulnerable are we going forward.”
How do we respond / position ourselves. PR.
You can not protect against all attacks…
You should still protect yourself from attacks.
Make sure you are a difficult target.
Target hardening
Ways to Cause Issues - warez
Sniffing AirSnort
Spoofing Altering Packet Headers
Attacks - Offense
DoS
DDoS
Cain and Abel (Man in the middle)
Commonly associated with hotels
Brute Force Attack
Attacks - Offense 2
Viruses Blended
Worms Logic Bombs
Trojan Horses Ransomware
Social Engineering Backdoors
SQL Injection
Segments - where
network
drive
app or OS
Segments - How
social engineering
technology- 0s and 1s
Policies- Exploits
Segments - What happens
reveal secrets
Change data
Prevent Access
Some Things To Do - Defense
Biometrics - fingerprints / eye scans / gait / size
Mantraps - think airlock - 2 doors, 1 at a time
Firewalls - so many meanings
Intrusion Detection Systems - IDS
“Air Gap” - talk about stuxnet
Defense
Policies and Procedures
Audit and test
User Training
Recurring and everyone
Honeypot - Defense
A honeypot is setup to detect, and then mitigate attacks.
Think of fake email accounts used on common sites to see if they start to receive attacks after visiting a potentially dangerous site.
Password Policies
Complexity / Length / Strength
Frequency of change
Proper care for Passwords - KeePass
you are who you claim to be
Authentication
you have access some things
Authorization
e-Commerce Three step process:
Authentication - validates identity
Confirmation - sender gets a receipt
Non Repudiation - no backing out of the deal
Return to previous state
Disaster Recovery
Keep going forward
Business Continuity
Backups Cold Swap
Hot Swap SneakerNet
is a set of one or more fields/columns that can identify a record uniquely in a table. There can be multiple ___ Keys in one table. Each ____ Key could work as the Primary Key.
Candidate Key
s a set of one or more fields/columns of a table that uniquely identify a record in database table. It can not accept null as a value. No duplicate values.
Primary Key
is a key that can be work as a primary key. Basically it is a candidate key that currently is not defined as the primary key.
Alternate / Alternative Key
is a combination of more than one fields/columns of a table. Any of the other keys can be a ____ key simply by including multiple fields.
Composite / Compound Key
is a set of one or more fields/columns of a table that uniquely identify a record in database table. It is like Primary key but it can accept only one null value and it can not have duplicate values.
Unique Key
is a field (or set of fields) in a database table that is the primary key in another table. It can accept multiple null, duplicate values.
Foreign Key
Any key that is comprised of data that exists in the real world - not system generated.
Natural Key
A system generated key. Typically incremented integers…. 1 2 3 4
Surrogate or Artificial Key
UUID and GUID
Universal Unique Identifier
Globally Unique Identifier - MS’s UUID
Issues around data
Legal What the government cares about
Professional Organizations and compliance
Ethical Balancing costs and benefits
Standards Many different levels
Personal What do you care about?
Guidance Pythonic, for example
All kinds of language
EULA
Acceptable Usage Policies
Good Actor Policies
Policies and Procedures - operations - NOCs
Non Repudiation - No opting out
Compliance / Standards
PCI - PCI DSS: Payment Card Information
Data Security Standard
SAS 70 → SSAE 16: Auditing and reporting standards for service organizations
NDA
Non Disclosure Agreements
Non Competes -
Limited Time
Limited Market - Geography
Limited Market - Business Segment
SLA
Service Level Agreement
We will try very hard to meet an agreed to standard
SLO
Service Level Objective
We will deliver on the standard or we will pay a penalty
SLI
Service Level Indicator
We will measure ____ to see if we are in compliance
IP - Not just an address
Intellectual Property - who owns the code and what can they do with it?
What can you patent?
Globalization - The World Is Flat
Friedman defines 10 “Flatteners”:
Outsourcing Informing Supply Chaining
Offshoring Nearshoring Workflow
Insourcing Uploading Netscape
The Dangers of Consulting
Partnering and clear divisions of responsibility can be very useful - they can also lead to something called “The clay layer”, as demonstrated in the video below.
Sharing browsing history / viewing data among many major sites provides for analytics and tailored advertisements.
You can see this: Browse “porter cable air compressors” on Amazon and see how long it takes to show up on other sites you visit.
Tracking
A simple idea that snowballs into massive data capture and marketing.
Small amount of data stored locally on the client browser between sessions. Browsers can remember things - so nice.
Cookies
A way to understand a sequence of website requests as a single context.
Connecting data across multiple requests, so they can provide a unified experience for the end user.
Session
A record of each request made to a server.
It ends up looking just like a database table
Log Files
Moving data from one location to another
Data Communication
Bandwidth
Broadband - multiple signals at once, reassembled at the other end
Narrowband - ordered, much smaller capacity
As the communication travels further, it loses signal strength
Attenuation:
Used to connect to the network - mostly built into routers.
Modem:
very simple devices - not sophisticated
Hubs
smarter than hubs, same thing
Switches
Knows about other networks
Routers -
Manages connection to your ISP (most corporate routers do this)
Modems
Types of connection
From a Book -
Conducted - physical connections
STP / UTP / Coaxial / Fiber (Fiber Optic)
Radiated - wireless
Frequency ranges / Microwave / Satellite
how will the “handshake” be defined? What are you expecting the messages to look like?
What is the agreed upon sequence of things?
Protocols
Running Out of Addresses
NIC - Network Interface Card
IP Addresses vs MAC addresses
IPv4 - IPv6
LAN / MAN / WAN
The dominant model is called 3-Tier or N-Tier
N-Tier means there can be many, many layers
Client Server
Wiring & Convergence
RJ-11 - 4 wires - voice
RJ-45 - 8 wires - data - A quick walkthrough
Cat5 / Cat5e / Cat6
different kinds of network cables LINK
Convergence - single cable, all the data!
Where it started
1969 - ARPNET - US Defense Department
1980’s - The Internet
1989 - The World Wide Web
1992 - First visual web browser
The Basic Building Blocks:
Internet vs The Web
Internet = Connected computers
The Web = Connected documents
The Basic Building Blocks
The Backbone - Core connections
HTML - a standard format / language
Search - A way to find “things”
.com / .org / .net / .mil / .edu
Now it is the wild west - so many TLD
TLD - Top Level Domains
