information security Flashcards
the quality or state of
being secure— to be free from danger
SECURITY
malware that comes with a downloaded file that a user
requests
Drive-by downloads
a computer program that has the ability to replicate or make copies of itself,
and spread to other files
Viruses
malware that is designed to spread from computer to computer
Worms-
malware that prevents you from accessing your computer or files and
demands that you pay a fine
Ransomware
appears to be benign, but then does something other than expected.
Often a way for viruses or other malicious code to be introduced into a computer system
Trojan horses
feature of viruses, worms, and Trojans that allows an attacker to remotely access a compromised computer
Backdoors
type of malicious code that can be covertly installed on a computer when
connected to the Internet.
Bot
collection of captured bot computers
Botnet
is a threat at both the client and the server levels, although servers
generally engage in much more thorough anti-virus activities than do consumers.
Malicious code
program that installs itself on a computer, typically without the user’s informed consent
Potentially unwanted programs (PUPs)
a PUP that serves pop-up ads to your computer
Adware
- a program that can monitor and change the settings of a user’s
browser
Browser parasites
a program used to obtain information such as a user’s keystrokes, e-mail,
instant messages, and so on
Spyware
any deceptive, online attempt by a third party to obtain confidential information for
financial gain
Phishing -
exploitation of human fallibility and gullibility to distribute
malware
Social engineering
an individual who intends to gain unauthorized access to a computer
system
Hackers
within the hacking community, a term typically used to denote a hacker
with criminal intent
Crackers
cybervandalism and data theft for political purposes
Hacktivism
-intentionally disrupting, defacing, or even destroying a site
Cybervandalism
considered the good guys because they follow the rules when it comes to hacking into systems without permission and obeying responsible disclosure laws
white hat
may have good intentions but might not disclose flaws for immediate fixes
prioritize their own perception of right versus wrong over what the law might say
gray hat
considered cybercriminals; they don’t lose sleep over whether or not something is illegal or wrong
exploit security flaws for personal or political gain–or for fun
black hat
common security threats
Malware
PUPs
Phishing
Hacking
Data breach
Sniffing
Insider attacks & unsecure software
Social network & mobile platform issues
types of malware
Drive-by downloads
Viruses
Worms
Ransomware
Trojan horses
Backdoors
Bot
types of PUPs
Adware
Browser parasites
Spyware
PUP stands for?
Potentially unwanted programs
types of phishing
Social engineering
types of hacking
Crackers
Hacktivism
Cybervandalism
types of data breach
Credit card fraud / theft
Identity fraud
Spoofing
Pharming
Spam
types of sniffing
Denial of Service (DOS) Attack
Distributed Denial of Service (DDOS) Attack
E-mail wiretaps
types of Insider
Attacks & Unsecured Software
SQL injection attack
Zero-day vulnerability
types of Social
Network & Mobile Platforms
Vishing
Smishing
Madware
occurs when an organization loses control over its information to outsiders
Data breach
- is one of the most feared occurrences on the Internet. Fear
that credit card information will be stolen prevents users from making online purchases in
many cases
Credit card fraud / theft
-involves the unauthorized use of another person’s personal data for
illegal
Identity fraud
involves attempting to hide a true identity by using someone else’s e-mail
or IP address
Spoofing
automatically redirecting a web link to an address different from the
intended one, with the site masquerading as the intended destination
Pharming
also referred to as link farms; promise to offer products or services, but in
fact are just collections of advertisements
Spam
-flooding a website with useless traffic to inundate and
overwhelm the network
Denial of Service (DOS) Attack
using numerous computers to attack
the target network from numerous launch points
Distributed Denial of Service (DDOS) Attack
DOS stands for
Denial of Service
DDOS stands for
Distributed Denial of Service
is a type of eavesdropping program that
monitors information traveling over a network
Sniffer
a method for recording or
journaling e-mail traffic generally at the mail server level from
any individual.
E-mail wiretaps
the largest financial threats to business institutions come not from robberies
but from embezzlement by insiders
Insider Attacks
takes advantage of poorly coded web application software that
fails to properly validate or filter data entered by a user on a web page
SQL injection attack
software vulnerability that has been previously unreported
and for which no patch yet exists
Zero-day vulnerability
target gullible cell phone users with verbal messages to call a
certain number
Vishing
exploit SMS/text messages
Smishing
innocent-looking apps that contain adware that launches pop-up ads
and text messages on your mobile device
Madware
security management (technology solutions)
authentication procedures
encryption
network security protocols
virtual private networks
firewalls
proxy servers
intrusion detection/prevention
automated software updates
anti-virus software
access controls`
information security
confidentiality
integrity
availability
threat to confidentiality
snooping
traffic analysis
threat to integrity
modification
masquerading
replaying
repudiation
threat to availability
denial of service
Protect devices, networks, programs, and data
from attacks and unauthorized access – cyber realm
Cybersecurity
Protecting the information regardless of the
realm – digital or analog
Information Security
a message in its natural format readable by an attacker; it is the original
message or data
Plaintext
a message altered to be unreadable by anyone except the intended
recipients.
Ciphertext –
– transforming the plaintext, under the control of the key
Encryption
it is the sequence that controls the operation and behavior of the cryptographic
algorithm
Key
transforming the ciphertext back to the original plaintext
Decryption
Any character of plain text from the given fixed set of characters is substituted by some other
character from the same set depending on a key
Substitution cipher
The Caesar Cipher is a substitution cipher, named after _____.
Julius Caesar
one which rearranges the order of the letters in the ciphertext
(encoded text), according to some predetermined method, without making any
substitutions.
transposition cipher
– the secret key is shared between two parties
Private key ciphers
the secret key is not shared and to parties can still communicate
using public keys.
Public key ciphers
A common method to create session keys in a distributed manner.
It provides a way for two parties to establish a shared secret key that only two parties
know – even communicating over an insecure channel.
Diffie-Hellman Algorithm
components of Cryptographic system
Plaintext
Ciphertext
Encryption
Key
Decryption
types of cipher
Private key ciphers
Public key ciphers
2 types of transposition cypher`
Rail fence cipher
Row transposition ciphers
