Introduction to Security Plus Flashcards
AAA
authentication, authorization, and accounting
Authentication
When a person’s identity is established with proof and confirmed by a system.
Typically, this requires a digital identity of some sort, username/password, or other authentication scheme
Authorization:
When a user is given access to certain data or areas of a building.
Authorization happens after authentication and can be determined in several ways, including permissions, access control lists, time-of-day restrictions, and other login and physical restrictions
Accounting
The tracking of data, computer usage, and network resources.
Often it means logging, auditing, and monitoring of the data and resources.
Accountability is quickly becoming more important in today’s secure networks.
Part of this concept is the burden of proof. You as the security person must provide proof if you believe that someone committed an unauthorized action.
When you have indisputable proof of something users have done and they cannot deny it, it is known as non-repudiation
Malicious software
Known as malware, this includes computer viruses, worms, Trojan horses, spyware, rootkits, adware, and other types of unwanted software.
Everyone has heard of a scenario in which a user’s computer was compromised to some extent due to malicious software
Unauthorized access
Access to computer resources and data without consent of the owner. It might include approaching the system, trespassing, communicating, storing and retrieving data, intercepting data, or any other methods that would interfere with a computer’s normal work.
Access to data must be controlled to ensure privacy. Improper administrative access falls into this category as well.
System failure
Computer crashes or individual application failure.
This can happen due to several reasons, including user error, malicious activity, or hardware failure.
Social engineering
The act of manipulating users into revealing confidential information or performing other actions detrimental to the user. Almost everyone gets e-mails nowadays from unknown entities making false claims or asking for personal information (or money!); this is one example of social engineering.
When creating the security plan, some IT professionals divide the plan int three categories of controls as follows:
Physical: Things such as alarm systems, surveillance cameras, locks, ID cards,
security guards, and so on.
Technical: Items such as smart cards, access control lists (ACLs), encryption, and network authentication.
Administrative: Various policies and procedures, security awareness training, contingency planning, and disaster recovery plans (DRPs). Administrative controls can also be broken down into two subsections: procedural controls and legal/regulatory controls.
Anti-malware software
Anti-malware protects a computer from the various forms of malware and, if necessary, detects and removes them.
Types include antivirus and anti-spyware software.
Well-known examples include programs from Symantec and McAfee, as well as Microsoft’s Windows Defender. Nowadays, a lot of the software named “antivirus” can protect against spyware and other types of malware as well
Data backups
: Backups won’t stop damage to data, but they can enable you to recover data after an attack or other compromise, or system failure. From programs such as Windows Backup and Restore and programs such as IBM’s Tivoli and Symantec’s Backup Exec, data backup is an important part of security. Note that fault-tolerant methods such as RAID 1, 5, and 6 are good preventative measures against hardware failure but might not offer protection from data corruption or erasure (We will cover RAID in future classes)
Encryption
The act of changing information using an algorithm (known as a cipher) to make that information unreadable to anyone except users who possess the proper “key”. Examples of this include wireless sessions encrypted with Advanced Encryption Standard (AES), web pages encrypted with HTTP Secure (HTTPS), and e-mails encrypted with Secure/Multipurpose Internet Mail Extensions (S/MIME) or Pretty Good Privacy (PGP).
Data removal
Proper data removal goes far beyond file deletion or the formatting of digital media. The problem with file deletion/formatting is data remanence , or the residue, left behind, from which re-creation of files can be accomplished by some less-than-reputable people with smart tools. Companies typically employ one of three options when met with the prospect of data removal: clearing, purging (also known as sanitizing), and destruction
White hats
: These people are non-malicious; for example, an IT person who attempts to “hack” into a computer system before it goes live to test the system.
Generally, the person attempting the hack has a contractual agreement with the owner of the resource to be hacked.
White hats often are involved in something known as ethical hacking.
ethical hacker
is an expert at breaking into systems and can attack systems on behalf of the system’s owner and with the owner’s consent. The ethical hacker uses penetration testing and intrusion testing to attempt to gain access to a target network or system.
Black hats
: These are malicious individuals who attempt to break into computers and computer networks without authorization.
Black hats are the ones who attempt identity theft, piracy, credit card fraud, and so on. Penalties for this type of activity are severe, and black hats know it; keep this in mind if and when you come into contact with one of these seedy individuals—they can be brutal, especially when cornered. Of course, many vendors try to make the term “black hat” into something cuter and less dangerous.
But for the purposes of this book and your job security, we need to speak plainly, so here we will consider a black hat to be a malicious individual.
Gray hats
These are possibly the most inexplicable people on the planet.
They are individuals who do not have any affiliation with a company but risk breaking the law by attempting to hack a system and then notify the administrator of the system that they were successful in doing so—just to let them know! Not to do anything malicious (other than breaking in…).
Some gray hats offer to fix security vulnerabilities at a price, but these types are also known as green hats or mercenaries
Blue hats
These are individuals who are asked to attempt to hack into a system by an organization, but the organization does not employ them.
The organization relies on the fact that the person simply enjoys hacking into systems. Usually, this type of scenario occurs when testing systems
Elite
Elite hackers are the ones who first find out about vulnerabilities.
Only 1 out of an estimated 10,000 hackers wears the Elite hat—and I say that figuratively.
The credit for their discoveries is usually appropriated by someone else more interested in fame. Many of these types of individuals don’t usually care about “credit due” and are more interested in anonymity—perhaps a wise choice.
You do not want to get on an Elite hacker’s bad side; they could crumple most networks and programs within hours if they so desired
