Lecture 2B Flashcards
?
is “the ownership of ideas and control over the tangible or virtual representation of those ideas”
Compromises to Intellectual property
Intellectual property
?, ??, ???, ????
(4) Many organizations are in business to create intellectual property
Compromises to Intellectual property
- trade secrets
- copyrights
- trademarks
- patents
Most common IP breaches involve ?
Compromises to Intellectual property
software piracy
?, ??
(2) Watchdog organizations investigate:
Compromises to Intellectual property
- Software & Information Industry Association (SIIA)
- Business Software Alliance (BSA)
Enforcement of ? has been attempted with technical security mechanisms
Compromises to Intellectual property
copyright
?
??, or acts of God are dangerous because they are unexpected and can occur with very little warning
Compromises to Intellectual property
- Forces of nature
- Force majeure
?
Can disrupt not only the lives of individuals, but also the storage, transmission, and use of information
Compromises to Intellectual property
Forces of nature
?
Include fire, flood, earthquake, and lightning as well as volcanic eruption and insect infestation
Compromises to Intellectual property
Forces of nature
?
Since it is not possible to avoid many of these threats, management must implement controls to limit damage and also prepare contingency plans for continued operations
Compromises to Intellectual property
Forces of nature
?
occur when a manufacturer distributes to users equipment containing flaws
Compromises to Intellectual property
Technical hardware failures or errors
?
These defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability
Compromises to Intellectual property
Technical hardware failures or errors
Some errors are ?, in that they result in the unrecoverable loss of the equipment
Technical hardware failures or errors
Compromises to Intellectual property
terminal
Some errors are ?, in that they only periodically manifest
themselves, resulting in faults that are not easily repeated
Technical hardware failures or errors
Compromises to Intellectual property
intermittent
This category of threats comes from purchasing software with ?
Technical hardware failures or errors
Compromises to Intellectual property
unrevealed faults
Large quantities of computer code are written, debugged, published, and sold only to determine that not all ? were resolved
Technical hardware failures or errors
Compromises to Intellectual property
bugs
Sometimes, unique combinations of certain software and hardware reveal ?
Technical hardware failures or errors
Compromises to Intellectual property
new bugs
Sometimes, these items aren’t errors, but are ? left by programmers for honest or dishonest reasons
Technical hardware failures or errors
Compromises to Intellectual property
purposeful shortcuts
?
When the infrastructure becomes antiquated or outdated, it leads to unreliable and untrustworthy systems
Compromises to Intellectual property
Technological Obsolescence
Management must recognize that when technology becomes outdated, there is a risk of ? integrity to threats and attacks
Compromises to Intellectual property
loss of data
Ideally, ? by management should prevent the risks from technology obsolesce, but when obsolescence is identified, management must take action
Compromises to Intellectual property
proper planning
An ? is the deliberate act that exploits vulnerability
Compromises to Intellectual property
attack
It is accomplished by a ? to damage or steal an organization’s information
or physical asset
Compromises to Intellectual property
threat-agent
An ? is a technique to compromise a system
Compromises to Intellectual property
exploit
A ? is an identified weakness of a controlled system whose controls are not present or are no longer effective
Compromises to Intellectual property
vulnerability
An ? is then the use of an exploit to achieve the compromise of a controlled system
Compromises to Intellectual property
attack
This kind of attack includes the execution of ?, ??, ???, and ???? with the intent to destroy or steal information
Compromises to Intellectual property
- viruses
- worms
- Trojan horses
- active web scripts
The state of the art in attacking systems in 2002 is the ? using up to six attack vectors to exploit a variety of vulnerabilities in commonly found information system devices
Compromises to Intellectual property
multi-vector worm
The state of the art in attacking systems in 2002 is the ? using up to six attack vectors to exploit a variety of vulnerabilities in commonly found information system devices
Compromises to Intellectual property
multi-vector worm
(23) Attack descriptions
Compromises to Intellectual property
- IP Scan Attack
- Web Browsing
- Virus
- Unprotected Shares
- Mass Mail
- Simple Network Management Protocol
- Hoaxes
- Back Doors
- Password Crack
- Brute Force
- Dictionary
- Denial-of-service (DoS)
- Distributed Denial-of-service (DDoS)
- Spoofing
- Man-in-the-Middle
- Spam
- Mail-bombing
- Sniffers
- Social Engineering
- Brick Attack
- Buffer Overflow
- Ping of Death Attacks
- Timing Attack
Compromised system scans random or local range of IP addresses and targets any of several vulnerabilities known to hackers or left over from previous exploits
Compromises to Intellectual property
IP Scan and Attack
If the infected system has write access to any Web pages, it makes all Web content files infectious, so that users who browse to those pages become infected
Compromises to Intellectual property
Web Browsing
Each infected machine infects certain common executable or script files on all computers to which it can write with virus code that can cause infection
Compromises to Intellectual property
Virus
using file shares to copy viral component to all reachable locations
Compromises to Intellectual property
Unprotected Shares
sending e-mail infections to addresses found in address book
Compromises to Intellectual property
Mass Mail
SNMP vulnerabilities used to compromise and infect
Compromises to Intellectual property
Simple Network Management Protocol
A more devious approach to attacking computer systems is the transmission of a virus hoax, with a real virus attached
Compromises to Intellectual property
Hoaxes
Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource
Compromises to Intellectual property
Back Doors
Attempting to reverse calculate a password
Compromises to Intellectual property
Password Crack
The application of computing and network resources to try every possible combination of options of a password
Compromises to Intellectual property
Brute Force
The dictionary password attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) to guide guesses
Compromises to Intellectual property
Dictionary
attacker sends a large number of connection or information requests to a target
Compromises to Intellectual property
Denial-of-service (DoS)
so many requests are made that the target system cannot handle them successfully along with other, legitimate requests for service
Compromises to Intellectual property
Denial-of-service (DoS)
may result in a system crash, or merely an inability to perform ordinary functions
Compromises to Intellectual property
Denial-of-service (DoS)
an attack in which a coordinated stream of requests is launched against a target from many locations at the same time
Compromises to Intellectual property
Distributed Denial-of-service (DoS)
technique used to gain unauthorized access whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host
Compromises to Intellectual property
Spoofing
an attacker sniffs packets from the network, modifies them, and inserts them back into the network
Compromises to Intellectual property
Man-in-the-Middle
unsolicited commercial e-mail - while many consider spam a nuisance rather than an attack, it is emerging as a vector for some attacks
Compromises to Intellectual property
Spam
another form of e-mail attack that is also a DoS, in which an attacker routes large quantities of e-mail to the target
Compromises to Intellectual property
Mail-bombing
a program and/or device that can monitor data traveling over a network
Compromises to Intellectual property
Sniffers
can be used both for legitimate network management functions and for stealing information from a network
Compromises to Intellectual property
Sniffers
within the context of information security, the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker
Compromises to Intellectual property
Social Engineering
“? are the weakest link. You can have the best technology; firewalls, intrusion-detection systems, biometric devices … and somebody can call an unsuspecting employee. That’s all she wrote, baby. They got everything.”
Compromises to Intellectual property
People
the best configured firewall in the world can’t stand up to a well placed brick
Compromises to Intellectual property
Brick attack
application error occurs when more data is sent to a buffer than it can handle
Compromises to Intellectual property
Buffer Overflow
when the buffer overflows, the attacker can make the target system execute instructions, or the attacker can take advantage of some other unintended consequence of the failure
Compromises to Intellectual property
Buffer Overflow
Usually the attacker fill the overflow buffer with executable program code to elevate the attacker’s permission to that of an administrator
Compromises to Intellectual property
Buffer Overflow
A type of DoS attack. Attacker creates an ICMP packet that is larger than the maximum allowed 65,535 bytes
Compromises to Intellectual property
Ping of Death Attacks
The ? is fragmented into smaller packets and reassembled at its destination.
Ping of Death Attacks
Compromises to Intellectual property
large packet
Destination user cannot handle the reassembled oversized packet, thereby causing the system to ?
Ping of Death Attacks
Compromises to Intellectual property
crash or freeze
relatively new. works by exploring the contents of a web browser’s cache
Compromises to Intellectual property
Timing Attack
can allow collection of information on access to password-protected sites
Compromises to Intellectual property
Timing Attack
another attack by the same name involves attempting to intercept cryptographic elements to determine keys and encryption algorithms
Compromises to Intellectual property
Timing Attack
