Lesson 2 Flashcards
The primary mission of information security is to…
…ensure that systems and their contents remain the same.
What are the four (4) important factors of information security?
Protecting the Functionality of an Organization
Enabling Safe Operation
Protecting Data
Safeguard Technology Assets
Shared by general management and IT management; addresses infosec in terms of business impact.
Protecting the Functionality of the Organization
Requires integrated, efficient, and capable applications; must protect critical applications (operating systems, electronic mail, instant messaging)
Enabling Safe Operation
Data provides record of transactions (e.g. banking), includes data in motion (online transactions) and data at rest (offline transactions).
Protecting Data
Must have secure infrastructure services.
Safeguard Technology Assets
More complex; additional service for larger businesses.
Public Key Infrastructure (PKI)
What are the twelve (12) categories of threats?
Acts of Human Error or Failure
Compromise to Intel. Property
Deliberate Acts of Espionage
Deliberate Acts of Information Extortion
Deliberate Acts of Sabotage or Vandalism
Deliberate Acts of Theft
Deliberate Software Attacks
Forces of Nature
Deviations in Quality or Service
Technical Hardware Failures
Technical Software Failures
Technological Obsolence
Includes viruses, worms, Trojan horses, active web scripts, state-of-the-art (polymorphic or multivector worms, CERT, Symantec, etc. warnings), has attack vectors (IP scan and attack, web browsing, unprotected shares, mass mail).
Malicious Code
Also referred to as trap doors; previously discovered access mechanisms to gain access to a system; left by system designers and maintenance staff; hard to detect.
Back Doors
Reverse-calculate a password; component of dictionary attacks.
Password Crack
Contains hashed representation of a user’s password.
Security Account Manager (SAM) File
Also called password attack: trying every combination for a password.
Brute Force Attack
Uses a list of commonly used passwords instead of random combinations.
Dictionary Attack
Overloads target with requests.
Denial of Service (DoS)