Lesson 2 Flashcards
The primary mission of information security is to…
…ensure that systems and their contents remain the same.
What are the four (4) important factors of information security?
Protecting the Functionality of an Organization
Enabling Safe Operation
Protecting Data
Safeguard Technology Assets
Shared by general management and IT management; addresses infosec in terms of business impact.
Protecting the Functionality of the Organization
Requires integrated, efficient, and capable applications; must protect critical applications (operating systems, electronic mail, instant messaging)
Enabling Safe Operation
Data provides record of transactions (e.g. banking), includes data in motion (online transactions) and data at rest (offline transactions).
Protecting Data
Must have secure infrastructure services.
Safeguard Technology Assets
More complex; additional service for larger businesses.
Public Key Infrastructure (PKI)
What are the twelve (12) categories of threats?
Acts of Human Error or Failure
Compromise to Intel. Property
Deliberate Acts of Espionage
Deliberate Acts of Information Extortion
Deliberate Acts of Sabotage or Vandalism
Deliberate Acts of Theft
Deliberate Software Attacks
Forces of Nature
Deviations in Quality or Service
Technical Hardware Failures
Technical Software Failures
Technological Obsolence
Includes viruses, worms, Trojan horses, active web scripts, state-of-the-art (polymorphic or multivector worms, CERT, Symantec, etc. warnings), has attack vectors (IP scan and attack, web browsing, unprotected shares, mass mail).
Malicious Code
Also referred to as trap doors; previously discovered access mechanisms to gain access to a system; left by system designers and maintenance staff; hard to detect.
Back Doors
Reverse-calculate a password; component of dictionary attacks.
Password Crack
Contains hashed representation of a user’s password.
Security Account Manager (SAM) File
Also called password attack: trying every combination for a password.
Brute Force Attack
Uses a list of commonly used passwords instead of random combinations.
Dictionary Attack
Overloads target with requests.
Denial of Service (DoS)
Sends many TCP connection requests; clogs server.
TCP SYN Flood Attack
Uses compromised machines called zombies to attack the target system.
Distributed Denial of Service (DDoS)
Sending messages to a computer using a source IP address that indicates the messages are coming from a trusted host.
Spoofing
Also called TCP Hijacking Attack; attacker sniffs packets from the network, modifies them, then inserts them back into the network; uses IP spoofing to allow a hijacker to eavesdrop.
Man-in-the-Middle Attack
Email DoS attack; social engineering and SMTP flaws.
Mail Bombing
Also called packet sniffers; program or device that can monitor data traveling over a network.
Sniffers
Using social skills to persuade people to reveal access credentials or other valuable information; impersonating someone higher; scam.
Social Engineering
Includes war driving, garbage diving, and tapping; through the use of physical means.
(Illegal) Physical Access
Illegal physical access through driving around, trying to catch a signal (can be wireless or non-wireless).
War Driving
Illegal physical access through disposed documents.
Garbage Diving
Illegal physical access through any cable that is not optical.
Tapping
Uses buffers; attackers can take advantage of this to cause unintended side effects.
Buffer Overflow
Used for data storage on a logical level (AKA queue in networking); implemented as arrays.
Buffer
Something bad happens when a certain time is reached; explores browser cache.
Timing Attack
A process of systematically scanning a computer system or network to identify open ports and services available on a host.
Port Scanning