Midterms Flashcards
this stands for malicious software. it is designed to gain access to a computer without the consent of the user
malware
they perform unwanted tasks in the host computer for the benefit of a third party
malware
special type of malware used for forced advertising. supported by the organizations whose products are advertised
adware
malicious software downloaded along with the free software on the internet and installed in the computer without the user’s knowledge.
browser hijacking software
this modifies the browsers setting and redirect links to other unintentional sites
browser hijacking software
installed in the target computer with or without the user permission and is designed to steal sensitive information from the target machine
spyware
this is a malicious code written to damage/harm the computer by deleting or appending a file, occupying memory space through code replication, slow down the performance of the computer, format the computer, etc…
virus
true or false: virus can be spread via email attachment, pen drives, digital images, e-greeting, audio, or video clips
true
true or false: a virus may be present in a computer but it cannot activate itself without human intervention or when the executable file (.exe) is executed
true
this virus can replicate itself and doesn’t need human intervention to travel over the network and spread from the infected machine to the whole network; can spread through the network, using the loopholes of the OS or via email
worms
the replication and spreading of the ____ over the network consume the network resources like space and bandwidth and force the network to choke
worm
this is a malicious code that is installed in the computer by pretending to be useful software. this not only damages the computer but also creates a backdoor in the computer so it can be controlled by a remote computer
trojan horse
this can become part of botnet (robot-network) or a network of computers infected by malicious code and controlled by a central controller
trojan horse
the computers infected by trojan horse are known as
zombies
true or false: trojans neither infect other computers in the network nor do they replicate
true
networks of hijacked computer devices used to carry out various scams and cyberattacks. these automate mass attacks, such as data theft, server crashing, and malware distribution
botnet
botnet is formed using two words
robot and network
while surfing the internet, suddenly a pop-up alert appears in the screen which warns the presence of dangerous virus, spyware, etc., and urges the user to download the full paid version of the software to fix the problem
scareware
as the user downloads the malicious code, their computer is held hostage until the ransom is paid. the malicious code can neither be uninstalled nor used until the ransom is paid
scareware
when was the internet born
1960’s; access is limited to scientists, researchers, and the defense only
when was the internet launched to the public
1996
this is used to describe an unlawful activity in which computer or computing devices, such as smartphones, tablets, personal digital assistants are used as a tool for criminal activity
cyber crime
this is often committed by the people of destructive and criminal mindset, either for revenge, greed or adventure
cyber crime
an attack to the network or computer by some person with authorized system access
insider attack
performed by dissatisfied or unhappy inside employees or contractors; motivation can be revenger or greed
insider attack
true or false: it is easy for an insider to perform a cyber attack as he is well aware of the policies, processes, IT architecture, and wellness of the security system
true
the insider attack could be prevented by planning and installing an _________ (IDS) in the organization
intrusion detection systems
the attacker is either hired by an insider or an external entity to the organization
external attack
cyber attacks can be classified as?
structure attacks and unstructured attacks base don the level of maturity of the attacker
generally performed by amateurs who don’t have any predefined motives to perform the cyber attack; they test a tool available on the internet on the network of a random company
unstructured attacks
performed by highly skilled and experienced people and the motives are clear in their mind; use tools that can’t be noticed by intrusion detection systems
structure attack
true or false: cyber crimes have turned out to be low investment, low-risk business with huge returns
true
people are motivated towards committing cyber crime to make quick and easy money
money
some people try to take revenge with other person/organizations/society/or religion by defaming its reputation or bringing economical or physical loss; comes under the category of cyber terrorism
revenge
one can have pride if they hack highly secured networks like defense sites or networks
recognition
the anonymity that a cyber space provides motivate cyber crimes; it is easier to get away with criminal activity in cyber space than the real word
anonymity
the government itself is involved in cyber trespassing to keep eye on other person/network/country; the reason could be politically, economically, or socially motivated
cyber espionage
this is an act of stalking, harassing or threatening someone using internet/computer as a medium; this is often done to defame a person using the internet as it offers anonymity; behavior includes false accusations, threats, sexual exploitation to minors, monitoring, etc…
cyber stalking
an act of possessing image or video of a minor (under 18) engaged in sexual conduct
child pornography
use of computer to forge or counterfeit a document
forgery and counterfeiting
true or false: because of the internet, it is possible to produce counterfeit that matches the original document to such an extent that it is not possible to judge the authenticity of the document without expert judgement
true
this is an illegal reproduction and distribution for personal use or business. it comes under crime related to IPR infringement
software piracy and crime related to IPRs
it is defined as the use of computer resources to intimidate or coerce government, the civilian population in furtherance of political or social objectives
cyber terrorism
process of acquiring personal and sensitive information (identity theft) of an individual via email by disguising as a trustworthy entity in an electronic communication
phishing
if a telephone is used as a medium for identity theft, it is known as _______
Vishing
This uses SMS to lure customers or steal their personal information
Smishing
the act of physical destroying computer resources using physical force or malicious code
computer vandalism
practice of modifying computer hardware and software to accomplish a goal outside the creator’s original purpose
computer hacking
persons who hack the system to find security vulnerabilities of a system and notify to the organizations so that a preventive action can be taken to protect the system from outside hackers; may be paid employee of an organization or a freelancer
white hat
white hat are popularly known as
ethical hackers
hack the system with ill intentions. they find security loopholes and exploit the system for personal or organizational benefits until the organization who’s hacked apply security patches
black hat
black hat hackers are popularly known as
crackers
they find out security vulnerabilities and report to the site administrators and offer the fix of the security bug for a consultancy fee
grey hat
someone outside computer security consulting firms who bug-test a system prior to its launch, looking for exploits so they can be closed
blue hat
true or false: the organization can sue the hacker, if found, for the sum of more than or equivalent to the loss borne by the organization
true
sending of unsolicited and commercial bulk message over the internet is known as
spamming
the email is not targeted to one particular person but to a large number of people
mass mailing
the real identity of the person is not known
(spamming)
anonymity
the email is neither expected nor requested for the recipient
unsolicited
an activity involving injecting a malicious client side script into a trusted website. the information gained can be used for financial benefits or physical access to a system for personal interest
cross-site scripting
cyber criminals lure the customers to online auction fraud schemes which often lead to either overpayment of the product or the item is never delivered once the payment is made
online auction fraud
an act reserving the domain names of someone else’s trademark with intent to sell it afterwards to the organization who is the owner of the trademark at a higher price
cyber squatting
malicious code inserted into legitimate software, in which the malicious action is triggered by some specific condition. this can either destroy the information stored in the system or make system unusable
logic bombs
hacker gains access to a website of an organization and either blocks it or modify it to serve political, economical, or social interest
web jacking
examples of web jacking
- educational institutes were hacked by pakistani hackers and an animation which contains pakistani flags were flashed in the homepage of these websites
- indian hackers hacked website of pakistani railways and flashed indian flag for several hours on the occasion of independencce day of india in 2014
hacking the username and password of ISP of an individual and surfing the internet at his cost
internet time theft
a cyber attack in which the network is chocked and often collapsed by flooding it with useless traffic and thus preventing the legitimate network traffic
denial of service attack
an attack which proceeds with small increments and finally add up to lead to a major attack, like gaining access to online banking of an individual and withdrawing small amounts unnoticed by the owner
salami attack
a practice of changing the data before its entry into the computer system.
data diddling
DA or the basic salary of the person is changed in the payroll data of an individual for pay calculation. once the salary is calculated and transferred to his account, the total salary is replaced by his actual salary in the report
data diddling
a process of changing the header information of an email so that its original source is not identified and it appears to an individual at the receiving end that the email has been originated from source other than the original source
email spoofing
a process of identifying an individual and ensuring that the individual is the same who he/she claims to be.
authentication
what is the typical method for authentication over the internet
username and password
it is a password which can be used one time only and is sent to the user as an SMS or an email at the mobile number/email address that they have specified during the registration process
one time password
this is a known two-factor authentication method and requires two type of evidence to authenticate an individual to provide an extra layer of security for authentication
one time password
biometric data and physical token are examples of
two-way authentication/two-factor authentication
the process of giving access to an individual to certain resources based on the credentials of an individual is known as
authorization
this combines both the username and password along with hardware security measures like biometric system
hybrid authentication system
a method to provide secure access via hybrid security authentication to the company network over the internet
Virtual Private Network (VPN)
a technique to convert the data in unreadable form before transmitting it over the internet
encryption
a technique to lock the data by converting it to complex codes using mathematical algorithms
encryption
the decoding of the complex code to original text using key is known as
decryption
if the same key is used to lock and unlock the data, it is known as
symmetric key encryption
the key used to encrypt and decrypt data are different; every user possess two keys: public and private key
asymmetric key encryption
provide a situational example of asymmetric encryption
A will encrypt the message using B’s public key, as the public key is known to everyone. Once the message is encrypted, the message can safely be sent over to B through the internet. As soon as the message is received by B, he will use his private key to decrypt the message and regenerate the original message
a technique to validate data and is also used for authentication; this is created by encrypting the data with the private key of the sender, then the encrypted data is attached with the original message. the receiver can decrypt the signature with the public key of the sender, then if the decrypted message is same with the original message, the data is not tampered and the authenticity of the sender is verified
digital signatures
a special program designed to protect the system against virus. it not only prevents the malicious code to enter the system but also detects and destroys the malicious code that is installed into the system
antivirus
a hardware/software which acts as a shield between an organization’s network and the internet and protects it from threats like virus, malware, hackers, etc.; it limits the people who can have access to your network
firewall
example of hardware firewalls
routers
firewalls installed on the server and client machines and acts as a gateway to the organization’s network
software firewalls
true or false: the firewalls can be configured to follow rules and policies and based on these defined rules the firewalls can follow the following filtering mechanisms
true
all the outbound traffic is routed through these for monitoring and controlling the packet that are routed out of the organization
proxy
based on the rules defined in the policies, each packet is filtered by their type, port information, source, and destination information. for example. ip address, domain names, port numbers, protocols
packet filtering
the outgoing/incoming packets are judged based on defined characteristics only instead of going through all the field of a packet
stateful inspection
a technique of hiding secret messages in a document file, image file, and program or protocol, such that embedded message is invisible and can be retrieved using special software
steganography
this is a fundamental system in case of a mishap where data is inadvertently lost or corrupted from original system
data recovery
data is backed up on a full-scale and recovered back from the same
full back up
only changed or newly added data is backed up subsequently after the last full or incremental backup; recovery is made with the help of last full backup and all incremental backups performed everyday from the date of last full backup
incremental backup
only changed or newly added data is backed up after last full or differential backup but changes made in the previous differential backup are updated in the next differential backup
differential backup
this defines the threshold limits of a system in terms of time needed to restore an application and allowable limit of data loss
recovery time objective and recovery point objective
aob means
age of backup
speeds at which data is backed up and restored
time taken to backup and time taken to recover
measured in terms of cost for infrastructure, operations, and maintenance
total cost of ownership
