MIS-5 Flashcards
Spyware
- Software that secretly gathers information about users while they browse the Web
- Prevented by installing antivirus or antispyware software
Adware
- Type of spyware that collects information about the user to determine which advertisements to display in the user’s Web browser
- Prevented by installing an ad-blocking feature in the Web browser
Phishing
- Sending fraudulent e-mails that seem to come from legitimate sources
- E-mails direct recipients to false Web sites to capture private information
Pharming
- Hijacking and altering the IP address of an official Web site
- Users who enter the correct Web address are directed to the pharmer’s fraudulent Web site
Baiting
What distinguishes it from phishing is the promise that the baiter gives to the recipient
Quid pro quo
Involves a hacker requesting the exchange of critical data or login information in exchange for a service or prize
Keystroke Loggers
- Monitor and record keystrokes
- Can be software or hardware devices
- Used by companies to track employees’ use of e-mail and the Internet, which is legal
- Used for malicious purposes
- Prevented by some antivirus and antispyware programs
Sniffing
Capturing and recording network traffic
Used by hackers to intercept information
Spoofing
Attempting to gain access to a network by posing as an authorized user in order to find sensitive information
Also happens when an illegitimate program poses as a legitimate one
Computer Fraud
Unauthorized use of computer data for personal gain
Computer crimes include:
- Denial-of-service attacks
- Identity theft and software piracy
- Distributing child pornography
- E-mail spamming
- Writing or spreading malicious codes
- Stealing files for industrial espionage
- Changing computer records illegally
- Virus hoaxes
- Sabotage
- Holding a firm’s critical data for ransom
Example: Ransomware
Confidentiality from the CIA Triangle
System must prevent disclosing information to anyone who is not authorized to access it
Integrity from the CIA Triangle
Accuracy of information resources within an organization
Availability from the CIA Triangle
Ensuring that computers and networks are operational, and authorized users can access the information they need
Quick recovery in the event of a system failure or disaster
McCumber Cube
Framework for evaluating information security
Represented as a three-dimensional cube
Defines nine characteristics of information security
Includes different states in which information can exist in a system
Transaction, storage, and processing
Levels of Network Security
Level 1 - Front-end servers
Level 2 - Back-end systems
Level 3 - Corporate network
Level 1 - Front-end servers
Available to both internal and external users and must be protected against unauthorized access
Level 2 - Back-end systems
Must be protected to ensure confidentiality, accuracy, and integrity of data
Level 3 - Corporate network
Must be protected against intrusion, denial-of-service attacks, and unauthorized access
Fault-tolerant systems
Ensure availability in the event of a system failure by using a combination of hardware and software
Commonly used methods of Fault-tolerant systems
Uninterruptible power supply (UPS)
Redundant array of independent disks (RAID)
Mirror disks
Intentional Threat: Virus
Consists of self-propagating program code that is triggered by a specified time or event:
a. Attaches itself to other files, and the cycle continues when the program or operating system containing the virus is used
b. Transmitted through a network, e-mail attachments, or message boards
c. Prevented by installing and updating an antivirus program
Intentional Threat: Worms
- Independent programs that can spread themselves without having to be attached to a host program
- Replicate into a full-blown version that could end up eating computing resources
Examples
Code Red, Melissa, and Sasser
Trojan programs
- Contain code intended to disrupt a computer, network, or Web site
- Hidden inside a popular program