MIS: Exam 4 - Ch 8 Flashcards
Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.
Security
Methods, policies and organizational procedures that ensure safety of organizations assets, accuracy/reliability of records, and operating standards.
Controls
Information security expert who attacks a system on behalf of it’s owners/developers in an effort to identify vulnerabilities that a malicious hacker could exploit.
Ethical Hacker
A non-technical method of intrusion that relies heavily on human interactions and deception in order to gain access to protected systems and/or information.
Social Engineering
Provides some security by assigning unique name to network’s SSID (service set identifiers) and not broadcasting SSID. Using it with VPN technology
WEP (Wired Equivalent Privacy) Security
Uses continually changing keys and encrypted authentication system with central server. Replaced WEP with stronger standards. Wi-Fi Alliance finalized it.
WPA2
Rogue software program that attaches itself to other software programs or data files in order to be executed
Viruses
Independent computer programs that copy themselves from one computer to other computers over a network.
Worms
Software program that appears to be benign but then does something other than expected.
Trojan Horses
Hackers submit data to Web forms that exploits site’s unprotected software and sends rogue SQL query to database
SQL Injection Attacks
Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising
Spyware
Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks
Key Loggers
What Hackers and Crackers have in common?
Both gain access by finding and exploiting security weaknesses
A person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasure
Hacker
Used to denote a Hacker with criminal intent
Cracker
Any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution.
Computer Crime
In computer crime, the computer may be the _______ of crime OR the _______ of crime
Computer may be target of crime OR instrument of crime
Computer/Cyber crime activities include:
system intrusion, system damage, Hacktivism, Cybervandalism
Intentional disruption, defacement, destruction of Web site or corporate information system
Cybervandalism
Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else OR Redirecting Web link to address different from intended one, with site masquerading as intended destination
Spoofing
Eavesdropping program that monitors information traveling over network. Enables hackers to steal proprietary information such as e-mail, company files, etc.
Sniffer
Flooding server with thousands of false requests to crash the system/network.
DOS - Denial of Service Attacks
Use of numerous computers to launch a DoS
DDos - Distributed Denial-of-service attacks
Networks of “zombie” PCs infiltrated by malware. Worldwide, 6 - 24 million computers serve as zombie PCs in thousands of ______s
Botnets
