Physical Security Flashcards
Brute Force
Type of attack where access to a system is gained by simply trying all of the
possibilities until you break through
Access Control Vestibules
Double-door system that is designed with two doors that are electronically
controlled to ensure that only one door can be open at a given time
Piggybacking
Involves two people working together with one person who has
legitimate access intentionally allows another person who doesn’t have
proper authorization to enter a secure area with them
Tailgating
Occurs whenever an unauthorized person closely follows someone
through the access control vestibule who has legitimate access into the
secure space without their knowledge or consent
RFID
Radio-Frequency Identification
NFC
Near-Field Communication
FAR
False Acceptance Rate
FRR
False Rejection Rate
CER
Crossover Error Rate
A balance between FAR and FRR for optimal
authentication effectiveness
Access Badge Cloning
Copying the data from an RFID or NFC card or badge onto another card or device
Motivational Triggers (social engineering)
- Authority
- Urgency
- Social Proof
- Scarcity
- Likability
- Fear
Typosquatting
Form of cyber attack where an attacker will register a domain name that
is similar to a popular website but contain some kind of common
typographical errors
(also known as URL hijacking or cybersquatting)
Watering Hole Attack
Targeted form of cyber attack where attackers compromise a specific
website or service that their target is known to use
Pretexting
Pretexting gives some amount of information that seems true so that the victim will give
more information
BEC
Business Email Compromise
Sophisticated type of phishing attack that usually targets businesses by
using one of their internal email accounts to get other employees to
perform some kind of malicious actions on behalf of the attacker
Fraud
Wrongful or criminal deception that is intended to result in financial or personal
gain for the attacker
Scams
Fraudulent or deceptive act or operation
Misinformation
False or inaccurate information shared without harmful intent
Disinformation
Involves the deliberate creation and sharing of false information with the intent to deceive or mislead
Diversion Theft
Involves manipulating a situation or creating a distraction to steal
valuable items or information
Hoax
Malicious deception that is often spread through social media, email, or
other communication channels
Shoulder Surfing
Involves looking over someone’s shoulder to gather personal information
Dumpster Diving
Involves searching through trash to find valuable information
Baiting
Involves leaving a malware-infected physical device, like a USB drive, in a
place where it will be found by a victim, who will then hopefully use the
device to unknowingly install malware on their organization’s computer
system