Security - Chapter 17 Flashcards
A system that monitors network use for potential hacking attempts. Such a system may take preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel.
Intrusion detection systems
An attack where a firm’s computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site’s use. These attacks are often performed via botnets.
distributed denial of service (DDoS)
A seemingly tempting, but bogus target meant to draw hacking attempts. By monitoring infiltration attempts against a these, organizations may gain insight into the identity of hackers and their techniques, and they can share this with partners and law enforcement.
honeypots
A two key system used for securing electronic transmissions. One key distributed publicly is used to encrypt (lock) data, but it cannot unlock data. Unlocking can only be performed with the private key. The private key also cannot be reverse engineered from the public key. By distributing public keys, but keeping the private key, Internet services can ensure transmissions to their site are secure.
public key encryption
A term that may, depending on the context, refer to either 1) breaking into a computer system, or 2) a particularly clever solution.
hack
Those scrambled character images that many sites require to submit some sort of entry (account setup, ticket buying) and are meant to be a Turing Test—a test to distinguish if a task is being performed by a computer or a human.
CAPTCHAs
An acronym for Completely Automated Public Turing Test to Tell Computers and Humans Apart
A term that, depending on the context, may be applied to either 1) someone who breaks into computer systems, or 2) to a particularly clever programmer.
hacker
Criminals that purchase assets from data harvesters to be used for illegal financial gain. Actions may include using stolen credit card numbers to purchase goods, creating fake accounts via identity fraud, and more.
cash-out fraudsters
Scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.
encryption
Attacks that are so new that they haven’t been clearly identified, and so they haven’t made it into security screening systems.
zero-day exploits
Highly restrictive programs that permit communication only with approved entities and/or in an approved manner.
whitelists
Programs that deny the entry or exit of specific IP addresses, products, Internet domains, and other communication restrictions.
blacklists
A trusted third party that provides authentication services in public key encryption schemes.
certificate authority
A con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software.
Phishing
Term used in security to refer to forging or disguising the origin or identity. E-mail transmissions and packets that have been altered to seem as if they came from another source are referred to as this.
spoofed
An attack that exhausts all possible password combinations in order to break into an account. The larger and more complicated a password or key, the longer this type of attack will take.
brute-force attack
Someone who uncovers computer weaknesses without exploiting them. Their goal is to improve system security.
white hat hackers
Code that unlocks encryption.
key
When identity is proven by presenting more than one item for proof of credentials. Multiple factors often include a password and some other identifier such as a unique code sent via e-mail or mobile phone text, a biometric reading (e.g. fingerprint or iris scan), a swipe or tap card, or other form if identification
multi-factor authentication
A protester seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage.
hacktivists
black hat hackers
A computer criminal.
Hordes of surreptitiously infiltrated computers, linked and controlled remotely, also known as zombie networks.
Botnets
Combing through trash to identify valuable assets.
dumpster diving
A system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use.
firewalls
Technologies that measure and analyze human body characteristics for identification or authentication. These might include fingerprint readers, retina scanners, voice and face recognition, and more.
Biometrics
Gaining compromising information through observation (as in looking over someone’s shoulder).
shoulder surfing
Cybercriminals who infiltrate systems and collect data for illegal resale.
data harvesters
honeypots
A seemingly tempting, but bogus target meant to draw hacking attempts. By monitoring infiltration attempts against a honeypot, organizations may gain insight into the identity of hackers and their techniques, and they can share this with partners and law enforcement.
Intrusion detection systems
A system that monitors network use for potential hacking attempts. Such a system may take preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel.
distributed denial of service (DDoS)
An attack where a firm’s computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site’s use. DDoS attacks are often performed via botnets.
con games that trick employees into revealing information or performing other tasks that compromise a firm are known as
social engineering
Firms use information for what two purposes
Transactional purposes
Analytical purposes
Transactional purposes firms use information for
Day-to-day operations
Analytical purposes firms use information for
Trend analyses, forecasts, and input generation for strategies that improve profit or long-term sustainability - compete on analytics
Major purpose of a database
To keep track of related information about more than one thing
public key encryption
A two key system used for securing electronic transmissions. One key distributed publicly is used to encrypt (lock) data, but it cannot unlock data. Unlocking can only be performed with the private key. The private key also cannot be reverse engineered from the public key. By distributing public keys, but keeping the private key, Internet services can ensure transmissions to their site are secure.
DBMS
Database Management Systems
The set of defenses put in place to counter threats to technology infrastructure and data resources
Security
The process of identifying and measuring information systems security risks, and devising the optimal risk mitigation strategy
IT Risk Managment
social engineering
con games that trick employees into revealing information or performing other tasks that compromise a firm are known as
What is the CIA triad?
Confidentiality - integrity - availability
Fundamental conflict in security; balancing the three
If data cannot be seen by unauthorized people, its
Confidential
Involves ensuring the consistency, accuracy, and trustworthiness of data - data cannot be changed in transit and/or by unauthorized people
Integrity
If data can be accessed by people who should have access to it, it is appropriately ______.
Available
Why is it sometimes difficult to make the business case for security measures?
IT security risks are hard to assess in the absence of an attack
Security is a negative deliverable
Forward looking investment with hypothetical benefits
Recurring investment
IT departments have limited budgets
Integrity
Involves ensuring the consistency, accuracy, and trustworthiness of data - data cannot be changed in transit and/or by unauthorized people
Confidential
If data cannot be seen by unauthorized people
Security
The set of defenses put in place to counter threats to technology infrastructure and data resources
Available
If data can be accessed by people who should have access to it
If a firm stops investing in security and maintains the old defenses too long, then a harmful attack occurrence becomes a matter of when, rather than if
Recurring investment
IT Risk Managment
The process of identifying and measuring information systems security risks, and devising the optimal risk mitigation strategy
Designed to manage the trade-off between the degree of desired security and the investment necessary to achieve it
Cost/benefit analysis (CBA$
Cost benefit analysis (CBA) - security
Designed to manage the trade off between the degree of desired security and the investment necessary to achieve it
5 costly actions that a firm might need to engage in as a result of a data breach involving customer information
- Investigation and remediation associated with the exploited vulnerability
- Notification of the impacted consumers via mail
- Identity theft and credit monitoring
- Lost business
- Lawsuits
Investigation and remediation associated with the exploited vulnerability
Figure out how data was stolen/compromised, and put in place safeguards/patches to prevent future exploits of the same vulnerability
Lost business as a result of a data breach involving customer information
Disruptions in normal business if services are down or denied, credit card companies may refuse to provide credit card service, lost business due to defecting customers
What are typical internal security threats
Careless, ignorant, or negligent behavior
Intentional malicious behavior
3 ways to combat insider threats
User training, user activity/behavior monitoring, information security (formal) governance program
Attacks that exploit a vulnerability that a developer did not have time to address and patch
Zero-day (zero-hour, day-zero) attacks
Training (response to security threats)
Reduce ignorance and indifference
User activity and behavior monitoring (response to security threats)
Check compliance with polices
Look for suspicious activities
Formal governance program (response to security threats)
Onboarding and “deboarding” procedures
Password standards
Statement of behaviors that individual employees should follow in order to minimize security risks
Statement of user rights and responsibilities, and of legitimate uses of portable devices
Periodic audits
Code designed into software programs to allow access to the application by circumventing password protection
In some cases, they are built in order to prevent high-level accounts such as admin accounts from being made inaccessible
Backdoors
Lying to and deceiving legitimate users
Tricking them into divulging restricted information
Social engineering
Automated social engineering scams
-exposing individuals to official-sounding spam appearing to be from known/respectable/legitimate institutions that asks people to confirm private data in an effort to capture that data
Phishing
Phishing scams via SMS
Smishing
What are some common external threats to security (10)
Bugs (flaws) in the code Heartbleed bug Zero-day (zero-hour, day-zero) attacks SQL injection attack Trojan Spyware Virus Worm Denial of service attack (DoS) Ransomware
Revealed on Apr 7, 2014 (been around for 2 years) discovered by Neel Mehta of Google Security
A fix was available at the time the bug was revealed
Vulnerability in OpenSSL - open source cryptographic software library forSSL/TLS encryption - provides security and privacy for communication over the internet
Vulnerable sites - Facebook, Yahoo, Pinterest, etc.
Heartbleed bug
A program that
- appears to provide useful functionality
- delivers a hidden, malicious payload, after installation (which could include backdoors for remote access and control)
Trojan
Smishing
Phishing scams via SMS
Code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field (such as a username or password login authentication fields) for execution (e.g. to dump the database contents to the attacker)
- in essence, this arises because the fields available for user input allow SQL statements to pass through unsanitized and query the database directly
- one of the most common application layer attack techniques
SQL Injection Attack
Sometimes can cause modules to freeze or malfunction, potentially weakening defenses
- in other cases, poorly implemented functions/modules/operations can create opportunities for exploits (e.g., exposure to SQL Injections, Heartbleed bug affecting OpenSSL)
- November 2017. Apple raced to fix MacOS High Sierra but that made it possible to log in without a password and gain administrator rights
Bugs (flaws) in the code
Social engineering
Lying to and deceiving legitimate users
Tricking them into divulging restricted information
From the moment the software with the flaw was released until the patch is released (technically until users install the patch but some users may abandon a system that is known to be vulnerable once that is public information
“Zero day” vulnerability window
Bugs (flaws) in the code
Sometimes can cause modules to freeze or malfunction, potentially weakening defenses
- in other cases, poorly implemented functions/modules/operations can create opportunities for exploits (e.g., exposure to SQL Injections, Heartbleed bug affecting OpenSSL)
- November 2017. Apple raced to fix MacOS High Sierra but that made it possible to log in without a password and gain administrator rights
Phishing
Automated social engineering scams
-exposing individuals to official-sounding spam appearing to be from known/respectable/legitimate institutions that asks people to confirm private data in an effort to capture that data
SQL Injection Attack
Code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field (such as a username or password login authentication fields) for execution (e.g. to dump the database contents to the attacker)
- in essence, this arises because the fields available for user input allow SQL statements to pass through unsanitized and query the database directly
- one of the most common application layer attack techniques
Backdoors
Code designed into software programs to allow access to the application by circumventing password protection
In some cases, they are built in order to prevent high-level accounts such as admin accounts from being made inaccessible
- (SQL Select)
Select everything (all fields) from Table
Trojan
A program that
- appears to provide useful functionality
- delivers a hidden, malicious payload, after installation (which could include backdoors for remote access and control)
SSL
Secure socket layer
A technology that was developed to make secure communication possible
-the https:// encryption
About how many SQL injections attacks per day
Half a million
“Zero-day” vulnerability window
From the moment the software with the flaw was released until the patch is released (technically until users install the patch but some users may abandon a system that is known to be vulnerable once that is public information
Hidden software that
-monitors behavior, collects information, transfers information to a third party, performs unwanted operations
Diverts resources and often slows down the computer
Spyware
Spyware
Hidden software that
-monitors behavior, collects information, transfers information to a third party, performs unwanted operations
Diverts resources and often slows down the computer
Malicious code that spreads by attaching itself to (mostly executable) files that are part of legitimate installed programs
-usually needs human action to replicate and spread - running or copying the infected program/code (e.g., running an executable file, etc)
Virus
Virus
Malicious code that spreads by attaching itself to (mostly executable) files that are part of legitimate installed programs
-usually needs human action to replicate and spread - running or copying the infected program/code (e.g., running an executable file, etc)
Payload of a virus
Harmful set of actions performed after machine is infected
-damage may vary in severity from just some occasional pop-up messages to files being corrupted/deleted or entire systems being shut down
Self-replicating malicious code that exploits security holes in network software to spread across nodes in a network
Worm
Worm
Self-replicating malicious code that exploits security holes in network software to spread across nodes in a network
Unlike viruses, worms…
Do not usually attach to a file
Are standalone software programs that may self-replicate/spread without a host program or human action (e.g., send a copy of itself to everyone in the users’ address book, replicate by exploiting network vulnerabilities)
Worm that attacked web servers running IIS
- installed back door and propagated 100 times over per infection
- patch issued by Microsoft on June 18, 2001
- worm struck on July 19, 2001 (a month after patch was made available)
Code Red
Code Red
Worm that attacked web servers running IIS
- installed back door and propagated 100 times over per infection
- patch issued by Microsoft on June 18, 2001
- worm struck on July 19, 2001 (a month after patch was made available)
Digital assault carried out over a computer network
Objective: concerted effort (often times using botnets) to overwhelm an online service with requests and slow it down or force it to shut down altogether
-can be used to divert attention to allow the attacker to exploit other security vulnerabilities
Denial-of-Service Attack (DoS)
Denial-of-Service Attack (DoS)
Digital assault carried out over a computer network
Objective: concerted effort (often times using botnets) to overwhelm an online service with requests and slow it down or force it to shut down altogether
-can be used to divert attention to allow the attacker to exploit other security vulnerabilities
Type of malware that restricts access to the infected computer system in some way (inability to log in or encryption of files), and requests that the user pays a ransom for the restrictions to be removed
- a lot of times in the form of a Trojan
- sometimes used as a distraction from more serious hacking
Ransomware
Ransomware
Type of malware that restricts access to the infected computer system in some way (inability to log in or encryption of files), and requests that the user pays a ransom for the restrictions to be removed
- a lot of times in the form of a Trojan
- sometimes used as a distraction from more serious hacking
Two examples of ransomware
CryptoLocker Trojan (later versions evolving to worm) - encrypted files on the affected system - demand ransom in the form of bitcoins Cryptowall (Windows), KeRanger (OS X)
Web based attack platforms
- buy, lease, subscribe, or pay-as-you-go
- encrypted command and control channels
- web services for hosting phishing context
- browser engines designed for identity theft
- drive scanners to capture sellable data (email addresses, credit card details)
- typically used by low level criminals
Malware kits
Use multiple tools to guard against intrusion (a key security practice)
Defense in depth
The cornerstone of securing against intrusion is the
Use of passwords
These can be used to screen and manage traffic in and out of a computer network
Firewalls
This process scrambles content so that it is rendered unreadable
The encryption process
What is the response that IT professionals use to respond to malware (malicious code)
IT professionals install detection software (antivirus, anti spyware, etc)
Patch
Mitigation method
Seeks to compromise a computing system without permission
Malware (for malicious software)
Programs that infect other software or files. They require executable (a running program) to spread, attaching to other executables. They can spread via operating systems, programs, or the boot sector or auto-run Feature of media such as DVDs or USB drives. Some applications have executable languages (macros) that can also host these that run and spread when a file is open.
Viruses
Programs that take advantage of security vulnerability to automatically spread, but unlike viruses, they do not require an executable. Some scan for and install themselves on vulnerable systems with stunning speed (in an extreme example, the SQL Slammer infected 90 percent of vulnerable software within just ten minutes
Worms
Exploits that, like the mythical Trojan horse, try to sneak in by masquerading as something they’re not. The payload is released when the user is duped into downloading and installing the malware cargo, oftentimes via phishing exploits
Trojans
Hordes of surreptitiously infected computers linked and controlled remotely by a central command
Botnets or zombie networks
Used in crimes where controlling many difficult-to-identify PCs is useful, such as when perpetrating click fraud, sending spam, executing “dictionary” password cracking attempts, or launching denial-of-service attacks
Botnets or zombie networks
Programs installed without full user consent or knowledge that later serve unwanted advertisements
Malicious adware
Software that surreptitiously monitors user actions, network traffic, or scans for files
Spyware
Type of spyware that records keystrokes. They can be either software based or hardware based, such as a recording “dongle” that is plugged in between a keyboard and a PC.
Keylogger
Variant of the keylogger approach. This category of software records the pixels that appear on a users screen for later playback in hopes of identifying proprietary information
Screen capture
A software program that secretly captures data from a swipe card’s magnetic strip
Card Skimmer
Malicious code that scans computing memory (RAM, hard drives, or other storage) for sensitive data, often looking for patterns such as credit card or social security numbers
RAM scraping or storage scanning software
Malware that encrypts a users files (perhaps threatening to delete them), with demands that a user up to regain control of their data and/or device
Ransomware
Attacks combining multiple malware or hacking exploits
Blended threats
This technique zeros in on a sloppy programming practice where software developers don’t validate user input
SQL injection technique
Software updates that plug existing holes
Patches
