Social Engineering and Other Foes Flashcards
administrative control
A control implemented through administrative policies or procedures
cable lock
A physical security deterrent used to protect a computer
cold aisles
Server room aisles that blow cold air from the floor
compensating controls
Gap controls that fill in the coverage between the other types of vulnerability mitigation techniques
control
Processes or actions used to respond to situations or events
data disposal
Getting rid of/destroying media no longer needed
detective control
Controls that are intended to identify and characterize an incident in progress
dumpster diving
Looking through trash for clues, often in the form of paper scraps, to find user passwords and other information
Faraday cage
An electronically conductive wire mesh or other conductor woven into a ‘cage’ that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls
fire suppression
The act of stopping a fire and preventing it from spreading
hoax
Typically, an email message warning of something that isn’t true, such as the outbreak of a new virus
hot aisles
A server room aisle that removes hot air
information classification
The process of determining what information is accessible, to what parties, and for what purposes
mantrap
A device, such as a small room, that limits access to one or a few individuals
PASS method
The correct method of extinguishing a fire with an extinguisher
PASS
Pull
Aim
Squeeze
Sweep
perimeter security
Security set up on the outside of the network or server to protect it
Personal Identity Verification (PIV)
Card required of federal employees and contractors to gain access to government resources
PIV
Personal Identity Verification
personally identifiable information (PII)
Information that can be uniquely used to identify, contact, or locate a single person
PII
personally identifiable information
phishing
A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request
physical controls
Controls and countermeasures of a tangible nature intended to minimize intrusions
preventive controls
Controls intended to prevent attacks or intrusions
privacy
A state of security in which information isn’t seen by unauthorized parties without the express permission of the party involved
privacy filters
Screens that restrict viewing of monitors to only those sitting in front of them
PTZ
Cameras that can pan, tilt, and zoom
restricted information
Information that isn’t made available to all and to which access is granted based on some criteria
shoulder sniffing
Watching someone when they enter their username, password, or sensitive data
social engineering
An attack that uses others by deceiving them; targets and manipulates people
spear phishing
A form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party
tailgating
Following someone through an entry point
technical controls
Controls that rely on technology
vishing
Combining phishing with Voice over IP (VOIP)
wetware
Term used in conjunction with social engineering; refers to the idea that human thoughts are analogous to computers
whaling
Phishing only large accounts
