Social Engineering and Other Foes (Ch. 10) Flashcards
A control implemented through administrative policies or procedures.
administrative control
A physical security deterrent used to protect a computer.
cable lock
Server room aisles that blow cold air from the floor or aisles in which the fronts of the devices face the AC ouput
cold aisles
Gap controls that fill in the coverage between other types of vulnerability mitigation techniques.
compensating controls
Processes or actions used to respond to situations or events.
control
Technical, physical, or administrative measures in place to assist with resource management.
control types
Getting rid of/destroying media no longer needed.
data disposal
Controls that are intended to identify and characterize an incident in progress (for example, sounding the alarm and alerting the administrator).
detective control
Looking through trash for clues often in the form of paper scraps to find users passwords and other pertinent information.
dumpster diving
An electrically conductive wire mesh or other conductor woven into a cage that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls.
Faraday cage
The act of stopping a fire and preventing it from spreading.
fire suppression
Typically, an email message warning of something that isn’t true, such as an outbreak of a new virus. A hoax can send users into a panic and cause more harm than the virus.
hoax
A server room aisle in which the hot air exhaust of devices face the warm air return of an AC
hot aisles
Pretending to be another person to gain information.
impersonation
The process of determining what information is accessible, to what parties, and for what purposes.
information classification
A device, such as a small room, that limits access to one or a few individuals.
mantrap
The correct method of extinguishing a fire with an extinguisher: Pull, Aim, Squeeze, and Sweep.
PASS method
Security set up on the outside of the network or server to protect it.
perimeter security
ard required of federal employees and contractors to gain access (physical and logical) to government resources.
Personal Identity Verification (PIV) C
Information that can be uniquely used to identify, contact, or locate a single person. Examples include Social Security number, driver’s license number, fingerprints, and handwriting.
personally identifiable information (PII)
A form of social engineering in which you simply ask someone for a piece of information that you are missing by making it look as if it is a legitimate request.
phishing
ontrols and countermeasures of a tangible nature intended to minimize intrusions.
physical controls C
Controls intended to prevent attacks or intrusions.
preventive controls
A state of security in which information isn’t seen by unauthorized parties without the express permission of the party involved.
privacy
Screens that restrict viewing of monitors to only those sitting in front of them.
privacy filters
Cameras that can pan, tilt, and zoom.
PTZ
Information that isn’t made available to all and to which access is granted based on some criteria.
restricted information
Watching someone when they enter their username, password, or sensitive data.
shoulder surfing
An attack that uses others by deceiving them. It does not directly target hardware or software, but instead it targets and manipulates people.
social engineering
A form of phishing in which the message is made to look as if it came from someone you know and trust as opposed to an informal third party.
spear phishing
Following someone through an entry point.
tailgating
Controls that rely on technology.
technical controls
Combining phishing with Voice over IP (VoIP).
vishing
Identifying a site that is visited by those that they are targeting, poisoning that site, and then waiting for the results.
watering hole attack
Another term for social engineering.
wetware
Targeting employees in an organization that would more likely lead to the divulgement of sensitive information. Typically managers, supervisors or high-level executives
whaling
