Vocab 9 - 15 & Web 2.0 Flashcards
Computer communications
A process in which two or more computers or devices transfer data, instructions, and information.
- Sending device → Communications channel → Receiving device
computer security risk
Any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
cybercrime
A Network or Internet-based illegal act
Computer Security Risks
- Internet and network attacks
- unauthorized access and use
- hardware theft (stealing a thumb drive or hard drive)
- system failure (lightning strike)
- infromation theft (stollen identity)
- software theft (illegal copy)
Data transmitted over networks
Has a higher degree of security risk than data kept on an organization’s premises
online security service
A Web site that evaluates your computer to check for Internet and e-mail vulnerabilities.
Virus
Affects a computer negatively by altering the way the computer works <!--EndFragment-->
Worm
Replicates (copies itself), consuming resources and possibly shutting down the computer or network <!--EndFragment-->
Trojan Horse
A malicious program that hides within or looks like a legitimate program <!--EndFragment-->
Rootkit
Program that hides, creating a “back door” for a remote location to take full control of the computer.
Symptoms of an infected computer include:
- Runs much slower than usual
- Available memory is less than expected
- Files become corrupted
- Screen displays unusual message or image
- Music or unusual sounds play randomly
- Existing programs and files disappear
- Programs or files do not work properly
- Unknown programs or files mysteriously appear
- System properties change
- Operating system does not boot (start up)
- Operating system shuts down unexpectedly
Steps/precautions users can take to protect their home and work computers and mobile devices from malicious infections:
- Never start a computer with removable media inserted in the drives or plugged in the ports, unless the media are uninfected.
- Never open an email attachment unless you are expecting it and it is from a trusted source.
- Set the macro security in programs so that you can enable or disable macros. Enable macros only if the document is from a trusted source and you are expecting it.
- Install an antivirus program on all of your computers. Update the software and the virus signature files regularly.
- Scan all downloaded programs for viruses and other maleware.
- If the antivirus program flags an email attachment as infected, delete or quarantine the attachment immediately.
- Before using any removable media, scan the media for malware. Follow this procedure even for shrink-wrapped software from major developers. Some commercial software has been infected and distributed to unsuspectiing users.
- Install a personal firewall program.
- Stay informed about new virus alerts and virus hoaxes.
botnet
A group of compromised computers connected to a network
A compromised computer is known as a zombie
DoS attack
A denial of service attack: disrupts computer access to Internet services
Distributed DoS (DDoS)
back door
A program or set of instructions in a program that allows remote attackers to bypass security controls
Spoofing
A technique intruders use to make their network or Internet transmission appear legitimate.
firewall
Hardware and/or software that protects computers and networks from intrusion
Intrusion detection software
- Analyzes all network traffic
- Assesses system vulnerabilities
- Identifies any unauthorized intrusions
- Notifies network administrators of suspicious behavior patterns or system breaches
Honeypot
Vulnerable computer that is set up to entice an intruder to break into it
Unauthorized access
The use of a computer or network without permission <!--EndFragment-->
Unauthorized use
The use of a computer or its data for unapproved or possibly illegal activities.<!--EndFragment-->
The measures organizations take to help prevent unauthorized access and use:
- Acceptable use policy
- Disable file and printer sharing
- Firewalls
- Intrusion detection software
Access controls
Define who can access a computer, when they can access it, and what actions they can take:
- Two-phase processes called identification and authentication
- User name
- Password
- Passphrase
- CAPTCHA
possessed object
- Any item that you must carry to gain access to a computer or computer facility.
- Often are used in combination with a personal identification number (PIN)
biometric device
Authenticates a person’s identity by translating a personal characteristic into a digital code that is compared with a digital code in a computer
Digital forensics
The discovery, collection, and analysis of evidence found on computers and networks
Areas that use digital forensics
- Law enforcement
- Criminal prosecutors
- Civil lawsuits, discovery
- Military intelligence
- Insurance agencies
- Information security departments
Hardware theft
The act of stealing computer equipment <!--EndFragment-->
Hardware vandalism
The <!--StartFragment--> act of defacing or destroying computer equipment <!--EndFragment-->
Software theft occurs when someone:
- Steals software media
- Intentionally erases programs
- Illegally copies a program
- Illegally registers and/or activates a program
- Copying, loaning, borrowing, renting, or distributing software can be a violation of copyright law
EULA
An End User License Agreement typically contains the following conditions:
- Permitted to…
- Install the software on a certain number of computers (usually one)
- Make one copy of the software
- Remove the software from your computer before giving it away or selling it
- Not permitted to…
- Install the software on a network
- Give copies to friends or colleagues while continuing to use the software
- Export the software
- Rent or lease the software
Information theft
Occurs when someone steals personal or confidential information
Encryption
A process of converting readable data into unreadable characters to prevent unauthorized access
- Transposition
- Substitution
- Expansion
- Compaction
Transposition
Switch the order of characters
Substitution
Replace characters with other character
Expansion
Insert characters between existing characters
Compaction
Remove characters and store elsewhere
Public Key Encryption
- The sender creates a document to be email to the receiver.
- The sender uses the receiver’s public key to encrypt the message.
- The receiver uses his or her private key to decrypt the message.
- The receiver can read or print the message.
digital signature
An encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the sender
Often used to ensure that an impostor is not participating in an Internet transaction
Web browsers and Web sites use ________ techniques
encryption
Popular security techniques include:
- Digital Certificates
- Transport Layer Security (TLS)
- Secure HTTP
- VPN (Virtual Private Network)
system failure
The prolonged malfunction of a computer
A variety of factors can lead to system failure, including:
- Aging hardware
- Natural disasters
- Electrical power problems
- Noise, undervoltages, and overvoltages
- Errors in computer programs
Two ways to protect from system failures caused by electrical power variations include ___________ and ____________.
- surge protectors
- uninterruptable power supplies (UPS)
backup
Is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed
To back up a file means to make a copy of it
Offsite backups
Backups are stored in a location separate from the computer site
- Cloud Storage
Three-generation backup policy
Grandparent → Parent → Child
Two backup categories:
- Full backup
- Selective backup
- Differential
- Incremental
Wireless Security
Wireless access poses additional security risks
About 80 percent of wireless networks have no security protection (“unsecured wireless network”)
“War driving” allows individuals to detect wireless networks while driving through an area
In additional to using firewalls, some safeguards improve security of wireless networks
- Change the default SSID (Service Set Identifier)
- A wireless access point should not broadcast an SSID
- Configure WAP so only certain devices can access (e.g., MAC address configuration)
- Use WPA or WPA2 security standards •(do not use WEP)
Health Concerns of Computer Use
The widespread use of computers has led to health concerns
- Repetitive strain injury (RSI)
- Tendonitis
- Carpal tunnel syndrome (CTS)
- Computer vision syndrome (CVS)
Ergonomics
An applied science devoted to incorporating comfort, efficiency, and safety into the design of items in the workplace
Computer addiction
Occurs when the computer consumes someone’s social life. Symptoms include:
- Craves computer time
- Overjoyed when at the computer
- Unable to stop computer activity
- Irritable when not at the computer
- Neglects family and friends
- Problems at work or school
Computer ethics
Are moral guidelines that govern the use of computers and information systems
Information accuracy is a concern
Not all information on the Web is correct!
Intellectual property rights
Are the rights to which creators are entitled for their work <!--EndFragment-->
A copyright protects any tangible form of expression
IT code of conduct
Is written guidelines that help determine whether a specific computer action is ethical or unethical <!--EndFragment-->
IT Code of Conduct
- Computers may not be used to harm other people.
- Employees may not interfere with others’ computer work.
- Employees may not meddle in others’ computer files.
- Computers may not be used to steal.
- Computers may not be used to bear false witness.
- Employees may not copy or use software illegally.
- Employees may not use others’ computer resources without authorization.
- Employees may not use others’ intellectual property as their own.
- Employees shall consider the social impact of programs and systems they design.
- Employees always should use coputers in a way that demonstrates consideration and respect for fellow humans.
Information privacy
Refers to the right of individuals and companies to deny or restrict the collection and use of information about them
- Huge databases store data online
- It is important to safeguard your information
cookie
A small text file that a Web server stores on your computer
Web sites use cookies for many reasons, including:
- Personalization of the experience
- Store passwords
- Assist with online shopping
- Track site visits
- Target advertisements
Spam
An unsolicited e-mail message or newsgroup posting
E-mail filtering
Blocks e-mail messages from designated sources
Anti-spam programs
Attempt to remove spam before it reaches your inbox
Phishing
A scam that sends an official-looking e-mail that attempts to obtain your personal and financial information
Pharming
A scam that attempts to obtain your personal and financial information via spoofing
The 1970 Fair Credit Reporting Act
Limits the right to view a credit report to those with legitimate business needs
Social engineering
Is defined as gaining unauthorized access or obtaining confidential information by taking advantage of trust and naiveté <!--EndFragment-->
Employee monitoring
Uses computers to observe, record, and review employees’ computer use during work on on breaks (if using an employer’s computer) <!--EndFragment-->
Content filtering
The process of restricting access to certain material on the Web
Many businesses use content filtering
Internet Content Rating Association (ICRA)
Web filtering software
Restricts access to specified Web sites
Digital forensics
The discovery, collection, analysis, and reporting of evidence found on computers and digital devices
- Focuses on computers, digital devices, and networks
- Digital evidence exists on a variety of computers
- The forensic analysis of computers and digital devices specifically involves the examination of media, programs, and data and log files
- Fastest growing discipline in the forensics field
- Also referred to as computer forensics, network forensics, or cyberforensics
Digital forensics examiners must have:
- Knowledge of the law
- Technical experience with many types of hardware and software products
- Superior communication skills
- Familiarity with corporate structures and policies
- A willingness to learn and update skills
- A knack for problem solving
Digital forensics covers several overlapping areas:
- Law enforcement
- Homeland security
- Businesses and other private sector organizations
Digital Forensics in Action: Identity Theft
Steps
- Step 1: Gather materials to analyze
- Computer media
- Computers and peripherals
- GPS receivers
- Network hardware
- Computer software
- Step 2: Transport the materials
- Step 3: Preserve the media
- Step 4: Extract evidence
- Step 5: Analyze evidence
- Analyze mobile devices
- Analyze chat room logs
- Analyze browser history logs
- Step 6: Document results
Digital Forensics in Action: Spam Attacks
A digital forensics examiner might use the following techniques to locate the attacker and/or the computer network facilitating the attacks:
- Analyze network traffic
- Track packet routes
- Analyze Internet access provider logs
- Analyze a packet trace
computer security risk
Any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
cybercrime
Network or Internet-based illegal act.
Names for Different Types of Cyber-Criminals
- Hackers
- Crackers
- Script Kiddies
- Corporate Spies
- Unethical Employees
- Cyberextortionists
- Cyberterrorists
online security service
A Web site that evaluates your computer to check for Internet and e-mail vulnerabilities
Wireless Internet access points
They allow people to connect wirelessly to the Internet from home, work, school, and in many public locations
GPS
Global Positioning System: is a navigation system comprising one or more earth-based receivers that accept and analyze signals sent by satellites in order to determine the GPS receiver’s geographic location
GPS receivers are:
- Built into many mobile devices (like your phone so the police can find you when you call 911 for help)
- Available as a handheld device
- Available with motor vehicles
collaborate
Many programs provide a means to ___________, or work together online, with others connected to a server
Collaboration software includes tools that:
… enable users to share documents via online meetings and communicate with other connected users. Examples:
- Online meetings
- Web conferences
- Document management systems
Web services enable programmers to:
… create applications that communicate with other remote computers over the Internet or on an internal business network
mashup
A Web application that combines services from two or more sources
network
A collection of computers and devices connected via communication devices and transmission media
Network Advantages:
- Facilitate communications
- Share hardware
- Share data
- Share software
- Transfer funds
LAN
A Local Area Network: connects computers and devices in a limited geographical area
WLAN
A Wireless LAN: is a LAN that uses no physical connections
MAN
A Metropolitan Area Network: connects LANs in a metropolitan area
WAN
A Wide Area Network: covers a large geographical area
network architecture
The design of computers, devices, and media on a network
P2P
An Internet network on which users access each other’s hard disks and exchange files
Network Topology
Refers to the layout of the computers and devices in a network:
- Star Network
- Bus Network
Intranet
An internal network that uses Internet technologies <!--EndFragment-->
Extranet
Allows customers or suppliers to access part of its Intranet
Network Communications Standards
- Ethernet
- TCP/IP
- Wi-Fi
- Bluetooth
Ethernet
A network standard that specifies no computer controls when data can be transmitted <!--EndFragment-->
TCP/IP
A network standard that defines how messages are routed within a network <!--EndFragment-->
Wi-Fi
Identifies any network based on the 802.11 standard that facilitates wireless communication.
- Newest is 802.11ac (1 Gbps and higher)
- Sometimes referred to as Wireless Ethernet
Bluetooth
Defines how two Bluetooth devices use short-range radio waves to transmit data.
RFID
Uses radio signals to communicate with a tag placed in or attached to an object, animal, or person
Communications software:
- Helps users establish a connection to another computer or network
- Manages the transmission of data, instructions, and information
- Provides an interface for users to communicate with one another
communications device
Any type of hardware capable of transmitting data, instructions, and information between a sending device and a receiving device
digital modem
Sends and receives data and information to and from a digital line. Examples:
- DSL modem
- Cable modem