Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber Final > Week 1 > Flashcards

Week 1 Flashcards

1
Q

What are the layers of the OSI Model?

A

7: Application Layer - Type of communications: E-mail, file transfer. Client/Server
6: Presentation Layer - Encryption, data conversion: ASCII to EBCDIC. BCD to binary, etc.
5: Session Layer - Starts, stops session. Maintains order.
4: Transport Layer - Ensures delivery of entire file or message
3: Network Layer - Routes data to different LANs and WANs based on network address
2: Data Link (MAC) Layer - Transmits packets from node to node based on station address
1: Physical Layer - Electircal Signals and Cabling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is DNS?

A
  • Refers to the Domain Name System, DNS Server, or Name Server
  • An IP Address is like a telephone number, but instead of having to remember the specific IP address for where you want to go, the DNS will connect you to an easy to remember name such as pitt.edu.
  • The proper term for the process is DNS name resolution. Where the DNS server resolves (translates) the domain name (pitt.edu) to an IP address.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Explain the makeup of the domain.

A

https://my.pitt.edu/portal/server.pt

Top Level Domain: .edu

Domain name: pitt

Host Name: www

Protocol: https://

Computer Name (CName): my

Page Path: /portal/server.pt

http://hockey.fantasysports.yahoo.com

                            Protocol/CName/SubDomain/Domain/Top Level Domain
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is spoofing? And what type of attacks are there?

A

A situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage

Man in the Middle: URL Spoofing (fake a PNC bank page)/Phishing/Login Spoofing - Where they fake the login page to get you to give your information

Caller ID - Fake the Caller ID so you think you are talking to someone from a certain number or orgranization when in fact it is someone else

Email Address/Header - It is easy to manipulate one’s email address so that it comes up as a different address than the original sender.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a DoS attack? What is a D-DoS attack?

A

Denial of Service is an attacked attempting to make a computer(s) resource unavailable to its intended users.

Distributed Denial of Service - Same idea as a DoS, but it makes use of a wide network of computers to make an attack on a grand scale.

All you are doing is requesting a website over and over, which sends packets to your computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the AIC Triad?

A
  • Integrity - integrity means that data cannot be modified undetectably
  • Confidentiality - to prevent the disclosure of information to unauthorized individuals or systems
  • Availabitity - computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the Ease of Use Triangle?

A

Security, Functionality, Ease of Use. It can’t be perfectly at each point, but you need to have all three.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Social Engineering?

A

The art of manipulating people into performing disclosure actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the 7 deadly sins of social engineering?

A
  1. Sex Appeal: People think an attractive person is into them online, while suddenly something could happen to them and they ‘need money.’
  2. Greed: Nigerian lottery scam
  3. Vanity: Scammers convince people that THEY were the ONLY person chosen and won something or got an exclusive offer, and usually ask for their bank account info to get it there
  4. Sloth: People are lazy and don’t verify the authenticity of the source
  5. Trust (Implied/Transiet): Implied - Scammers say they are from a high-profile brand and can be trusted. Transient - Scammers pretends to be a trusted companion of someone they trust.
  6. Compassion: Someone is desperate for money and posts something on FB, but really it’s a scam
  7. Urgency: Similar to Compassion scams - They need to money right away and time is running out. Call a company acting as an agent of the company and say they need the information right away.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a virus?

A

–a computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus needs to be attached to some type of host for the infection to take place/transferred.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a worm?

A

–a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a standard virus?

A

–Small piece of software that piggybacks on a real program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is an email virus?

A

–This travels via email and may or may not require user interaction to be executed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a rootkit?

A

–A rootkit is a program (or combination of several programs) designed to take fundamental control of a computer system, without authorization by the system’s owner(s). Access to the hardware (e.g., the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is adware?

A

–programs that target ads to end user computers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is spyware?

A

–programs that collect information about you and your computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a dialer?

A

–program that would dial 900 numbers (this one is a bit out dated with the majority of people connected to the Net via broadband)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does Title 15 refer to in the US Code?

A

Credit Card Fraud and Software Piracy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does Title 17 refer to in the US Code?

A

Copyright Infringment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What does Title 18 cover under the US Code?

A
  • Fraud
  • Embezzlement
  • Terrorism & Espionage
  • Child seduction & exploitation
  • Stealing
  • Kidnapping
  • Forgery & counterfeiting
  • Extortion
  • RICO (Racketeering Influenced & Corrupt Organizations
  • Access Device Fraud
  • Illegal Wiretapping
21
Q

What is the Computer Fraud & Abuse Act of 1986?

A
  • Originally known as Counterfeit Access Device & computer Fraud & Abuse Act of 1986 – Section 1030 of title 18.
  • Known as the Hacking Statute
    • Criminalized the action of accessing Government or Financial Institutions computers without, or in excess of, authorization
    • Too vague, and overemphasized access to financial information and government computers
22
Q

What is the National Information Infrastructure Protection Act of 1996 (NIIPA)?

A
  • Designed to fill holes left by the CFAA }More specifically – used to prosecute cases in which computer data is not the primary target
  • Extended protections to ALL computers attached to the Internet (not just those with federal interest)
  • Criminalizes even accidental intrusion
  • Expanded to include:
    • Fraud –
    • Hacking & malicious programming –
    • Trafficking in passwords –
    • Extortion
23
Q

What is the Identity Theft & Assumption Deterrence Act of 1998?

A
  • First to make the possession of another’s personal identifying information a crime.
  • Specifically, made it unlawful to:
    • Knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law
  • Included both public and non-public information
  • Created a schematic for restitution
  • Designated the Federal Trade Commission (FTC) as the repository for consumer complaints and agents of dissemination
24
Q

What is the Financial Modernization Act of 2003? (FACTA)

A
  • Free Credit Report
  • Fraud & Active Duty Alerts
  • Truncation of Credit/Debit Account #’s
  • Truncation of SSN’s
  • One-Call Fraud Alerts & Enhanced Victim Resolution
  • Mandate Issuer Investigation – COA & additional cards
  • Requirement of CRA to issue Fraud Alert
  • Blocking or elimination of fraudulent information
  • Fraud alters for CRA
  • Limitation of Commingling Medical/Financial Information
  • Debt Collectors
  • Civil Action
25
Q

What is the Drivers Privacy Protection Act?

A

·Prohibits use of SSN’s and other personal information from a motor vehicle record in any situation not expressly permitted under the law

26
Q

What is the Health Insurance Portability & Accountability Act?

A

·Restricts health care organizations from disclosing of social security numbers and health information

27
Q

What is the Cyber Security Enhancement Act of 2002?

A

This Act mandates life sentences for hackers who “recklessly” endanger the lives of others. Malicious hackers who create a life-threatening situation by attacking computer networks

◦Transportation Systems

◦Power Companies

◦Telecommunication Companies

◦Other Public Services/Utilities

28
Q

What was the first child pornography statute? What did it lead to?

A
  • Prior to 1977, no laws existed restricting child pornography
  • In 1977, the Protection of Children against Sexual Exploitation Act was adopted
    • Subsequently leading to:
      • Child Protection act (1984)
      • Child Protection & Obscenity Act (1988)
      • Child Pornography Protection Act (CCPPA (1996)
        • Struct down by Supreme Court for being too vague and ambiguous
29
Q

What is RFID?

A
  • Radio-frequency identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags or transponders.
  • An RFID tag is an object that can be applied to or incorporated into a product, animal, or person for the purpose of identification and tracking using radio waves. Some tags can be read from several meters away and beyond the line of sight of the reader.
30
Q

What are Valid and Questionable uses of RFID?

A

Valid:

  • Dog/Cat ID
  • EZ-Pass
  • Parking Permits
  • Race Timing

Questionable:

  • Credit Cards
  • Drivers License
  • Passports
31
Q

What is Skimming?

A

–Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an “inside job” by a dishonest employee of a legitimate merchant

32
Q

What is Pump & Dump?

A

–is a form of microcap fraud that involves artificially inflating the price of a stock through false and misleading positive statements, in order to sell the cheaply purchased stock at a higher price. Once the operators of the scheme “dump” their overvalued shares, the price falls and investors lose their money.

33
Q

What is a database, and how is the information organized?

A
  • Database -Often abbreviated DB. A collection of information organized in such a way that a computer program can quickly select desired pieces of data. You can think of a database as an electronic filing system.
  • Traditionally Databases are organized by:
    • Fields – is a single piece of information
    • Records – is a complete set of fields
    • Files – is collection of records
34
Q

What is SQL?

A

•Structured Query Language – (pronounced either see-kwell or as separate letters.) SQL is a standardized query language for requesting information from a database. This language was developed by IBM.

35
Q

How is SQL used with the internet?

A
  1. User submits a request to a website for example Whois.org.
  2. Web page loads and the users wants to know who owns my.pitt.edu (clicks submit)
  3. The web server they queries the database server for the information
  4. Database returns the information to the web server which in turn returns the information to the user
  5. The web server is only allowed to talk to the database server – meaning the user can’t interact with the database directly!
36
Q

What is a SQL Injection attack?

A
  • A form of attack on a database-driven Web site in which an attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet, bypassing the firewall.
  • SQL injection attacks are used to steal information from a database from which the data would normally not be available and/or to gain access to an organization’s host computers through the computer that is hosting the database
37
Q

How is a SQL Injection attack performed?

A
  • For facebook, for example, a person just needs to put their username/email and password in to log on.
  • Website would submit a query along these lines to the database:Select myUser
    From Users
    Where
    myUser=’<username>’ AND<br></br> myPassword=’<password>’;</password></username>
  • A malicious actor would then try something like the following:

Select myUser
From Users
Where myUser=’-1’ OR 1=1;
– AND myPassword =’000000’

  • The resulting query would not match up to any record in the database; however, because the query is true it will return the first record of the database.
38
Q

How can one prevent SQL Injection?

A
  • Sanitize user inputs. –Never trust what a user enters to a field. If you are expecting a 5 digit Zip Code check to make sure it is a 5 digit zip code. (Utilize Regular Expressions)
  • Employ Stored Procedures –Instead of the web server doing all of the work by generating the query let the database server do this work. Doing this helps to speed up performance of both the database server and web server as well as improving security.
  • Restrict the Database User. –When the web server talks to the database it is done through a database user account. This account should not have any unnecessary privileges. For example, admin, owner…
39
Q

What is a Buffer Overflow Attack?

A
  • An anomaly where a program, while writing data to a Memory buffer, overruns the memory boundary and overwrites adjacent memory.
  • Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates.
  • This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security
40
Q

What is encryption (at a basic level)?

A

To alter (a file, for example) using a secret code so as to be unintelligible to unauthorized parties.

41
Q

What is Symmetric Encryption?

A
  • This type of encryption requires users to use the same key to decrypt and encrypt messages.
  • Also known as secret-key, shared-key, one-key and private-key encryption
42
Q

What is Assymetric Encryption?

A
  • This type of encryption is a two key system
  • Public Key – available for anyone to access
  • Private key – is restricted to only the owner of the key and kept secret.
  • Keys are mathematically related. If you encrypt with one key – you must decrypt with the other!
  • THINK PGP
  • It is Slow, doesn’t require a large key, and uses the public/private system
  • It is fast, requires large keys, and both sides of the transfer need the same key
43
Q

What are different types of encryption schemes?

A
  • Types of Encryption
  • AES - Advance Standard Encryption
    • Symmetric
  • DES – Data Encryption Standard
    • Symmetric
  • Triple DES - Triple Data Encryption Standard
    • Symmetric
  • RSA Public Key Encryption
    • Asymmetric
44
Q

What is TDES encryption?

A
  • Symmetric Algorithm
  • Uses 3 Keys
    • DES(k3,DES(k2,DES(k1,M)))
    • Encrypt the message with key-1
    • Decrypt the cipher of the first with key-2
    • Encrypt the cipher of the second with key-3
  • Decryption
    • Decrypt the cipher received with key-3
    • Encrypt the cipher after the first decryption with key-2
    • Decrypt the cipher from the second decryption with key-1
45
Q

What is a Digital Signature?

A
  • What is a Digital Signature?
    • A digital code that can be attached to an electronically transmitted message that uniquely identifies the sender.
    • Digital Signatures make use of RSA Public Key Encryption.
    • Relies on a 3rd Party (Certificate Authority aka CA) for validation.
46
Q

How do Digital Signatures work?

A
  • The sender encrypts his/her signature with their private key.
  • Now anyone can decrypt the signature with the sender’s public key.
  • If the signature is intact then the message is authentic else it is a forgery.
47
Q

What is a honeypot and what is its purpose?

A
  • An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system.
  • Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network.
  • If a Honeypot is successful, the intruder will have no idea that s/he is being tricked and monitored. Most Honeypots are installed inside firewalls so that they can better be controlled, though it is possible to install them outside of firewalls.
48
Q

What is the definition of organized crime?

A

▫The FBI defines organized crime as any group having some manner of a formalized structure and whose primary objective is to obtain money through illegal activities. Such groups maintain their position through the use of actual or threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the people in their locales, region, or the country as a whole.”

49
Q

In what ways does organized crime (especially in Russia) use the internet to perpetrate crime?

A
  • Carding - selling stolen credit card info online
  • Fraud - sell expensive stuff on ebay only to never ship the item (Lambo example)
  • Counterfeiting - Sell cheap/fake drugs or illegal/fake documents (fake license)
  • Medicare Fraud - Set up fake clinics and billed medicare for services never rendered
  • Extortion – Ransomware or DDoS attacks against internet reliant companies
  • Money Laundering – Set up gambling, auction, gaming, and virtual currency exchanges
  • Cybercrim Service Industry - Rent botnets, sell malicious code, set up customer service

Cyber Final (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions