CHAPTER 3: AUDITING OPERATING SYSTEMS AND NETWORKS Flashcards by Kristine Mungcal

The _________ is the computer’s control program. It allows users and their applications to share and access common computer resources, such as processors, main memory, databases, and printers.

operating system

How well did you know this?

Not at all

Perfectly

________ involves policies, procedures, and controls that determine who
can access the operating system, which resources (files, programs, printers) they can use, and what actions they can take.

Operating system security

How well did you know this?

Not at all

Perfectly

A formal ________ is the operating system’s first line of defense against unauthorized access. When the user initiates the process, he or she is presented with a dialog box requesting the user’s ID and password. The system compares the ID and password to a database of valid users.

Log-on procedure

How well did you know this?

Not at all

Perfectly

If the log-on attempt is successful, the operating system creates an _________ that contains key information about the user, including user ID, password, user group, and privileges granted to the user. The information here is used to approve all actions the user attempts during the session

access token

How well did you know this?

Not at all

Perfectly

An ______ is assigned to each IT resource (computer directory, data file, program, or printer), which controls access to the resources. These lists contain information that defines the access privileges for all valid users of the resource. When a user attempts to access a resource, the system compares his or her ID and privileges contained in the access token with those contained in the access control list. If there is a match, the user is granted access

access control list

How well did you know this?

Not at all

Perfectly

Resource owners in this setting may be granted___________, which allow them to grant access privileges to other users.

discretionary access privileges

How well did you know this?

Not at all

Perfectly

________ include hardware failures that cause the operating system to crash.

Accidental threats

How well did you know this?

Not at all

Perfectly

__________ may cause whole segments of memory to be dumped to
disks and printers, resulting in the unintentional disclosure of confidential information.

Accidental system failures

How well did you know this?

Not at all

Perfectly

_________ to the operating system are most commonly attempts to illegally access data or violate user privacy for financial gain. However, a growing threat is destructive programs from which there is no apparent gain.

Intentional threats

How well did you know this?

Not at all

Perfectly

Systems administrators and systems programmers require unlimited access to the operating system to perform maintenance and to recover from system failures. Such individuals may use this authority to access users’ programs and data files.

Privileged personnel who abuse their authority

How well did you know this?

Not at all

Perfectly

Looking through memory for sensitive information (e.g., in printer queue)

Browsing

How well did you know this?

Not at all

Perfectly

Pretend to be authorized user by getting ID and passwords

Masquerading

How well did you know this?

Not at all

Perfectly

The most common method to get your password is for someone to look over your shoulder! Make sure your password is a combination of upper/lower case letters, numbers, special characters.

Shoulder surfing

How well did you know this?

Not at all

Perfectly

Virus must attach to another program, worms are self-contained

Virus & Worms

How well did you know this?

Not at all

Perfectly

Management should ensure that individuals are not granted privileges that
are incompatible with their assigned duties.

Privileges determine which directories, files, applications, and other resources an individual or group may access. They also determine the types of actions that can be taken.

Controlling Access Privileges

How well did you know this?

Not at all

Perfectly

A________ is a secret code the user enters to gain access to systems, applications, data files, or a network server.

password

How well did you know this?

Not at all

Perfectly

The most common forms of contra-security behavior include:

Forgetting passwords and being locked out of the system.
Failing to change passwords on a frequent basis.
The Post-it syndrome, whereby passwords are written down and displayed for others to see.
Simplistic passwords that a computer criminal easily anticipates.

How well did you know this?

Not at all

Perfectly

The most common method of password control is the __________. The user defines the password to the system once and then reuses it to gain future access.

reusable password

How well did you know this?

Not at all

Perfectly

An alternative to the standard reusable password is the___________

one-time password

How well did you know this?

Not at all

Perfectly

Under this approach, the user’s password changes continuously. This technology employs a credit card–sized smart card that contains a microprocessor programmed with an algorithm that generates, and electronically displays, a new and unique password every 60 seconds. The card works in conjunction with special authentication software located on a mainframe or network server computer.

One-time passwords

How well did you know this?

Not at all

Perfectly

_____ are logs that record activity at the system, application, and user level

System audit trails

How well did you know this?

Not at all

Perfectly

_______ involves recording both the user’s keystrokes and the system’s responses.

Keystroke monitoring

How well did you know this?

Not at all

Perfectly

_________summarizes key activities related to system resources.

Event monitoring

How well did you know this?

Not at all

Perfectly

A ________ can also be used to report changes in system performance that may indicate infestation by a virus or worm.

real-time audit trail

How well did you know this?

Not at all

Perfectly

_________posed by dishonest employees who have the technical knowledge and position to perpetrate frauds

intranet risks

________ that threaten both consumers and business entities.

Internet risks

______consist of small LANs and large WANs that may contain thousands of individual nodes. >>> are used to connect employees within a single building, between buildings on the same physical campus, and between geographically dispersed locations. >>> Typical activities include e-mail routing, transaction processing between business units, and linking to the outside Internet.

Intranets

The unauthorized interception of this information by a node on the network is called_________

sniffing

_______ is a form of masquerading to gain unauthorized access to a Web server and/ or to perpetrate an unlawful act without revealing one’s identity. To accomplish this, a perpetrator modifies the IP address of the originating computer to disguise his or her identity.

IP spoofing

A________ is an assault on a Web server to prevent it from servicing its legitimate users. Although such attacks can be aimed at any type of Web site, they are particularly devastating to business entities that are prevented from receiving and processing business transactions from their customers.

denial of service attacks (Dos)

When a user establishes a connection on the Internet through TCP/IP , a three-way handshake takes place. is accomplished by not sending the final acknowledgment to the server’s SYN-ACK response, which causes the server to keep signaling for acknowledgement until the server times out.

SYN Flood Attack

______is used to test the state of network congestion and determine whether a particular host computer is connected and available on the network.

Ping

A _______involves three parties: the perpetrator, the intermediary, and the victim. The perpetrator of this attack uses a program to create a ping message packet that contains the forged IP address of the victim’s computer (IP spoofing) rather than that of the actual source computer.

smurf attack

The perpetrator of a _________attack may employ a virtual | army of so-called zombie or bot (robot) computers to launch the attack.

Distributed Denial of Service

______ is a popular interactive service on the Internet that lets thousands of people from around the world engage in real-time communications via their computers.

Internet Relay Chat (IRC)

The collections of compromised computers are known as ____

botnets

A_____ is a system that enforces access control between two networks.

firewall

________ provide efficient but low-security access control. This type of firewall consists of a screening router that examines the source and destination addresses that are attached to incoming message packets.

Network-level firewalls

__________provide a higher level of customizable network security, but they add overhead to connectivity. These systems are configured to run security applications called proxies that permit routine services such as e-mail to pass through the firewall, but can perform sophisticated functions such as user authentication for specific tasks.

Application-level firewalls

_________ uses a variety of analytical and statistical techniques to evaluate the contents of message packets. It searches the individual packets for protocol noncompliance and employs predefined criteria to decide if a packet can proceed to its destination.

Deep Packet Inspection (DPI)

is the conversion of data into a secret code for storage in databases and transmission over networks. The sender uses an encryption algorithm to convert the original message (called cleartext) into a coded equivalent (called ciphertext).

Encryption

The _______is a mathematical value that the sender selects.

key

The _______ is the procedure of shifting each letter in the cleartext message the number of positions that the key value indicates.

algorithm

What are the two commonly used methods of encryption?

private key | public key

________________is a 128-bit encryption technique that has become a U.S. government standard for private key encryption. - Its algorithm uses a single key known to both the sender and the receiver of the message. To encode a message, the sender provides the encryption algorithm with the key, which is used to produce a ciphertext message. - The message enters the communication channel and is transmitted to the receiver’s location, where it is stored. The receiver decodes the message with a decryption program that uses the same key the sender employs.

Advance encryption standard (AES)

_________encryption provides considerably improved security over most single encryption techniques

Triple-DES

This is a form of Triple DES which uses three different keys to encrypt the message three times.

EEE3

This is a form of Triple DES which uses one key to to encrypt the message

EDE3

__________ uses two different keys: one for encoding messages and the other for decoding them. -Each recipient has a private key that is kept secret and a public key that is published. - The sender of a message uses the receiver’s public key to encrypt the message. - The receiver then uses his or her private key to decode the message. Users never need to share their private keys to decrypt messages, thus reducing the likelihood that they fall into the hands of a criminal.

Public key encryption

___________ is a highly secure public key cryptography method. This method is, however, computationally intensive and much slower than standard DES encryption.

RSA (Rivest-Shamir-Adleman)

Sometimes, both DES and RSA are used together in what is called a_______________. Procedure: The actual message is encrypted using DES to provide the fastest decoding. The DES private key needed to decrypt the message is encrypted using RSA and transmitted along with the message. The receiver first decodes the DES key, which is then used to decode the message.

digital envelope

A ____________is electronic authentication that cannot be forged.

digital signature

The_________is a mathematical value calculated from the text content of the message.

digest

A _________is used in conjunction with a public key encryption system to authenticate the sender of a message. The process for certification varies depending on the level of certification desired. It involves establishing one’s identity with formal documents, such as a driver’s license, notarization, and fingerprints, and proving one’s ownership of the public key.

digital certificate

________________is a sequence number used to detect missing messages

Message sequence numbering

Listing of all incoming and outgoing messages to detect the efforts of hackers.

Message transaction log

- Random control messages are sent from the sender to ensure messages are received - Using this, a control message from the sender and a response from the receiver are sent at periodic, synchronized intervals. The timing of the messages should follow a random pattern that will be difficult for the intruder to determine and circumvent

request-response technique

- The receiver calls the sender back at a pre-authorized phone number before transmission is completed. - This restricts access to authorized terminals or telephone numbers and prevents an intruder masquerading as a legitimate user.

Call-back devices

____________are data errors from communications noise. --> The most common problem in data communication

Line errors

__________ is made up of random signals that can interfere with the message signal when they reach a certain level

Noise

The ____________ involves the receiver of the message returning the message to the sender. The sender compares the returned message with a stored copy of the original. If there is a discrepancy between the returned message and the original, suggesting a transmission error, the message is retransmitted.

echo check

___________uses computer-to-computer communications, standard format for messaging between two dissimilar systems. Exchange of computer-processible business info in standard format.

Electronic data interchange (EDI)

_______________ is used to restrict employees who are sharing the same computers to specific directories, programs, and data files. Under this approach, different passwords are used to access different functions.

Multilevel password control

include hardware failures and errors in user applications

Accidental threats

is destructive programs with no apparent gain, which come from three sources: o Privileged personnel who abuse their authority. o Individuals who browse the operating system to identify and exploit security flaws. o Individuals who insert viruses or other destructive programs into the operating system, either intentionally or unintentionally

Growing threat

involves recording user’s keystrokes and the system’s response

Keystroke monitoring

summarizes key activities related to system resources

Event monitoring

can be used to: o detect unauthorized access, o reconstruct events and o promote personal accountability

Audit trails

are subject to risks from equipment failure which can cause corruption or loss.

Network topologies

may be to punish an organization for a grievance or may be done for financial gain.

Motivation

examines source and destination addresses attached to incoming message packets but does not explicitly authenticate outside users.

Screening router

extra bit is added onto each byte of data similar to check digits

Parity check

Messages divided into small packets where each packet of the message may take a different routes.

Packet switching

is a private network within a public network

Virtual private network (VPN)

is a password controlled network for private users

Extranet

is an Internet facility that links users locally and globally

World Wide Web (WWW)

Format for E-mail addresses:

USERNAME@DOMAIN NAME

Defines the path to a facility or file on the Web. | Subdirectories can be several levels deep.

URL address

Every computer node and host attached to the Internet must have a unique ___________.

Internet Protocol (IP) address

Rules and standards governing design of hardware and software that permit network users to communicate and share data.

Protocols

permits communication between Internet sites.

Transfer Control Protocol/Internet Protocol (TCP/IP)

used to transfer files across the Internet.

File Transfer Protocol (FTP)

transmits e-mail messages

Simple Network Mail Protocol (SNMP)

are encryption schemes.

Secure Sockets Layer (SSL) and Secure Electronic Transmission (SET)

used to connect to Usenet groups on the Internet

Network News Transfer Protocol

is the document format used to produce Web pages.

HTML

is the physical arrangement of network components

A network topology

can cover several miles and connect hundreds of users

Local area networks (LANs)

Networks that exceed geographic limitations of LANs are

wide area networks (WANs)

- A network of IPUs with a large central computer (the host). Host computer has direct connections to smaller computers, typically desktop or laptop PCs. - Popular for mainframe computing. - All communications must go through the host computer, except for local computing

Star Topology

A host computer is connected to several levels of subordinate smaller computers in a master-slave relationship

Hierarchical Topology

Configuration eliminates the central site. - All nodes in this configuration are of equal status (peers). - Responsibility for managing communications is distributed among the nodes. - Common resources that are shared by all nodes can be centralized and managed by a file server that is also a node.

Ring Topology

Configuration distributes the processing between the user’s (client’s) computer and the central file server. - Both types of computers are part of the network, but each is assigned functions that it best performs. - This approach reduces data communications traffic, thus reducing queues and increasing response time.

Client-Server Topology

Purpose is to: Establish communications sessions. Manage the flow of data across the network. Detect and resolve data collisions between nodes. Detect line failure of signal degeneration errors

Network Control

most popular technique for establishing a communication session in WANs

Polling

involves transmitting special signal around the network. Only the node processing the token is allowed to transmit data.

Token passing

A random access technique that detects collisions when they occur

Carrier Sensing

is a program that attaches itself to a legitimate program to penetrate the operating system and destroy programs, files and the operating system itself.

Virus

is used interchangeably with virus.

Worm

is a destructive program triggered by some predetermined event or date

Logic bomb

is a software program that allows unauthorized access to a system

Back Door (trap door)

program purpose is to capture IDs and passwords.

Trojan horse

the most popular LAN topology. one or more servers centrally control communications and file transfers between workstations.

Bus Topology

passwords are written down and displayed for others to see

Post-it syndrome