Chapter 3 Key Concepts and Terms Flashcards Preview

Fundamentals of Information Systems Security > Chapter 3 Key Concepts and Terms > Flashcards

Flashcards in Chapter 3 Key Concepts and Terms Deck (85)
Loading flashcards...
1

Address resolution protocol (ARP) poisoning

When an attacker spoofs the MAC address of a targeted device by sending fake ARP resolution responses with a different MAC address.

2

Armored virus

Virus with hardened code that makes it difficult to reverse-engineer and build an antivirus from the malware.

3

Asset

Any item that has value.

4

Attack on availability

Impacts access or uptime to a critical system, application, or data.

5

Attack on IT assets

Penetration testing, unauthorized access, stolen passwords, deletion of data, etc.

6

Attack on people

Using deception to get another human to perform an action.

7

Attack

An attack on a system succeeds by exploiting a vulnerability in the system.

8

Backdoors

Hidden access methods left by developers so they can access the system again without struggling with security controls.

9

Between-the-lines wiretapping

Does not alter the messages sent by legitimate users, but inserts additional messages into the communication line when the legitimate user pauses.

10

Birthday attacks

A type of cryptographic attack that is used to make brute-force attack of one-way hashes easier.

11

Black-hat hacker

Will try to break IT security and gain access to systems with no authorization to prove technical prowess.

12

Botnet

A bunch of internet-connected computers under the control of a remote hacker.

13

Browser or URL hijacking

The user is directed to a different website than what they requested, usually a fake page the attacker created.

14

Brute-force password attack

Attacker tries different passwords until one of them is successful.

15

Christmas (Xmas) attack

Sending advanced TCP packets with flags set to confuse IP routers and network border routers with TCP header bits set to 1, lighting the IP router up like a Christmas tree.

16

Cookie

A text file containing details gleaned from past visits to a website. Stored in cleartext.

17

Cracker

A hacker with hostile intent, sophisticated skills, and interests in financial gain.

18

Cryptolocker

A specific form of ransomware that encrypts local files or data until the victim pays a ransom to obtain the decryption keys.

19

Denial of Service (DoS)

An attack that results in downtime or inability of a user to access a system by impacting the availability.

20

Dictionary password attack

A simple attack that relies on users making poor passwords. A password-cracker program takes a dictionary file and attempts to log on by entering each dictionary entry as a password.

21

Disclosure threats

Occurs when unauthorized users access private or confidential information that is stored in a network resource while it is in transit between network resources.

22

Distributed denial of service (DDoS)

A type of DoS attack that also impacts a user's ability to access a system by overloading the computer and preventing legitimate users from gaining access.

23

DNS poisoning

Pharming that poisons a domain name server.

24

Downtime

The time during which a service is not available due to a failure or maintenance.

25

Espionage

The act of spying to obtain secret information, typically to aid another nation state.

26

Exploit software

An application that incorporates known software vulnerabilities, data, and scripted commands to exploit a weakness in a computer system or IP host device.

27

Exploit

Something a hacker can do once a vulnerability is found.

28

Fabrications

The creation of some deception to trick unsuspecting users.

29

Flooding attacks

Overwhelm the victim's CPU, memory, or network resources by sending large numbers of useless requests to the machine.

30

Gray-hat hackers

A hacker with average abilities who may one day become a black or white hat hacker.