Exam 1 Flashcards by Faith Mosemann

RFID

Radio frequency identification

How well did you know this?

Not at all

Perfectly

malicious software that performs illegal actions unanticipated by a user running the software. They are intended to yield financial benefits to the distributer of the software.

Crimeware (subclass of malware)

How well did you know this?

Not at all

Perfectly

Difference between hacker and cracker

Hacker is illegal

Cracker is illegal and looking for some type of gain

How well did you know this?

Not at all

Perfectly

malicious software. Used for adware and spyware and destructive viruses. Between the line of criminal and being malicious.

Malware (legal and illegal)

How well did you know this?

Not at all

Perfectly

HTTP

Hypertext transfer protocol

How well did you know this?

Not at all

Perfectly

Internet protocol

How well did you know this?

Not at all

Perfectly

After computers send out a query. all computers have data but it is distributed through a central machine. Central machine has list of what computers have, and then send specific query to that node. The content search is facilitated by (replicated) central servers. All participants of such networks know the whereabouts of these servers. And the services keep track of which user has which file and use this info to direct querying users to the IP (Internet Protocol) addresses of holders of the content they want. When receiving a reply from the server the querying peer can directly download the content from one or more sources.

Centralized P2P

How well did you know this?

Not at all

Perfectly

have peer to peer software. Can violate copyright property. Also target for malware. When a peer searches for a file, it sends a request with keywords to all nodes that it is connected (usually between four and seven). If they don’t have it, they forward it to the nodes they are connected too (hopcount)

Decentralized P2P

How well did you know this?

Not at all

Perfectly

each peer that sees the query decrements the number of hops before forwarding it, so when it reaches zero the query is dropped

In decentralized P2P

Hopcount

How well did you know this?

Not at all

Perfectly

Difference between decentralized and centralized P2P

Decentralized P2P send out a query with keywords to all nodes (between 4-7 nodes it is connected too). And hopcount

Centralized P2P: all participants know which user has a file

How well did you know this?

Not at all

Perfectly

Sending out a request from computers

Query

How well did you know this?

Not at all

Perfectly

Example of decentralized P2P. Hard to tell who started sharing software, etc. files are encrypted. Don’t know what you downloaded and there is no accountability

Freenet

How well did you know this?

Not at all

Perfectly

2 phases of P2P networks

Query and download phase

How well did you know this?

Not at all

Perfectly

The content search is facilitated by replicated central servers

Centralized P2P

How well did you know this?

Not at all

Perfectly

decentralized P2P, have to hop through computers to see if they have the software (or whatever) instead of a central machine.

Hopcount

How well did you know this?

Not at all

Perfectly

Defending against malware in P2P

rely on identifying malware through antivirus tools after the content has been download. Has shortcomings: an actual download of the entire file must occur (sandbox principle) and while antivirus software may prevent downloading the malware but it could still spread on the networks.

How well did you know this?

Not at all

Perfectly

Query phase protection

builds quarantine area on your computer to download the software and determine if it has malware. Problem: lack of updates to keep track of new malware or might not be able to identify malware.

The filtering must be done only with knowledge about information contained in query responses —query string itself, file name, size and IP address of the offering peer

Sandbox

How well did you know this?

Not at all

Perfectly

Scheme for human propagation:

Viral videos, games and fads

Referral to a location based on recommendation of peers. Cannot be stopped except by the human

How well did you know this?

Not at all

Perfectly

Common feature of infection vectors:

quickly draw immense numbers of people to the site, and are then forgotten. Ideal for spreading malware

How well did you know this?

Not at all

Perfectly

a compiled Java program that, when signed and authorized by a user, has more access to the user’s computer than standard parts of web pages such as JavaScript or HTML.

Applet

How well did you know this?

Not at all

Perfectly

allowed to install programs on the client’s computer because they are given more access to users’ computers in the belief that people will properly authenticate a signed applet by checking the certificate before running it. But most people don’t.

Signed applets

How well did you know this?

Not at all

Perfectly

Financial gain attacks

Spam, phishing and botnets

How well did you know this?

Not at all

Perfectly

These usually steal usernames and passwords for financial web sites

Trojans, worms and viruses

How well did you know this?

Not at all

Perfectly

attacks focused on obtaining financial returns in the context of RFID technology.

RFID crimeware

Radio frequency identification

How well did you know this?

Not at all

Perfectly

______ Could be small and have built-in login (microcontroller or state machine), a coupling element (analog front end with antenna) and memory (pre-masked or EEPROM)

RFID tags

Passive RFID tags

Contains auxiliary batteries on board

Active RFID tags

Example of back-end architecture is _____________ network Its consists of RFID tags, RFID readers, data filtering/correlation servers, object name (ONS) resolvers, and EPC Information Service (EPCIS) databases.

Electronic product code (EPC)

Used for commercial uses for asset tracking and supply chain management. Example of ____ is EZ-Pass, computer chip for lost house pets, etc.

RFID

Attack of RFID RFID tags are designed to be readable by any compliant reader.

Skimming

Attacks RFID tech for monitoring of individuals’ whereabouts and actions

Tracking

Under tracking for RFID attacks RFID tags with non-unique identifiers that enable tracking by recurring groups of tags that are associated with an individual

Constellations

Attacks produces unauthorized copies of legitimate RFID tags

Tag cloning

attackers use relay devices which intercept and retransmit RFID reader queries and/or RFID tag response, to carry out man-in-the-middle attacks on RFID deployments.

Relay attacks

using actively powered devices to emulate one or more RFID tags. By creating fake tag responses by synchronizing themselves with the querying RFID reader’s clock signal and then using a passive load resistor or actively transmitted sideband frequencies to send data to higher level RFID standards.

Tag spoofing

Attackers can exploit RFID systems by preventing either the RFID tags or back-end RFID middleware from functioning

Denial of service

Attackers can also use RFID malware—that is, traditional “hacking” attacks condensed down so that they fit onto (and can be launched from) RFID tags. 3 categories: exploits, worms and viruses

Malware

buffer overflows, code insertion and SQL injection attacks

RFID exploits

copies the original exploit to newly appearing RFID tags. RFID _____ use network connections to propagate, RFID _____ do not

RFID worms and viruses RFID tags. RFID worms use network connections to propagate, RFID viruses do not

Attacker models for RFID

Low-stakes, high-stakes and non traditional attackers

Robotically controlled network. A botnet consists of a network of compromised computers that attackers use to launch attacks and spread malware.

Botnet

DDoS An attack that uses ping or ICMP echo-request echo-replay messages to bring down the availability of a server or system. DDoS attacks initiate from more than one host device.

distributed denial-of-service (DDoS) via botnets attacks cause monetary losses and public embarrassment

RFID exploits that download and execute remote malware

RFID worms

RFID exploits that leverage back-end software to copy the original exploit to newly appearing RFID tags

RFID viruses

criminals wander the streets looking for exploitable RFID readers

RFID wardriving

RFID emulators to randomly send partially invalid RFID data to RFID middleware with the purpose of elucidating automated vulnerability

RFID fuzzing

Spammers do not earn money from product sales instead they earn it _____

other ways such as banner ads (paying the spammer per click)

encourages people to buy a certain stock to raise the price, so spammers can then sell it for a profit

Pump and dump stock schemes

may include high-level RFID/IT security policies, interorganizational security policies (i.e., EPCglobal), and high-level privacy policies for RFID-collected data.

Policy level controls

come in many forms, but primarily entail the use of other kinds of security controls to supplement those provided by RFID. Such as physical access control, random inspection and auditing

Procedural controls

NIST | RFID security guidelines

National Institute of Standards and Technology

Controls for RFID

Policy-level, procedural and technological controls

New tech for RFID security tools and techniques

Technological controls

What should system designers assume to be the weakest link in security

RFID

a trojan for mobile devices (not just smart-phone operating systems but any platform that used or implemented J2ME and MIDP/CLDC support) written in Java and executed within the J2ME environment. It would send premium-rate SMS messages causing the user fiscal loss and potentially leading to disputed billing with user’s carrier)

RedBrowser

allows attacker to have physical access to a device to install the application initially, and it typically focuses on logging call, SMS, and email data as opposed to keystrokes, web history, and content from the device.

Spyware

is the act of protecting information and the systems that store and process it. Information in any form needs to be protected.

ISS (information systems security)

Some type of life cycle process to reduce errors and make sure all requirements are considered. A framework of life cycle

COBIT (control objectives for Information and related technology).

A simplified ISS management life cycle using COBIT

[Align, Plan and organize] —>[Build, acquire, and implement]—>[Deliver, Service, and Support]—>[Monitor, evaluate and Assess]

A human-caused or natural event that could impact the system

Threat

A weakness in a system that can be exploited

Vulnerability

The likelihood or probability of an event and its impact

Risk

The practice of managing upgrades to an IT system, including understanding the impact of change and knowing how to recover if something goes wrong.

Change management

is a stated commitment to provide a specific service level.

Service level agreements (SLAs)

This is typically in the form of quality assurance (QA) and quality control (QC).

Self assessment

This consists of reports to the board of directors and assesses the business.

Internal audit

This is done by an outside firm hired by the company to validate internal audit work and perform special assessment, such as certifying annual financial statements.

External audit

This is an audit by government agencies that assess the company’s compliance with laws and regulations.

Regulator audit

True or false Information assurance (IA) includes information systems security

5 pillars of the IA model

confidentiality, Integrity, availability (CIA Triad), authentication and nonrepudiation (these two broaden it out to information assurance).

Pillar of the IA (information assurance) only authorized individuals are able to access info. Only people who “need to know” principle.

Confidentiality

A principle that restricts information access to only those users with an approved and valid requirement.

Need to know

Pillar of the IA (insurance assurance) model info has not been improperly changed. The data owner must approve any change to the data or approve the process by which the data changes.

Integrity

This pillar of the IA (insurance assurance) model Encryption ensures ____ and _____ is the pillars of the IA model

Integrity and confidentiality

A fine-grained granting of access to information resources, often facilitated through use of an application gateway. For example, an application can allow a user to approve a payment but limit the amount to less than $1,000.

Entitlement

A kind of detective, after-the-fact control that affords an organization opportunities to learn from its mistakes.

Quality control

A kind of preventive, before-the-fact control within an organization that prevents mistakes from happening.

Quality assurance

a concept and specific actions an organization takes to ensure compliance with its policies, processes, standards, and guidelines. _______ ensures compliance.

Governance

A term used with reference to an organization’s budget, to mean normal spending. Integrating the costs of governance into an organization’s BAU budget makes these costs seem like a normal operating expense rather than something exceptional.

Business as usual (BAÚ)

The development of a world economy held together by advanced technology for communications, transportation, and finance.

Globalization

_____ _______ provide assurance and confidence that rules are being followed

Good governance

An attack that attempts to cause fear or major disruptions in a society through attacking government computers, major companies, or key areas of the economy.

Cyberterrorism

Sovereign countries with their own national governments.

Nation states

Established rules of what an organization has to do to meet legal requirements. the day to day application (example: write the specific speed limit).

Regulations

Any rule prescribed under the authority of a government entity. Establishes legal thresholds. the legal basis for something (____ about having speed limits in general)

Law

The ability to reasonably ensure conformity and adherence to organization policies, standards, procedures, laws, and regulations. looks at regulation and someone’s performance and compares the too. (example: police officer enforcing speed limit)

Compliance

A person who buys stock in a company (investor).

Shareholder

The laws that set expectations on how your personal information should be protected and limits place on how the data should be shared.

Data privacy

Established rules on how consumers and their information should be handled during an e-commerce transaction.

Consumer rights

In e-commerce, broadly deals with how personal information is handled and what it used for.

Personal privacy

requires government agencies to adopt a common set of information security standards. _____ creates mandatory requirements to ensure the integrity, confidentiality, and availability of data.

FISMA (Federal Information Security Management Act)

is responsible for developing FISMA mandated information security standards and procedures.

The National Institute of Standards and Technology (NIST)

They will apply the standard to the government agencies to see if it complies.

Office of management and budget (OMB)

Congress —>law -FISMA NIST —>standard –(SP) 800 series (the law said they had to do it. They create the standards) Agencies [i.e. DOJ, DHHS, etc] —>policies and procedures (must implement the standards) Contractors —>compliance records to agency OMB —>Audit – M-10-15 (they check up to see if the standard is met)

FISMA (federal information security management act) compliance process

individuals should know what information about them is being collected

Full disclosure

only the data needed for the transaction should be collected

Limited use of personal data

asking permission on how personal information can be used

Opt in/opt out

expectations on how personal information should be protected and limits placed on how the data should be shared.

Data privacy

make an informed judgment

Informed consent

an organization has an obligation to the general public beyond its self-interest (no definition for self-interest)

Public interest

identifies the type of information handled, now data passes to the systems and special attention to national security systems. (to determine value of data)

Inventory

NIST outline approach to classify risk. They outline how to map risk level to computer systems and information

Categorize by risk level

how these controls are documented and approved (example: username and password)

Security controls

there is always risk therefore you need security. Look at information and asset it from a risk perspective. Risk drives security

Risk assessment

NIST standards require a formal security plan

System security plan

The 800 séries standard accountability (OMB)

Certification and accreditation

looking at new threats, etc. all certified accredited systems must be continuously monitored.

Continuous monitoring

) written in 1996 (more about the portability of information such as passing down health records). It defines someone’s health record as protected health information. Digital and physical paper copies. This helps to protect health information from companies, so they won’t be biased with who they hire. Employment decisions based on medical records ie Titan-self-insured. Effectively applies to everyone

Health Insurance Portability and Accountability Act (HIPAA)

1999, not focused on technology. Repeal existing laws so financial services such as banks and investments companies could merge also has costumer security information.

GLBA (Gramm-Leach-Bliley Act)

law that is enforced by regulators, publishes booklets of what type of computer security policies and controls be in place for an institution or company compliant with GLBA

FFIEC (Federal Financial Institutions Examination Council):

An organization that developed a framework for validating internal controls and managing enterprise risks; focuses on financial operations and risk management.

COSO (Committee of sponsoring organizations)

widely accepted framework that brings together business and control requirements with technical issues.

Control Objectives for Information and related Technology (COBIT)

1974 Applies to educational institutions such as college and universities Education records as any information related to the educational process that can uniquely identify the student For higher level education (college or university)

Family education rights and privacy act (FERPA)

FERPA the school must post its FERPA security policies (must specifically opt in/opt out, they must let you know what information is being collected and why)

Awareness (full disclosure)

FERPA have recorded permission to share (opt in)

Permission

FERPA the school decides what can be directory information (name, address, telephone, etc. (But must provide the student with a chance to opt out)

Directory information

FERPA share information without permission for legitimate education evaluation reasons

Exclusions

In the year 2000 Schools and libraries that receive federal funding that they must block pornographic and explicit sexual material on their computers

CIPA (Children’s internet protection act)

CIPA must post its CIPA security policies

Awareness

CIPA only the targeted material intended by CIPA is blocked

Internet filters

CIPA must be a filter to be unblocked or disabled for adults who request blocked sites (Opt out)

Unblocking

CIPA children must be provided education on Internet safety and on cyberbullying and how to respond

Education

A worldwide information security standard that describes how to protect credit card information. If you accept Visa, MasterCard, or American Express, you are required to follow ____ _____

Payment card industry data security standard (PCI DSS)

3 basic elements of motivation

Pride, self interest and success

Laying off employees or down-sizing to save money.

Reduction in force

refers to social personality traits such as the ability to communicate. Mastering these are essential to influencing others

Soft skills

refers to the skills you are comfortable with to achieve a predictable outcome.

Safe zone

referring to individuals who have an interest in the success of security policies.

Stakeholder

Personality type come across at best as impolite, at worst rude and abrupt. Can break through barriers that have prevented past success

Commanders

Personality type uncomfortable with structure and deadlines, helpful with their creativity and thinking out of the box.

Drifters

Personality type are critical of others’ ideas and are egotistical. Can also take on very unpopular tasks

Attackers

Personality type Shy away from enforcing rules that offend others. Promote the concept of collaboration and teamwork

Pleasers

Personality type may not be the highest producer and may be in the habit of self-promotion. Often excellent public speakers and can establish new relationships

Performers

Personality type will do precisely what’s asked of them but not much more. Very dependable and their work quality is consistent

Avoiders

Personality type may not be the best at understanding human dynamics, so working with customers and emotions may be a problem. Very comfortable with lots of information and have the ability to analyze issues and evaluate different types of risks

Analyticals

Personality type genuinely want the best result and may seek different ways to achieve it (often impatience with no/little progress). Make good leaders

Achievers

The person within an organization responsible for securing anything related to digital information; this person often has a role in ensuring the organization’s compliance with the information security provisions of laws such as the Gramm-Leach-Bliley Act. Sometimes referred to simply as information security officer (ISO).

Chief information security officer (CISO)

HR Establishes a baseline of permitted behavior, including the acceptable use of company technology

HR policy and values

HR support Promotes understanding of security policies

Security awareness

HR support Allows departing employees to express how effective security controls are in enabling or inhibiting employee productivity; this candid expression allows for the continued improvement of security policies

Exit interview

HR support Allows a broader understanding of how effective security policies have been implemented

Event monitoring

HR support Provides a process to adjust behavior to align with security policy expectations

Disciplinary action

HR policy Provides authority for establishing security controls

Source of authority

a collection of individual policies covering different aspects of the organization’s information security.

security policy

Change model 8 terms in 2 sections

Build security policy: 1) create urgency, 2) form a powerful coalition (leadership/authority), 3) create a vision for change Implement security policy 4) communicate the vision, 5) remove obstacles, 6) create short term wins, 7) build on the change and 8) anchor the changes in corporate culture (habit)

People within an organization whose responsibility it is to offer an opinion on the soundness and impact of security policy. ____ _____ often work in the areas of internal audit or operational risk, or the compliance or legal departments of their organizations. Examples: internal auditors, operational risk managers, compliance officers and legal professionals

Control partners

The individual accountable for identifying, developing, and implementing security policies. The _____ is also accountable for ensuring that corresponding security controls are designed and implemented.

Information security officer (ISO)

A senior business leader accountable for approving security policy implementation. An ______ is also responsible for driving the security message within an organization and ensuring the security policy implementation is given appropriate priority.

Executive

An individual accountable for monitoring adherence to laws and regulations.

Compliance officer

someone who approves user access rights to information that is needed to perform day-to-day operations is granted

Data owner

An individual typically responsible for establishing procedures on how data should be handled and ensure data is properly classified.

Data manager

An individual responsible for the day-to-day maintenance of data. ____ _____ back up and recover data as needed and they grant access based on approval from the data owner

Data custodian

The end user of an application. _______ are accountable for handling data appropriately by understanding security policies and following approved processes and procedures.

Data users

An individual accountable for assessing the design and effectiveness of security policies. An ______ can be internal or external to the organization.

Auditor

A term used to refer to the large number of networked devices (e.g., personal items, home appliances, cloud services, vehicles, etc.) that can now connect to the Internet.

IoT (Internet of things)

A collection of communication protocols and technologies to deliver voice communication and sessions over IP networks. Real-time voice communications between people

Voice over IP (VoIP)

Instant messenger for real-time chat messaging. A session initiation protocol (SIP) application supporting one-to-one or one-to-many real-time chat. Examples include AOL IM, Yahoo! Messenger, and Google Talk.

IM chat

Real-time ___ conference calling among multiple people. A software application that uses voice over IP (VoIP) that lets two or more speakers have a conversation over their computers rather than using a telephone

Audio conferencing

Real-time ____ conference calling among multiple people. An application that supports bridging callers and their webcam images into a common video conference.

Video conferencing

Real-time document sharing and editing with audio and video conference calling among multiple remote people. A software-based application like WebEx that supports audio conferencing and sharing of documents (text, spreadsheets, presentations, etc.) for realtime discussions with team members or colleagues.

Collaboration

Audio recordings, pictures, videos for social media uploading and sharing. Any digitally recorded or captured audio, video, or image file.

Digital media

5 challenges for IoT

Security, privacy, interoperability, legal and regulatory compliance and emerging social and economic issues

A control such as a policy, procedure, and physical thing like a gate that is used to protect something from risks, threats, or vulnerabilities.

Security

The protection of individual rights to non-disclosure.

Privacy

A term used to describe computers, devices, or applications that can be configured to work together.

Interoperability

A technology that exchanges data through a wireless connection between a reader and a tag attached to a product to track the movement of the product.

Radio frequency identification (RFID)

A model of software deployment or service where customers use applications on demand.

Software as a service (SaaS)

Refers to the strategies used to make a site more browser-friendly.

Search engine optimization (SEO)

A communication method in which messages are sent directly to the recipient immediately (in real time).

Real time communications

The technique of relaying communications between two or more users by intermediate storage. Delivery from sender to a central storage is immediate, but the final transmission to the recipient depends upon availability and a request for the stored information. Examples: voicemail and email

Store and forward communications

The storage of fax, email, and voice communications in a single location.

Unified messaging (UM)

A term used to describe an online storefront for consumers to purchase goods and services directly. An example of a B2C site is http://www.amazon.com.

Business to consumer (B2C)

A new technology offering a solution that is hosted by a third-party vendor typically within a cloud infrastructure. By hosting within a cloud infrastructure, a one-to-many delivery solution can be supported. This type of delivery solution allows for a recurring revenue model where the customer pays a monthly fee for the use of the technology, hardware, or software solution.

Anything as a service (AaaS)

A term used to describe a business that builds online systems with links for conducting business-to-business transactions, usually for integrated supply-chain purchases and deliveries.

Business to business (B2B)

E-commerce systems and applications demand strict

CIA (confidentiality, integrity and availability)

The requirement to keep information private or secret.

Confidentiality

The validity of information or data. Data with high ____ has not been altered or modified.

Integrity

A mathematical formula that quantifies the amount of uptime for a system compared to the amount of downtime. Usually displayed as a ratio or percentage in a given calendar month.

Availability

A standard, not a compliance law, for merchants and service providers regarding safeguarding the processing, storage, and transmission of cardholder data.

Payment card industry data security standard (PCI DSS)

A handheld device that acts as a mobile computer device supporting cell phone, Internet browsing, and email.

Personal digital assistant (PDA)

An organizational policy of allowing or even encouraging employees, contractors, and others to connect their own personal equipment to the corporate network; this offers cost savings but requires proper security controls, policies, and procedures.

Bring your own device (BYOD)

Issues with mobile devices (3)

Network speed, usability and security

A protocol for allowing mobile devices to transparently switch LAN segments.

Mobile IP

A popular suite of protocols that operate at both the Network and Transport Layer of the OSI Reference Model. TCP/IP governs all activity across the Internet and through most corporate and home networks.

Transmission Control Protocol/internet protocol (TCP/IP)

A term used to describe the date by which the vendor or manufacturer ceases to support and provide software updates and patches for a product or software application.

end of life (EOL)

Data about an individual that contains no information that could be linked to a specific individual’s identity (e.g., name, address, date of birth, etc.).

De-identified data

What is the greatest challenge for IoT

Security

A standards organization that develops and promotes Internet standards.

Internet engineering task force (IETF)

A U.S. federal law requiring health care institutions and insurance providers to protect patients’ private data and have proper security controls in place.

Health insurance portability and accountability act (HIPAA)

A U.S. federal law that protects the private data of students, including their transcripts and grades, with which K–12 and higher-education institutions must comply.

Family educational rights and privacy act (FERPA)

A U.S. federal law that requires U.S. government agencies to protect citizens’ private data and have proper security controls in place.

Federal information security management act (FISMA)

An interagency body of five U.S. regulatory agencies that exist to “promote uniformity and consistency in the supervision of financial institutions.”

Federal financial institutions examination council (FFIEC)

Software designed to infiltrate one or more target computers and follow an attacker’s instructions. Also called malware. Perform operations that you, the user do not intend

Malicious software

Malware attacks what 3 information security properties:

Confidentiality, integrity and availability

True or false All viruses are malware but not all malware are viruses

True

A software program that attaches itself to or copies itself into another program for the purpose of causing the computer to follow instructions that were intended by the original program developer.

Virus

An undocumented and often unauthorized access method to a computer resource that bypasses normal access controls.

Backdoor

A type of virus that targets key hardware and system software components in a computer, and is usually associated with system startup processes.

System infector

A type of virus that primarily infects executable programs.

File infector

A type of virus that attacks document files containing embedded macro programming capabilities.

Data infector

A type of virus that infects other files and spreads in multiple ways.

Multipartite vírus

a virus that attaches itself to a document that uses macros. A ____ is a short series of commands that usually automates repetitive tasks. .docm

Macro vírus

Viruses mostly use this language to provide the power and flexibility

C and C++

A type of malware that includes a separate encryption engine that stores the virus body in encrypted format while duplicating the main body of the virus.

Polymorphic vírus

A type of virus that uses a number of techniques to conceal itself from the user or detection software.

Stealth virus

A virus that counters the ability of antivirus programs to detect changes in infected files, slowing down the detection of the virus.

Slow virus

A virus that attacks countermeasures such as antivirus signature files or integrity databases.

Retrô vírus

Viruses that are harmful on more than one platform or operating system, such as a virus effective on both Linux and Windows.

Cross-platform vírus

Malicious computer software that takes over a system, encrypting files with a secret key rendering them inaccessible to the legitimate user until he or she pays a ransom.

Ransomware

backup not connected to the computer or cloud.

Air gap backup

Unwanted email or unsolicited messages.

Spam

A self-replicating piece of malicious software that can spread from device to device. Can be in a virus but the ____ is malware not a virus

Worm

A malicious software code that appears benign to the user but actually performs a task on behalf of a perpetrator with malicious intent. Largest class of malware

Trojan

A piece of code designed to cause harm, intentionally inserted into a software system to be activated by some predetermined trigger.

Logic bomb

Refers to components, primarily on websites, that provide functionality to interact with users.

Active content

Companion programs that work with your web browser.

Browser add-ons

Exam 1 Flashcards

(216 cards)