Exam 1 Review (Module 1-3) Flashcards
(34 cards)
What are the three security goals?
Confidentiality, Integrity, Availability
people cannot read sensitive information, either while it is on a computer or while it is travelling across the network
Confidentiality
Means that attackers cannot change or destroy information, either while it is travelling across a network. Or, at least, if information is changed or destroyed, then the receiver can detect the change or restore destroyed data
Integrity
Means that people who are authorized to use information are not prevented from doing so
Availability
Successful attacks
Also called incidents
Also called breaches
Compromises
Tools used to thwart attacks
Also called safeguards, protections, and controls
Counter measures
an attack that involves sending modified SQL statements to a web application that will, in turn, modify a database.
SQL injection
A shared key for encryption and decryption
Symmetric
Repeatedly guessing the password/key
Brute force attack
Have knowledge of internal systems
Have permissions to access systems
Often know how to avoid detection
Generally are trusted
Ways employees and ex-employees are dangerous
generic name for any “evil software”
Malware
programs that attach themselves to legitimate programs on the victim’s machine
Spread today primarily by e-mail
Also by instant messaging, file transfers, etc.
Viruses
do not attach themselves to other programs; can spread by email, instant messaging, and file transfers
worms
worms that spread extremely rapidly because they do not have to wait for users to act
Direct-propagation worms
Motivated by thrill, validation of skills, sense of power
Motivated to increase reputation among other hackers
Often do damage as a byproduct
Engage in petty crime
Traditional Hackers
Call and ask for passwords and other confidential information
Email attack messages with attractive subjects
Piggybacking
Shoulder surfing
Pretexting
Often successful because it focuses on human weaknesses instead of technological weaknesses
Social engineering hacking
Makes prosecution difficult
Dupe citizens of a country into being transshippers of fraudulently purchased goods to the attacker in another country
These are examples of…
Cybercrimes
Using black market forums (stealing credit card numbers and identity information,vulnerabilities, Exploit software (often with update contracts) are used by …
Cybercriminals
Attacks on confidentiality
Public information gathering
Commercial Espionage
May only be litigated if a company has provided reasonable protection for those secrets
Reasonableness reflects the sensitivity of the secret and industry security practices
Trade secret espionage
-Trade secret theft approaches
-Theft through interception, hacking, and other traditional cybercrimes
-Bribe an employee
-Hire your ex-employee and solicit or accept trade secrets
These are examples of…
Commercial Espionage
-Attacks on availability
-Rare, but can be devastating
Denial-of-Service Attacks by Competitors
Attacks by national governments
cyberwar
attacks by organized terrorists
cyberterror
