Security - Chapter 17 Flashcards
1
Q
A system that monitors network use for potential hacking attempts. Such a system may take preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel.
A
Intrusion detection systems
2
Q
An attack where a firm’s computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site’s use. These attacks are often performed via botnets.
A
distributed denial of service (DDoS)
3
Q
A seemingly tempting, but bogus target meant to draw hacking attempts. By monitoring infiltration attempts against a these, organizations may gain insight into the identity of hackers and their techniques, and they can share this with partners and law enforcement.
A
honeypots
4
Q
A two key system used for securing electronic transmissions. One key distributed publicly is used to encrypt (lock) data, but it cannot unlock data. Unlocking can only be performed with the private key. The private key also cannot be reverse engineered from the public key. By distributing public keys, but keeping the private key, Internet services can ensure transmissions to their site are secure.
A
public key encryption
5
Q
A term that may, depending on the context, refer to either 1) breaking into a computer system, or 2) a particularly clever solution.
A
hack
6
Q
Those scrambled character images that many sites require to submit some sort of entry (account setup, ticket buying) and are meant to be a Turing Test—a test to distinguish if a task is being performed by a computer or a human.
A
CAPTCHAs
An acronym for Completely Automated Public Turing Test to Tell Computers and Humans Apart
7
Q
A term that, depending on the context, may be applied to either 1) someone who breaks into computer systems, or 2) to a particularly clever programmer.
A
hacker
8
Q
Criminals that purchase assets from data harvesters to be used for illegal financial gain. Actions may include using stolen credit card numbers to purchase goods, creating fake accounts via identity fraud, and more.
A
cash-out fraudsters
9
Q
Scrambling data using a code or formula, known as a cipher, such that it is hidden from those who do not have the unlocking key.
A
encryption
10
Q
Attacks that are so new that they haven’t been clearly identified, and so they haven’t made it into security screening systems.
A
zero-day exploits
11
Q
Highly restrictive programs that permit communication only with approved entities and/or in an approved manner.
A
whitelists
12
Q
Programs that deny the entry or exit of specific IP addresses, products, Internet domains, and other communication restrictions.
A
blacklists
13
Q
A trusted third party that provides authentication services in public key encryption schemes.
A
certificate authority
14
Q
A con executed using technology, typically targeted at acquiring sensitive information or tricking someone into installing malicious software.
A
Phishing
15
Q
Term used in security to refer to forging or disguising the origin or identity. E-mail transmissions and packets that have been altered to seem as if they came from another source are referred to as this.
A
spoofed
16
Q
An attack that exhausts all possible password combinations in order to break into an account. The larger and more complicated a password or key, the longer this type of attack will take.
A
brute-force attack
17
Q
Someone who uncovers computer weaknesses without exploiting them. Their goal is to improve system security.
A
white hat hackers
18
Q
Code that unlocks encryption.
A
key
19
Q
When identity is proven by presenting more than one item for proof of credentials. Multiple factors often include a password and some other identifier such as a unique code sent via e-mail or mobile phone text, a biometric reading (e.g. fingerprint or iris scan), a swipe or tap card, or other form if identification
A
multi-factor authentication
20
Q
A protester seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage.
A
hacktivists
21
Q
black hat hackers
A
A computer criminal.
22
Q
Hordes of surreptitiously infiltrated computers, linked and controlled remotely, also known as zombie networks.
A
Botnets
23
Q
Combing through trash to identify valuable assets.
A
dumpster diving
24
Q
A system that acts as a control for network traffic, blocking unauthorized traffic while permitting acceptable use.
A
firewalls
25
Technologies that measure and analyze human body characteristics for identification or authentication. These might include fingerprint readers, retina scanners, voice and face recognition, and more.
Biometrics
26
Gaining compromising information through observation (as in looking over someone’s shoulder).
shoulder surfing
27
Cybercriminals who infiltrate systems and collect data for illegal resale.
data harvesters
28
honeypots
A seemingly tempting, but bogus target meant to draw hacking attempts. By monitoring infiltration attempts against a honeypot, organizations may gain insight into the identity of hackers and their techniques, and they can share this with partners and law enforcement.
29
Intrusion detection systems
A system that monitors network use for potential hacking attempts. Such a system may take preventative action to block, isolate, or identify attempted infiltration, and raise further alarms to warn security personnel.
30
distributed denial of service (DDoS)
An attack where a firm’s computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site’s use. DDoS attacks are often performed via botnets.
31
con games that trick employees into revealing information or performing other tasks that compromise a firm are known as
social engineering
32
Firms use information for what two purposes
Transactional purposes
| Analytical purposes
33
Transactional purposes firms use information for
Day-to-day operations
34
Analytical purposes firms use information for
Trend analyses, forecasts, and input generation for strategies that improve profit or long-term sustainability - compete on analytics
35
Major purpose of a database
To keep track of related information about more than one thing
36
public key encryption
A two key system used for securing electronic transmissions. One key distributed publicly is used to encrypt (lock) data, but it cannot unlock data. Unlocking can only be performed with the private key. The private key also cannot be reverse engineered from the public key. By distributing public keys, but keeping the private key, Internet services can ensure transmissions to their site are secure.
37
DBMS
Database Management Systems
38
The set of defenses put in place to counter threats to technology infrastructure and data resources
Security
39
The process of identifying and measuring information systems security risks, and devising the optimal risk mitigation strategy
IT Risk Managment
40
social engineering
con games that trick employees into revealing information or performing other tasks that compromise a firm are known as
41
What is the CIA triad?
Confidentiality - integrity - availability
| Fundamental conflict in security; balancing the three
42
If data cannot be seen by unauthorized people, its
Confidential
43
Involves ensuring the consistency, accuracy, and trustworthiness of data - data cannot be changed in transit and/or by unauthorized people
Integrity
44
If data can be accessed by people who should have access to it, it is appropriately ______.
Available
45
Why is it sometimes difficult to make the business case for security measures?
IT security risks are hard to assess in the absence of an attack
Security is a negative deliverable
Forward looking investment with hypothetical benefits
Recurring investment
IT departments have limited budgets
46
Integrity
Involves ensuring the consistency, accuracy, and trustworthiness of data - data cannot be changed in transit and/or by unauthorized people
47
Confidential
If data cannot be seen by unauthorized people
48
Security
The set of defenses put in place to counter threats to technology infrastructure and data resources
49
Available
If data can be accessed by people who should have access to it
50
If a firm stops investing in security and maintains the old defenses too long, then a harmful attack occurrence becomes a matter of when, rather than if
Recurring investment
51
IT Risk Managment
The process of identifying and measuring information systems security risks, and devising the optimal risk mitigation strategy
52
Designed to manage the trade-off between the degree of desired security and the investment necessary to achieve it
Cost/benefit analysis (CBA$
53
Cost benefit analysis (CBA) - security
Designed to manage the trade off between the degree of desired security and the investment necessary to achieve it
54
5 costly actions that a firm might need to engage in as a result of a data breach involving customer information
1. Investigation and remediation associated with the exploited vulnerability
2. Notification of the impacted consumers via mail
3. Identity theft and credit monitoring
4. Lost business
5. Lawsuits
55
Investigation and remediation associated with the exploited vulnerability
Figure out how data was stolen/compromised, and put in place safeguards/patches to prevent future exploits of the same vulnerability
56
Lost business as a result of a data breach involving customer information
Disruptions in normal business if services are down or denied, credit card companies may refuse to provide credit card service, lost business due to defecting customers
57
What are typical internal security threats
Careless, ignorant, or negligent behavior
| Intentional malicious behavior
58
3 ways to combat insider threats
User training, user activity/behavior monitoring, information security (formal) governance program
59
Attacks that exploit a vulnerability that a developer did not have time to address and patch
Zero-day (zero-hour, day-zero) attacks
60
Training (response to security threats)
Reduce ignorance and indifference
61
User activity and behavior monitoring (response to security threats)
Check compliance with polices
| Look for suspicious activities
62
Formal governance program (response to security threats)
Onboarding and "deboarding" procedures
Password standards
Statement of behaviors that individual employees should follow in order to minimize security risks
Statement of user rights and responsibilities, and of legitimate uses of portable devices
Periodic audits
63
Code designed into software programs to allow access to the application by circumventing password protection
In some cases, they are built in order to prevent high-level accounts such as admin accounts from being made inaccessible
Backdoors
64
Lying to and deceiving legitimate users
| Tricking them into divulging restricted information
Social engineering
65
Automated social engineering scams
-exposing individuals to official-sounding spam appearing to be from known/respectable/legitimate institutions that asks people to confirm private data in an effort to capture that data
Phishing
66
Phishing scams via SMS
Smishing
67
What are some common external threats to security (10)
```
Bugs (flaws) in the code
Heartbleed bug
Zero-day (zero-hour, day-zero) attacks
SQL injection attack
Trojan
Spyware
Virus
Worm
Denial of service attack (DoS)
Ransomware
```
68
Revealed on Apr 7, 2014 (been around for 2 years) discovered by Neel Mehta of Google Security
A fix was available at the time the bug was revealed
Vulnerability in OpenSSL - open source cryptographic software library forSSL/TLS encryption - provides security and privacy for communication over the internet
Vulnerable sites - Facebook, Yahoo, Pinterest, etc.
Heartbleed bug
69
A program that
- appears to provide useful functionality
- delivers a hidden, malicious payload, after installation (which could include backdoors for remote access and control)
Trojan
70
Smishing
Phishing scams via SMS
71
Code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field (such as a username or password login authentication fields) for execution (e.g. to dump the database contents to the attacker)
- in essence, this arises because the fields available for user input allow SQL statements to pass through unsanitized and query the database directly
- one of the most common application layer attack techniques
SQL Injection Attack
72
Sometimes can cause modules to freeze or malfunction, potentially weakening defenses
- in other cases, poorly implemented functions/modules/operations can create opportunities for exploits (e.g., exposure to SQL Injections, Heartbleed bug affecting OpenSSL)
- November 2017. Apple raced to fix MacOS High Sierra but that made it possible to log in without a password and gain administrator rights
Bugs (flaws) in the code
73
Social engineering
Lying to and deceiving legitimate users
| Tricking them into divulging restricted information
73
From the moment the software with the flaw was released until the patch is released (technically until users install the patch but some users may abandon a system that is known to be vulnerable once that is public information
"Zero day" vulnerability window
75
Bugs (flaws) in the code
Sometimes can cause modules to freeze or malfunction, potentially weakening defenses
- in other cases, poorly implemented functions/modules/operations can create opportunities for exploits (e.g., exposure to SQL Injections, Heartbleed bug affecting OpenSSL)
- November 2017. Apple raced to fix MacOS High Sierra but that made it possible to log in without a password and gain administrator rights
76
Phishing
Automated social engineering scams
-exposing individuals to official-sounding spam appearing to be from known/respectable/legitimate institutions that asks people to confirm private data in an effort to capture that data
77
SQL Injection Attack
Code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field (such as a username or password login authentication fields) for execution (e.g. to dump the database contents to the attacker)
- in essence, this arises because the fields available for user input allow SQL statements to pass through unsanitized and query the database directly
- one of the most common application layer attack techniques
78
Backdoors
Code designed into software programs to allow access to the application by circumventing password protection
In some cases, they are built in order to prevent high-level accounts such as admin accounts from being made inaccessible
80
* (SQL Select)
Select everything (all fields) from Table
83
Trojan
A program that
- appears to provide useful functionality
- delivers a hidden, malicious payload, after installation (which could include backdoors for remote access and control)
84
SSL
Secure socket layer
A technology that was developed to make secure communication possible
-the https:// encryption
85
About how many SQL injections attacks per day
Half a million
87
"Zero-day" vulnerability window
From the moment the software with the flaw was released until the patch is released (technically until users install the patch but some users may abandon a system that is known to be vulnerable once that is public information
88
Hidden software that
-monitors behavior, collects information, transfers information to a third party, performs unwanted operations
Diverts resources and often slows down the computer
Spyware
89
Spyware
Hidden software that
-monitors behavior, collects information, transfers information to a third party, performs unwanted operations
Diverts resources and often slows down the computer
90
Malicious code that spreads by attaching itself to (mostly executable) files that are part of legitimate installed programs
-usually needs human action to replicate and spread - running or copying the infected program/code (e.g., running an executable file, etc)
Virus
91
Virus
Malicious code that spreads by attaching itself to (mostly executable) files that are part of legitimate installed programs
-usually needs human action to replicate and spread - running or copying the infected program/code (e.g., running an executable file, etc)
92
Payload of a virus
Harmful set of actions performed after machine is infected
-damage may vary in severity from just some occasional pop-up messages to files being corrupted/deleted or entire systems being shut down
93
Self-replicating malicious code that exploits security holes in network software to spread across nodes in a network
Worm
94
Worm
Self-replicating malicious code that exploits security holes in network software to spread across nodes in a network
95
Unlike viruses, worms...
Do not usually attach to a file
Are standalone software programs that may self-replicate/spread without a host program or human action (e.g., send a copy of itself to everyone in the users' address book, replicate by exploiting network vulnerabilities)
96
Worm that attacked web servers running IIS
- installed back door and propagated 100 times over per infection
- patch issued by Microsoft on June 18, 2001
- worm struck on July 19, 2001 (a month after patch was made available)
Code Red
97
Code Red
Worm that attacked web servers running IIS
- installed back door and propagated 100 times over per infection
- patch issued by Microsoft on June 18, 2001
- worm struck on July 19, 2001 (a month after patch was made available)
98
Digital assault carried out over a computer network
Objective: concerted effort (often times using botnets) to overwhelm an online service with requests and slow it down or force it to shut down altogether
-can be used to divert attention to allow the attacker to exploit other security vulnerabilities
Denial-of-Service Attack (DoS)
99
Denial-of-Service Attack (DoS)
Digital assault carried out over a computer network
Objective: concerted effort (often times using botnets) to overwhelm an online service with requests and slow it down or force it to shut down altogether
-can be used to divert attention to allow the attacker to exploit other security vulnerabilities
100
Type of malware that restricts access to the infected computer system in some way (inability to log in or encryption of files), and requests that the user pays a ransom for the restrictions to be removed
- a lot of times in the form of a Trojan
- sometimes used as a distraction from more serious hacking
Ransomware
101
Ransomware
Type of malware that restricts access to the infected computer system in some way (inability to log in or encryption of files), and requests that the user pays a ransom for the restrictions to be removed
- a lot of times in the form of a Trojan
- sometimes used as a distraction from more serious hacking
102
Two examples of ransomware
```
CryptoLocker Trojan (later versions evolving to worm) - encrypted files on the affected system - demand ransom in the form of bitcoins
Cryptowall (Windows), KeRanger (OS X)
```
103
Web based attack platforms
- buy, lease, subscribe, or pay-as-you-go
- encrypted command and control channels
- web services for hosting phishing context
- browser engines designed for identity theft
- drive scanners to capture sellable data (email addresses, credit card details)
- typically used by low level criminals
Malware kits
104
Use multiple tools to guard against intrusion (a key security practice)
Defense in depth
105
The cornerstone of securing against intrusion is the
Use of passwords
106
These can be used to screen and manage traffic in and out of a computer network
Firewalls
107
This process scrambles content so that it is rendered unreadable
The encryption process
108
What is the response that IT professionals use to respond to malware (malicious code)
IT professionals install detection software (antivirus, anti spyware, etc)
109
Patch
Mitigation method
110
Seeks to compromise a computing system without permission
Malware (for malicious software)
111
Programs that infect other software or files. They require executable (a running program) to spread, attaching to other executables. They can spread via operating systems, programs, or the boot sector or auto-run Feature of media such as DVDs or USB drives. Some applications have executable languages (macros) that can also host these that run and spread when a file is open.
Viruses
112
Programs that take advantage of security vulnerability to automatically spread, but unlike viruses, they do not require an executable. Some scan for and install themselves on vulnerable systems with stunning speed (in an extreme example, the SQL Slammer infected 90 percent of vulnerable software within just ten minutes
Worms
113
Exploits that, like the mythical Trojan horse, try to sneak in by masquerading as something they're not. The payload is released when the user is duped into downloading and installing the malware cargo, oftentimes via phishing exploits
Trojans
114
Hordes of surreptitiously infected computers linked and controlled remotely by a central command
Botnets or zombie networks
115
Used in crimes where controlling many difficult-to-identify PCs is useful, such as when perpetrating click fraud, sending spam, executing "dictionary" password cracking attempts, or launching denial-of-service attacks
Botnets or zombie networks
116
Programs installed without full user consent or knowledge that later serve unwanted advertisements
Malicious adware
117
Software that surreptitiously monitors user actions, network traffic, or scans for files
Spyware
118
Type of spyware that records keystrokes. They can be either software based or hardware based, such as a recording "dongle" that is plugged in between a keyboard and a PC.
Keylogger
119
Variant of the keylogger approach. This category of software records the pixels that appear on a users screen for later playback in hopes of identifying proprietary information
Screen capture
120
A software program that secretly captures data from a swipe card's magnetic strip
Card Skimmer
121
Malicious code that scans computing memory (RAM, hard drives, or other storage) for sensitive data, often looking for patterns such as credit card or social security numbers
RAM scraping or storage scanning software
122
Malware that encrypts a users files (perhaps threatening to delete them), with demands that a user up to regain control of their data and/or device
Ransomware
123
Attacks combining multiple malware or hacking exploits
Blended threats
124
This technique zeros in on a sloppy programming practice where software developers don't validate user input
SQL injection technique
125
Software updates that plug existing holes
Patches
