79 terms

ITGS Chapter 5 - Security

Key terms for the ITGS topic 'Security', including security risks, biometrics, and encryption. These relate to chapter 5 of the textbook (www.itgstextbook.com).
STUDY
PLAY
access levels
Settings that determine who can access an item and what they can do with it (read, write, delete). Applies to files, folders and databases among other things.
anti-virus
Software to detect and remove viruses and other malware.
asymmetric key encryption
Encryption system in which two keys are used: a public key used only to encrypt data, and a private key used only to decrypt it.
authentication
Establishing a user's identity.
backdoor
Method of bypassing security in a system, built in by the system designers.
biometric enrolment
Process of registering a user for a biometric system by taking an initial sample.
biometric template
Measurements taken from a biometric sample.
biometrics
Use of fingerprints, retina scans, or other body features as an authentication mechanism.
botnet
Group of zombie computers under the control of a criminal.
brute force attack
Attempt to break a password by trying all possible combinations of letters, numbers, and symbols.
CAPTCHA
"Scribble text" displayed as an image, which the user must type in to verify that they are a person.
Certificate Authority
Organisation that issues digital certificates to individuals and companies.
ciphertext
Result of encrypting plaintext.
Computer Misuse Act
UK law governing criminal offences committed using a computer.
cracking
Gaining illegal access to a computer system
DDoS
Denial of service attack committed using dozens of computers, usually zombies on a botnet.
denial of service attack
Flooding a computer system with data so that it cannot respond to genuine users.
dictionary attack
Attempt to break a password by trying all possible words.
digital signatures
Technique used to authenticate remote users, such as online shopping businesses.
Distributed Denial of Service attack
Denial of service attack committed using dozens of computers, usually zombies on a botnet.
DNS poisoning
Technique used by criminals to alter DNS records and drive users to fake sites, to committing phishing.
DoS
Flooding a computer system with data so that it cannot respond to genuine users.
Drive-by download
Program which automatically downloads when a user visits a web page, usually without their knowledge or consent.
encryption
System of encoding plaintext so that it cannot be understood with access to an encryption key.
encryption key
Used to encrypt and decrypt data.
EV SSL
Extended Validation SSL. Digital certificate validation technique used on the world wide web.
false negative
When a system incorrectly rejects an action instead of accepting it.
false positive
When a system incorrectly accepts an action instead of rejecting it.
full disk encryption
System that encrypts all data saved to a hard disk automatically and transparently.
hacking
Gaining illegal access to a computer system
home directory
Directory that contains a users personal files.
https
Protocol used to send web pages securely over the Internet.
identity theft
Stealing personal data in order to impersonate a person.
key escrow
Idea of having encryption keys stored by a third party company so the government can access them if needed.
key logger
Software or hardware which records all key strokes on a computer system.
key pair
A public key and private key that work together in a public encryption system.
macro virus
Virus that takes advantage of the macro programming languages built into some software.
malware
Generic name for malicious software
Multi-factor authentication
Use of several authentication techniques together, such as passwords and security tokens.
one time password
Password generated by a security token, which expires as soon as it is used.
packet sniffer
Software or hardware used to collect data travelling over a network.
passphrase
Word or phrase used to authenticate a user.
password
Word or phrase used to authenticate a user.
pharming
Technique used by criminals to alter DNS records and drive users to fake sites, to committing phishing.
phishing
Use of fake emails and web sites to trick users into revealing sensitive data.
physical security
Locks, alarms, and other techniques used to securely a building or computer room.
plaintext
Message before it is encrypted, or after it has been decrypted.
private key
Key used for decryption in a public key encryption system.
public key
Key used for encryption in a public key encryption system.
public key encryption
Encryption system in which two keys are used: a public key used only to encrypt data, and a private key used only to decrypt it.
root user
User will full control over a computer system.
rootkit
Type of malware which infiltrates the operating system and attempts to hide itself from view.
secret key encryption
Encryption system in which a single key is used for both encryption and decryption.
Secure Socket Layer
System used to encrypt https web traffic.
security token
Hardware device that must be present during login to authenticate a user.
security update
Software update to fix a security problem discovered in software.
smishing
Phishing attacks committed using text messages (SMS).
social engineering
Tricking a user into revealing their password or other sensitive data.
spam
Unwanted, bulk email.
spam bot
Program that scans web pages for email address, in order to send spam.
spam filters
Program designed to identify and block spam messages while letting genuine messages through.
spyware
Malware which covertly records a user's actions, such as their key presses.
SSL
System used to encrypt https web traffic.
symmetric key encryption
Encryption system in which a single key is used for both encryption and decryption.
system administrator
Personal in overall charge of a computer system in an organisation.
TLS
System used to encrypt https web traffic.
Transport Layer Security
System used to encrypt https web traffic.
trojan horse
Malware which pretends to be a genuinely useful program to trick the user into using it.
unauthorised access
Gaining illegal access to a computer system
Virus
Computer program which damages files and data spreads when infected programs are copied.
virus definition file
Used by anti-virus programs to recognise known viruses.
vishing
Phishing attacks committed using telephone calls or VoIP systems.
vulnerability scanner
Software to scan a system for potential security problems.
web bug
Technique used by spammers to detect if an email address is valid or not.
WEP
Wired Equivalence Protocol. Wireless network encryption system.
worm
Malicious software which replicates itself and spreads between computer systems and over networks.
WPA
Wireless Protected Access. Wireless network encryption system.
WPA2
Wireless Protected Access 2. Wireless network encryption system.
zombie
Computer which has been compromised by malware and is part of a botnet.