Study sets, textbooks, questions
Upgrade to remove ads
Information Systems Chapter 3
Terms in this set (108)
An organization's assets can include the following...
IT and network infrastructure, intellectual property, finances and financial data, service availability and productivity, and reputation
What is IT and network infrastructure?
Hardware, software, and services.
What is Intellectual property?
Sensitive data like patens, source code, formulas, or engineering plans.
Finances and financial data?
Bank accounts, credit card data, and financial transaction data.
Service availability and productivity?
The ability of computing services and software to support productivity for humans and machinery.
Corporate compliance and brand image.
In an IT and network infrastructure...
Hardware and software are key pieces of any organization's infrastructure.
Components of an IT infrastructure's domain may ....
connect to a network or to the Internet, and can be vulnerable to malicious attacks.
What are the 7 domains of a typical IT infrastructure?
User Domain, Workstation Domain, LAN Domain, LAN-to-WAN Domain, Remote Access Domain, WAN Domain, and System/Application Domain.
Hardware and software are damaged by malicious attacks such as....
Trojan horses or worms
The ease of access makes assets that are connected to the...
Internet the most common first point of attack. That means you should put your most valuable assets deep inside of your IT infrastructure. This allows for a layered security defense.
Electronic data interchange ...numbers
Automated clearing house....transactions used for electronic payments or transfer of funds.
Typically, malicious attacks are targeted
on the User, Workstation, LAN, and LAN-to-WAN Domains.
Define opportunity cost
the amount of money a company loses due to downtime.
True downtime cost
Usually measures the loss of productivity experienced by an organization due to downtime.
The opportunity cost of unintentional downtime is...
usually much higher than the opportunity cost of intentional downtime.
Estimated yearly cost of dealing with cybercrime and malicious attacks?
~ $1 trillion
Tries to break IT security and gain access to systems with no authorization, in order to prove technical prowess. Usually use special software tools to exploit vulnerabilities. They like to poke holes in systems, but do not attempt to disclose vulnerabilities they find to the administrators of those systems. They tend to promote the free and open use of computing resources as opposed to the notion of security. In it for the fun or to exploit.
White-hat hackers or Ethical hacker
An information systems security professional who has authorization to identify vulnerabilities and perform penetration testing.
Gray-hat hackers (wannabe)
Is a hacker with average abilities who may one day become a black-hat hackers, but could also opt to become a white-hat hacker. (Different people use this term in different ways)
Hackers are different from....
crackers. A cracker has a hostile intent, possesses sophisticated skills, and may be interested in financial gain. Crackers represent the greatest threat to networks and information resources.
A person with little or no skill. Just follows directions or uses a cookbook to carry out a cyber attack.
Name examples of hardware and software tools to perform an actual attack.
Protocol analyzers, port scanners, OS fingerprint scanners, Vulnerability scanners, Exploit software, Wardialers, Password crackers, Keystroke loggers.
(or packet sniffer) is a software program that enables a computer to monitor and capture network traffic. Can be either a wired LAN or wireless LAN. Using this, attackers can capture passwords, and cleartext data. They can come in both hardware versions, software versions, or a combination of both. Can operate in promiscuous mode.
Means it is nonintrusive and does not generate network traffic. This means every data packet is captures and can be seen by the sniffer. Sniffers then decode the frame and IP data packet allowing you to see data in cleartext if it has not been encrypted.
A tool used to scan IP host devices for open ports that have been enabled. A port is like a channel selector switch in the IP packet. Request for Comment (RFC) 1700 defines IP port numbers and their associated services.
HTTP for web traffic
File Transfer Protocol (FTP)
Assigned Numbers Authority
Operating System (OS) fingerprint scanner
a software program that allows an attacker to send logon packets to an IP host device. These logon packets mimic various operating systems used in workstations, servers, and network devices. When an IP host device responds to these logon packets, then the OS fingerprint scanner can guess what operating system is installed on the device. Once an attacker knows what OS and version is installed, it is possible to find known software vulnerabilities and exploits.
is a software program that is used to identify and detect what operating system and software is installed on an IP host device such as a computer server or router. With this, a vulnerability scanner compares known software vulnerabilities in its database with what it has just found. The scanner works by sending OF fingerprint messages and requests for logon to various operating systems. When the scanner identifies the operating system, it examines the known software vulnerabilities list to see if there is a match. IT examines the known software vulnerabilities and prioritizes them as critical, major, or minor.
an application that incorporates known software vulnerabilities, data, and scripted commands to "exploit" a weakness in a computer system or IP host device.
Intrusive penetration testing
generates malicious network traffic. It is what a black-hat or white-hat hacker performs to penetrate a computer system or IP host device.
Tries to connect to modem. are becoming more archaic and less often used given the rise of digital telephony and now IP telephony or Voice over IP (VoIP). Prior to VoIP, attackers would use wardialers to gain access to PBX phone systems in a n attempt to obtain dial tone or international dialing capability to commit toll fraud. Would also use wardialer to identify analog modem signals and gain access to the remote system within an IT infrastructure. It is essentially a computer program that dials telephone numbers, looking for a computer on the other end. Successfully connecting to a computer using a modem makes it possible to access the rest of the organization's network.
a software program that performs one of two functions: brute-force password attack, trying every possible character combination until it succeeds. Dictionary attacks are a subset of brute-force attacks.
Dictionary password attack
hackers try shorter and simpler combinations, including actual words because such passwords are so common.
A type of surveillance software or hardware that can record every keystroke a user makes with a keyboard to a log file. Can then receive mechanically. Employers might use keystroke loggers to ensure that employees use work computers for business purposes only. However, spyware can also embed keystroke logger software, enabling it to transmit information to an unknown third party.
Keystroke logger (hardware)
typically a battery-sized plug that serves as a connector between the user's keyboard and computer. Then saves it to its own tiny hard drive. The person must then come and remove it physically.
Keystroke logger (software)
usually disguised as a Trojan malicious software program. Can be hidden in a URL link, PDF file, or ZIP file. As long as an attacker has network access to a computer, he or she can transfer any file. Users can also download keystroke loggers as spyware, which an attacker can then execute as port of a rootkit. The keystroke logger program records each keystroke the user types and periodically uploads the information over the Internet to whoever installed the program.
A violation of a C-I-A security tenets is a
Activities that can cause a security breach include
Denial of service (DoS) attacks, distributed denial of service (DDoS) attacks, unacceptable Web-browsing behavior, wiretapping, use of a backdoor to access resources, accidental data modification.
is a coordinated attempt to deny service by causing a computer to perform an unproductive task. This excessive activity makes the system unavailable to perform legitimate operations. When a disk fills up, the system locks an account out, a computer crashes, or a CPU slows down, the result is denial of service - hence the name.
Two common types of DoS attacks are...
Logic attacks (use software flaws to crash or slow the performance of remote servers) You can prevent many of these attacks by installing the latest patches to keep your software up to date.
Flooding attacks - overwhelm the victim computer's CPU, memory or network resources by sending large numbers of useless requests to the machine.
One of the best defenses against DoS attacks is to use
Intrusion prevention system (IPS) software or devices to detect and stop the attack.
Attackers can launch DoS attacks using common Internet protocols such as
TCP and Internet Control Message Protocol (ICMP). Brings down one or more network servers or devices by flooding it with useless packets and providing false information about the status of network services. This is a packet flood.
One of the popular techniques for launching a packet flood is...
a SYN flood. A SYN is a TCP control bit used to synchronize sequence numbers. In a SYN flood, the attacker sends a large number of packets requesting connections to the victim computer. Essentially fills the connection table of victim computer.
DDOS attacks are more difficult to stop than DoS attacks because they originate from..
Acceptable use policy.
Wiretapping can be
active (modifying it) or passive. Telephone lines or data communications. but data communications wiretapping is more commonly called sniffing.
Two methods of active wiretapping are
Between-the-lines wiretapping - Does not alter the messages sent by the legitimate user, but inserts additional messages into the communication line when the legitimate user pauses.
Piggyback-entry wiretapping - intercepts and modifies the original message by breaking the communications line and routing the message to another computer that acts as a host.
Give developers or support personnel easy access to a system, without having to struggle with security controls. But don't always stay hidden...when an attacker finds this, they can bypass existing security controls such as passwords, encryption, and so on.
What is one of the most popular backdoor tools in use today?
What are rootkits?
Malicious software programs designed to be hidden from normal methods of detection. They allow an attacker to gain access to a computer system. Rootkits are installed by attackers once they obtain root or system administrator access privileges. Rootkits commonly include backdoors. Traditional rootkits replace critical programs to give attackers backdoor access and enable them to hide on the host system.
The best way to avoid data-modification issues is to...
validate data before storing it and to ensure that your programs adhere to strict data-integrity rules.
What is a phishing email?
A fake or bogus e-mail to trick the recipient into clicking on an embedded URL link or opening an e-mail attachment.
Name things that can be embedded in a phishing e-mail?
Malicious software, Trojans, or keystroke loggers can be embedded in a phishing e-mail. Antivirus, anti-spyware, and anti-malicious-software applications are needed to combat this type of incident.
What is a cookie?
A text file that contains details gleaned from past visits to a Web site. These details might include the user's username, credit card info, etc.
The problem with cookies is that they store info in...
Common threats and vulnerabilities with User Domain...
Lack of awareness or concern for security policy. Accidental aceptable use policy violation. Intentional malicious activity. Social engineering.
Common threats and vulnerabilities with with Workstation Domain
Unauthorized user access. Malicious software introduced. Weaknesses in installed software.
Common threats and vulnerabilities with LAN Domain
Unauthorized network access. Transmitting private data unencrypted. Spreading malicious software.
Common threats and vulnerabilities with LAN-to-WAN Domain
Exposure and unauthorized access to internal resources from the outside.
Common threats and vulnerabilities with WAN Domain
Transmitting private data unencrypted. Malicious attacks from anonymous sources. Denial of service attacks. Weaknesses in software.
Common threats and vulnerabilities with Remote Access Domain
Brute-force password attacks on access and private data. Unauthorized remote access to resources. Data leakage from remote access or lost storage devices.
Common threats and vulnerabilities with System/Application Domain
Unauthorized physical or logical access to resources. Weaknesses in server operating system or application software, data loss form errors, failures, or disasters.
Name the most common threats...
Malicious software, hardware or software failure, internal attacker, equipment theft, external attacker, natural disaster, industrial espionage, terrorism, etc.
occurs any time unauthorized users access private or confidential information that is stored on a network resource or while it is in transit between network resources.
Name the categories of attacks
Fabrications, Interceptions, Interruptions, Modifications
Active threats include...
Brute-force passwords attacks, dictionary password attacks, IP address spoofing, hijacking, replay attacks, man-in-the-middle attacks, masquerading, social engineering, phishing, phreaking, pharming.
A type of attack in which one person, program, or computer disguises itself as another person, program, or computer to gain access to some resource. A common spoofing attack involves presenting a false network address to pretend to be a different computer.
What is hijacking and the the forms of it?
A type of attack in which the attacker takes control of a session between two machines and masquerades as one of them. Man-in-the-middle hijacking (attacker can come between two computers, and pretend to be the other)
Browser HIjacking - the user is directed to a different Web site than what he or she requested. Attackers can use this attack with phishing to trick a user into providing private information, such as a password.
The attacker attempts to take over an existing connection between two network computers. The first step in this attack is for the attacker to take control of a network device on the LAN, such as a firewall or another computer, in order to monitor the connection. This enables the attacker to determine the sequence numbers used by the sender and receiver. After determining the sequence numbering, the attacker generates traffic that appears to come from one of the communicating parties. This steals the session from one of the legitimate users. To get ride of the legitimate user who initiated the hijacked session, the attacker overloads one of the communicating devices with excess packets so that it drops out of the session.
involve capturing data packets from a network and retransmitting them to produce an unauthorized effect. The receipt of duplicate, authenticated IP packets may disrupt service or have some other undesired consequence.
takes advantage of the multihop process used by many types of networks. An attacker intercepts messages between two parties before transferring them on to their intended destination. Use this technique to steal info, execute DoS attacks, corrupt transmitted data, gain access to an organization's internal computer, etc.
(or sniffing) occurs when a host sets its network interface on promiscuous mode and opies packets that pass by for later analysis. Promiscuous mode enables a network device to intercept and read each network packet, even if the packet's address doesn't match the network device.
Phone phreaking (phreaking)
describes the activity of a subculture of people who study, experiment with, or exploit telephone systems, equipment and systems connected to public telephone networks.
a type of fraud in which an attacker attempts to trick the victim into providing primate information such as credit card numbers, passwords, dates of birth, bank account numbers, ATM PINs, Social Security numbers, etc.
seeks to obtain personal or private financial information through domain spoofing. Doesn't use messages to trick victims into visiting spoofed Web sites. Uses domain spoofing "poisoning" a domain name system server (DNS) server. navigates to the attackers site.
Where phishing attempts to scam people one at a time with an email or instant messages,
pharming enables scammers to target large groups of people at one time through domain spoofing.
Advanced persistent threat is a type of cybercrime directed at a specific target, such as an individual, organization or political group. Can span over long periods of time, deploying malware that goes undetected for months.
Malware that tends to hide includes...
trojan horses, rootkits, spyware.
The first virus recorded was the
Creeper virus, written by researcher Bob Thomas in 1971, copied itself to other networked computers displaying the message "I'm the creeper, catch me if you can!"
The main difference between a virus and a worm is that
a worm does not need a host program to infect. The worm is a standalone program.
A trojan horse (trojan) is
malware that masquerades as a useful program.
A rootkit modifies or replaces
one or more existing programs to hide traces of attacks. A host-based IDS can help detect rootkit activity, however.
Which group is responsible for responding to any reported cyberattack?
Incident response team.
Name firewall solution vendors
Cisco systems,SonicWALL, WatchGuard Technologies, Check Point, ZyXEL, Netgreat, Nortel, Juniper Networks, DLink, MultiTech Systems
Name the types of threats
integrity threats, availability threats, confidentiality threats.
Name active threats
brute-force, masquerading, IP address spoofing, session hijacking, replay, man-in-the-middle, dictionary password attacks.
Name passive threats
eavesdropping and monitoring.
Name anti-malware products available to prevent malware
BitDefender, Kaspersky Anti-Virus, Norton Antivirus, G DATA Antivirus, etc.
Information Security: C-I-A Triad
Confidentiality Integrity Availability
Countermeasure for confidentiality
(incoming) Patching, authentication and authorization
Countermeasure for integrity
Digital signatures (outgoing)
Countermeasure for availability
Virus protection, end user training (incoming)
Data has integrity if
Data not altered, is valid, accurate
(total uptime)/(total uptime + total downtime)
Mean time to failure
(MTTF): The average amount of time between failures for a particular system
Mean to to repair (MTTR):
The average amount of time it takes to repair a system, application, or component
Compliance Laws Driving ISS
Health Insurance Portability and Accountability Act (HIPAA)
Sarbanes-Oxley (SOX) Act
Children's Internet Protection Act (CIPA) Family Educational Rights and Privacy Act (FERPA)
Describe typical IT infrastructure
Common Threats in the WAN Domain
Open, public, and accessible data Most of the traffic being sent as clear text Vulnerable to eavesdropping Vulnerable to malicious attacks Vulnerable to denial of service
(DoS) and distributed denial of service (DDoS) attacks
Vulnerable to corruption of information and data
Insecure Transmission Control Protocol/Internet Protocol - (TCP/IP) applications
Hackers and attackers e-mailing
Trojans, worms, and malicious software freely and constantly
Common Threats in the LAN-to-WAN Domain
Unauthorized probing and port scanning
Intrusion Prevention Demo (https://www.youtube.com/watch?v=IL75Q8Cx6lA3:54)
Internet Protocol (IP) router, firewall, and network appliance operating system vulnerability
Local users downloading unknown file types from unknown sources
Common Threats in the LAN Domain
Unauthorized physical access to LAN Unauthorized access to systems, applications, and data LAN server operating system vulnerabilities LAN server application software vulnerabilities and software
Rogue users on WLANs Confidentiality of data on WLANs LAN server configuration guidelines and
Common Threats in the Remote Access Domain
Brute-force user ID and password attacks Multiple logon retries and access control attacks Unauthorized remote access to
IT systems, applications, and data
Confidential data compromised remotely
Data leakage in violation of data classification standards
Common Threats in the Systems/Applications Domain
Unauthorized access to data centers, computer rooms, and wiring closets
Physical security of Data Center: https://www.youtube.com/watch?v=_qc5TG2ulx8
Difficult-to-manage servers that require high availability
Server operating systems software vulnerability management
Security required by cloud computing virtual environments
Corrupt or lost data
Sets found in the same folder
Chapter 5 -660
Chapter 6 (Test 2)
information security chapter 1-4
Security chapter 10
Sets with similar terms
IT Chapter 5
Cyber Security Terms (CyberOPs)
Cyber Security Chapter 3
MTA 98-367 Security Fundamentals
Other sets by this creator
Week # 1
Other Quizlet sets
Tissue Engineering Exam 2- Adult Stem Cells
General Science Module 7 Test
Social Studies Study Guide
Scribe Course 3
What's the problem with 'the phrase "isms"' itself?* How does this relate to our discussion about what we must include when talking about systems of power?
What software program is an example of password management software?
Creating their own platforms, programs, and entertainment to block western values and ideas. Creation of their own Intranet.
To help participants make sense of some attitude awareness activities, Rukshana presents a variety of facilitation techniques designed to assist participants in desbrining, reflecting on, analyzing, and communicating about the experiences; this approach is called: