30 terms

ISSA Chapter 3


Terms in this set (...)

a software program that collects information about Internet usage and uses it to present targeted advertisements to users
Application attacks
attacks, usually in the form of intrusive penetration test, directed at public-facing web servers, applications, and back-end databases
Arbitrary code execution
an exploit that allows a hacker to run unauthorized command line functions on a compromised system
Armored Virus
a virus that attempts to conceal itself from discovery, reverse engineering, or removal
Address resolution protocol (ARP) poisoning
is used to map an Internet Protocol (IP) address to a physical or MAC address
any item that has value to an organization or a person
an attempt to exploit a vulnerability on an IT hardware asset or application
• Hidden access included by developers
• Attackers can use them to gain access
• Data modifications: data that is:
o Purposely or accidentally modified
o Incomplete
o Truncated
Birthday Attack
a type of cryptographic attack that is used to make brute-force attack of one-way hashes easier
Black-hat hacker
an unethical hacker
hacking and gaining control of the Bluetooth wireless communication link between a users earphone and smartphone device
accessing a bluetooth-enabled device with the intention of stealing data
robotically controlled network; consists of a network of compromised computers tat attackers use to launch attacks and spread malware
Brute-force password attack
a method used to attempt to compromise logon and password access controls by attempting every input combination
Buffer overflow
send so much information it crashes the site; a condition in which a memory buffer exceeds its capacity and extends its contents into adjacent memory
Christmas attack
an old attack of sending a deliberately malformed network packet with hopes the receiving network device responds unexpectedly, e.g., rebooting or crashing; the malformed packet includes several TCP header bits set to "1" or turned on like the lights of a Christmas tree
Client-side attack
using malware on a users workstation or laptop, within an internal network, acting in tandem with a malicious server or application on the internet outside the protected network
Command injection
a text file sent from a website to a web browser to store for later use
a computer attacker who has hostile intent, possesses sophisticated skills, and may be interested in financial gain
Cross-site scripting (XSS)
an attack in which an attacker inputs client-side scrip code to a web application
Cryptographic hash
an algorithm that converts a large amount of data to a single number
a specific form of ransomware that encrypts critical files or data until the victim pays a ransom to obtain the decryption keys
Denial of service (DoS) attack
A coordinated attempt to deny service by occupying a computer to perform large amounts of unnecessary tasks
Dictionary password attack
an attack method that takes all the words from a dictionary file and attempts to log on by entering each dictionary entry as a password
Directory traversal
the act of accessing a file directory outside a web server's root directory, and where possible, including a command to execute from unauthorized directory
any instance of an unauthorized user accessing protected information; a reference to how a covered entity shares protected information with other organizations
Distributed denial of service (DDoS)
an attack that uses ping or ICMP echo-request echo-replay messages to bring down the availability of a server or system; originated from more than one host
DNS poisoning
a form of exploitation in which the data on a DNS server are falsified so subsequent response to DNS resolution queries are incorrect
Dumpster diving
finding unshredded pieces of paper that may contain sensitive data or private data for identity theft