61 terms

Computer Engineering II 206


Terms in this set (...)

Software that automatically displays or downloads advertising material (often unwanted) when a user is online
Unwanted software typically just taking up space
Brute Forcing
Uses a persistent trail and error method to figure out encrypted data like passwords or keys
Buffer Overflow
Extra data from programs overflows into a temporary area for data storage (buffer) and can sometimes hold instructions from a hacker to damage files, manipulate data or obtain private information
Prevents the discovery of virus program activity and structure for the purpose of avoiding virus detection
Dictionary Attack
Breaking into a password-protected computer by trying all the words in a dictionary
Dumpster Divin
gSearching through trash for information that allows someone to gain access to a computer network
A less serious threat than malware that is typically just annoying and undesirable; a combination of adware and bloatware
"Derived from Malicious Software, any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems
Password Cracking
Process of attempting to guess or crack passwords to gain access to a computer system or network
Refers to the component of a computer virus that executes a malicious activity
A technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses
Pointer Records
(PTR) Used to associate an IP address to a host name; works opposite of DNS record
A type of software that requires a "ransom" to be paid or the user's data will be published or deleted
Purpose is to make more copies of the virus code
Software that typically piggybacks in on a trusted software that allows unauthorized administrator access to a computer system
Shoulder Surfing
The act of someone spying over your shoulder to obtain information like passwords or personal data
Social Engineering
A non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedure
Flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it
Spear Phishing
Like phishing, but appears to be coming from an individual or business that you know
SPF Records
A type of DNS record that names which mail servers are allowed to send email for your domain
A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with a false IP address
Any technology such as tracking software that aids in gathering information about a person or organization without their knowledge
To describe the act of an unauthorized person who follows someone to a restricted area without the consent of the authorized person
Trojan Horse
A program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage
A piece of software which can replicate itself, has a payload, and usually is created and implemented for malicious purposes
"Self-replicating malware that does not alter files but resides in active memory duplicating itself and sending copies to anyone listed on a contact list
Zero-day Attack
A hole in a software that is unknown to the creator, when the vendor realizes the security hole then they hurry to fix it
Zombie Computer
A computer that has been "taken over" by some malicious person or program
Acceptable User Policies
Dictate what you want users to be able to do with computer equipment and network access
Access Control List
The selective restriction of access to a place or other resource
A process that ensures and confirms a user's identity
The study of measurable biological characteristics, in computer security, authentication techniques that rely on measurable physical characteristics that can be automatically checked
Data Loss Prevention
(DLP) An effort to keep people from sending sensitive data outside their corporate network
Directory Permissions
Settings that allow the user full control, modify, read and/or execute to file contents
Disabling Ports
Many times network administrators can keep unwanted traffic off of their network by disabling ports; for example, disabling port 23 would stop someone from being able to telnet into the network
Email Filtering
Automatically looks through incoming email to remove spam or viruses
Entry Control Rosters
A list of people who are authorized to enter secure areas
Hardware Tokens
Allow users to gain access to physical objects, like doors, computer hardware and even automobiles
ID Badges
Electronic identification cards, like credit cards, that can have personal information and photographs on the front but can also be embedded with strips on the back that can contain personal information
IT Security Plan
A formal plan that defines the plan of action to secure a computer or information system
One Time Password
A password that is valid for only one login session or transaction, on a computer system or other digital device
A string of characters that allows access to a computer, interface, or system
Principle of Least Privilege
If a user does not need rights to access certain data or locations then they should not be given that access
Privacy Filters
Placed on monitors that make it nearly impossible for someone to just look over your shoulder to see the information on your screen
Creating or controlling a situation by causing something to happen rather than responding to it after it has happened
Acting in response to a situation rather than creating or controlling it
Single Sign-On
An authentication process that allows a user to access multiple applications with one set of login credentials
Smart Card
An ID card with an embedded chip instead of the former strip technology
TPM Chip
Trusted Platform Module is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop) can include passwords, certificates, or encryption keys
Active Directory
A directory service that Microsoft developed for Windows domain networks and is included in most Windows Server operating systems as a set of processes and services
Demilitarized Zone
A computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network
Domain Controller
A server that is running a version of the Windows Server® operating system and has Active Directory® Domain Services installed
Group Policy Object
Policy documents that apply their settings to the computers and users within their control
Microsoft Baseline Security Analyzer
Software tool released by Microsoft to determine security state by assessing missing security updates and less-secure security settings within Microsoft Windows, Windows components such as Internet Explorer, IIS web server, and products Microsoft SQL Server, and Microsoft Office macro settings
Authorization given to users that enables them to access specific resources on the network, such as data files, applications, printers and scanners
Windows Server Update Services
A computer program developed by Microsoft Corporation that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment
Audit Plan
A powerful tool to help maintain the security of an enterprise which can be used for a variety of purposes, including forensic analysis, regulatory compliance, monitoring user activity, and troubleshooting
Digital Certificate
Used primarily to verify the identity of a person or device, authenticate a service, or encrypt files