Study sets, textbooks, questions
Upgrade to remove ads
Get Quizlet's official A+ Core 2 - 1 term, 1 practice question, 1 full practice test
Terms in this set (29)
is a critical component in the day-to-day IT operations of nearly every organization in business today.
What is Network Security?
is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.
What Is Information Security?
● Network security—The protection of networking components, connections, and contents, which is the primary focus of this discussion
● Physical security—The protection of the physical items or areas of an organization from unauthorized access and misuse
● Personal security—The protection of the people who are authorized to access the organization and its operations
● Operations security—The protection of the details of a particular operation or series of activities
● Communications security—The protection of an organization's communications media, technology, and content
To protect information and its related systems, organizations must integrate the following security layers:
● Availability enables authorized users—persons or computer systems—to access information without interference or obstruction, and to receive it in the required format.
● Accuracy means that information is free from mistakes or errors and has the value that the end user expects it to have.
● Authenticity is the quality or state of being genuine or original rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred.
● Confidentiality is the protection of information from disclosure or exposure to unauthorized individuals or systems. This means that only those with the rights and privileges to access information are able to do so.
characteristics of information
● Information classification
● Secure document storage
● Application of general security policies
● Education of information custodians and end users
● Data owners are those responsible for the security and use of a particular set of information. They are usually members of senior management and could be CIOs.● Data custodians work directly with data owners and are responsible for the storage, maintenance, and protection of the information. Depending on the size of the organization, the custodian may be a dedicated position, such as the CISO, or it may be an additional responsibility of a systems administrator or other technology manager.
The duties of a data custodian often include overseeing data storage and backups, implementing the specific procedures and policies laid out in the security policies and plans, and reporting to the data owner.
● Data users are end users who work with the information to perform their daily jobs supporting the mission of the organization, and who therefore share the responsibility for data security.
● Integrity means that information remains whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.
● Utility is the quality or state of having value for some purpose or end. To have utility, information must be in a format meaningful to the end user. For example, U.S.
Census data can be overwhelming and difficult to understand; however, the data, when properly interpreted, reveals information about the voters in a district; which political parties they belong to; their race, gender, and age; and so on.
● Possession is the ownership or control of some object or item. Information is said to be in one's possession if one obtains it, independent of format or other characteristics.
Privacy means that information is used in accordance with the legal requirements mandated for employees, partners, and customers. In the rush to protect data from theft or mischief, organizations often trample the rights of individuals. For example, customers may not want a company to use their names and personal information for marketing purposes. A comprehensive security strategy should take into account these privacy concerns.
To protect any breach in the confidentiality of information, a number of measures can be used:
has been the industry standard for computer security since the development of the mainframe. It is based on three characteristics of information that form the foundation for many security programs: confidentiality, integrity, and availability.
What is C.I.A Triad?
Information security must effectively balance protection and availability. Even with the best planning and implementation, it is impossible to obtain perfect in formation security; information security is a process not a goal.
Balancing Information Security and Access
An information security program performs four important organizational functions:
● Protects the organization's ability to function
● Enables the safe operation of applications implemented on the organization's IT systems
● Protects the data the organization collects and uses
● Safeguards the technology assets in use at the organization
Business Needs First
To understand the wide range of threats that pervade the interconnected world, researchers have interviewed practicing information security personnel and examined the information security literature on threats. Although the categorizations may vary, threats are relatively well researched and, consequently, fairly well understood.
The Computer Security Institute (CSI) Computer Crime and Security Survey is a representative study.
Threats to Information Security
● Cracker—An individual who "cracks" or removes software protection that is
designed to prevent unauthorized duplication or use
● Cyberterrorist—An individual or group that hacks systems to conduct terrorist
activities through a network or Internet pathway
● Hackers—Individuals who gain access to information or systems without explicit
authorization, often illegally
● Hacktivist or cyberactivist—Individuals who interfere with or disrupt systems to protest
the operations, policies, or actions of an organization or government agency
● Malicious code (malcode) or malicious software (malware) —Software components
or programs designed to damage, destroy, or deny service to the target systems.
Includes viruses, worms, Trojan horses, and an expanding taxonomy of other
malicious software, such as:
● Computer viruses—Segments of code that perform malicious actions, including
● Macro virus —One that is embedded in the automatically executing macro code
common in word processors, spread sheets, and database applications
● Boot virus —One that infects the key operating system files located in a computer's boot sector
● Worms—Malicious programs that replicate themselves constantly without
requiring another program to provide a safe environment for replication
(named for the tapeworms in John Brunner's novel The Shockwave Rider)
● Trojan horses—Software programs that reveal their designed behavior only when
activated, often appearing benign until that time
● Backdoor, trap door, or maintenance hook—A component in a system that
allows the attacker to access the system at will, bypassing standard login
● Rootkit—Malicious software designed to operate with administrative access while
hiding itself from the operating system and monitoring tools
● Packet monkeys—Script kiddies who use automated tools to inundate a Web site
with a barrage of network traffic, usually resulting in a denial of service
● Phreaker—An individual who hacks the public telephone network to make free calls
or disrupt services
● Script kiddies—Hackers of limited skill who use expertly written software to attack a
● Shoulder surfing—Observing others' passwords by watching system login activities
● Software piracy—The most common IP breach, the unlawful use or duplication of
software-based intellectual property
is an action that takes advantage of a vulnerability to compromise a controlled system.
Attacks on Information Security
include the execution of viruses, worms, Trojan horses, and active Web scripts with the intent of destroying or stealing information.
The state-of-the-art malicious code attack is the polymorphic, or multivector, worm.
These attack programs use several known attack vectors to exploit a variety of vulnerabilities in commonly used software.
A number of attacks attempt to bypass access controls by guessing passwords; this is sometimes called password cracking. Such attacks range from making educated guesses based on the individual's background to guessing every possible combination of letters, numbers, and special characters.
One popular password attack, variously , a precomputed hash attack, or a time-memory tradeoff attack, uses a database of precomputed hashes (or rainbow tables) derived from sequentially calculated passwords to look up the hashed password and read out the text version. A rainbow attack is used when a copy of the hash of the user's password has been obtained. When a match is found, the password has been cracked.
Using computing and network resources to try every possible combination of available characters, numbers, and symbols for a password . Because this often involves repeatedly guessing the passwords to commonly used accounts, it is sometimes called a guessing attack. If attackers can narrow the field of target accounts, they can devote more time and resources to attacking fewer accounts. That is one reason to change the names of common accounts from the manufacturer's default names.
Although often effective against low-security systems, are often not use full against systems that have adopted the usual security practices recommended by manufacturers. Controls that limit the number of attempts allowed per unit of elapsed time are very effective at combating these attacks.
Brute Force Attacks
A variation on the brute force attack, narrows the field by selecting specific target accounts and using a list of commonly used passwords (the dictionary) instead of random combinations. Organizations can use similar dictionaries to disallow passwords during the reset process and, thus, guard against easy-to-guess passwords. In addition, rules requiring additional numbers and/or special characters make the dictionary attack less effective.
the attacker sends a large number of connection or information requests to a target. So many requests are made that the target system cannot handle them along with other, legitimate requests for service. The system may crash, or it may simply be unable to perform ordinary functions. Launches a coordinated stream of requests against a target from many locations at the same time. Most attacks are preceded by a preparation phase in which many systems, perhaps thousands, are compromised. The compromised machines are turned into zombies (or bots), machines that are directed remotely (usually via transmitted command) by the attacker to participate in the attack. These attacks
are the most difficult to defend against. There are, however, some cooperative efforts to
enable DDoS defenses among groups of service providers; among them is the Consensus
Roadmap for Defeating Distributed Denial of Service Attacks. To use a popular metaphor,
DDoS is considered a weapon of mass destruction on the Internet.
Denial-of-Service (DoS) and Distributed Denial-of-Service
is a technique used to gain unauthorized access to computers, wherein the intruder sends messages whose IP addresses indicate to the recipient that the messages are coming from a trusted host. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host.
an attacker monitors (or sniffs) packets from the network, modifies them using IP spoofing techniques, and inserts them back into the network, allowing the attacker to eavesdrop as well as to change, delete, reroute, add, forge, or divert data.11 In a variant attack, the spoofing involves the interception of an encryption key exchange, which enables the hacker to act as an invisible man-in-the-middle—that is, eavesdropper—in encrypted exchanges
A number of attacks focus on the use of e-mail to deny service to the user (a form of DoS), exploit the inexperience or vulnerability of the user, or trick the user into installing back doors or viruses. In general, e-mail is more the vehicle for the attack than the attack itself. However, there are also specific e-mail attacks, including spam and mail bombing.
unsolicited commercial e-mail, has been used as a means of making malicious code attacks more effective. In some cases, malicious code is embedded in files that are included as attachments to spam.12 The most significant impact of spam, however, is the waste of both computer and human resources. Many organizations attempt to cope with the flood of spam by using filtering technologies to stem the flow. Other organizations simply tell users of the mail system to delete unwanted messages.
an attacker routes large quantities of e-mail to the target system. This can be accomplished through social engineering (to be discussed shortly) or by exploiting various technical flaws in the Simple Mail Transport Protocol (SMTP). The target of the attack receives unmanageably large volumes of unsolicited e-mail. By sending large e-mails with forged header information, attackers can take advantage of poorly configured e-mail systems and trick them into sending many e-mails to an address chosen by the attacker. If many such systems are tricked into participating in the event, the target e-mail address is buried under thousands.
is a program or device that monitors data traveling over a network.Can be used both for legitimate network management functions and for stealing information from a network, can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal.
Within the context of information security, is the process of using social
skills to convince people to reveal access credentials or other valuable information to the
attacker. This can be done in several ways, and usually involves the perpetrator posing as
a person higher in the organizational hierarchy than the victim. To prepare for this false
representation, the perpetrator may have used social engineering against others in the
organization to collect seemingly unrelated information that, when used together, makes
the false representation more credible. For instance, anyone can call the main switchboard
of a company and get the name of the CIO, but an attacker may find it just as easy to get
even more information by calling others in the company and asserting (false) authority by
mentioning the CIO's name. Social engineering attacks may involve individuals posing as
new employees or as current employees who pathetically need assistance to avoid getting
fired. Sometimes, attackers threaten, cajole, or beg to sway the target.
is an application error that occurs when more data is sent to a buffer
than it can handle. During a buffer overflow, the attacker can make the target system exe-
cute instructions, or the attacker can take advantage of some other unintended consequence of
the failure. Sometimes, this is limited to a denial-of-service attack, when the attacked sys-
tem crashes and is (until it is restarted) rendered unavailable to users. In either case, data
on the attacked system loses integrity.15 In 1998, Microsoft revealed that Internet Explorer
it had been vulnerable to a buffer overflow problem, as described here:
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type
of URL) which is longer than 256 characters in Internet Explorer 4.0, the
browser will crash. No big deal, except that anything after the 256th character
can be executed on the computer. This maneuver, known as a buffer overrun, is
just about the oldest hacker trick in the book. Tack some malicious code (say, an
executable version of the Pentium-crashing FooF code) onto the end of the URL,
and you have the makings of a disaster.
Works by measuring the time required to access a Web page and deducing
that the user has visited the site before by the presence of the page in the browser's cache.
Using measurements of the time required to perform cryptographic functions.
Side channel attack on cryptographic algorithms
Allows professionals to map abstract security goals to concrete ideas and blue prints for how to implement proper security controls.
Is a representative study.
Computer Security Institute(CSI) Computer Crime and Security Survey
How many Hootsuite accounts can you have?
Spyware is defined as a type of software that:
a perpetrator attacks phone systems to obtain free phone line access or uses telephone lines to transmit viruses, and to access, steal, and destroy data. what computer fraud is this?
The most significant characteristic that correlates with professionals having favorable attitudes toward inclusion is:
Sets found in the same folder
Information Security Chapter 2
CCNA Security-Basic Firewall Study
Chapter 7 Quiz Question Bank - CIST1601-Informatio…
Sets with similar terms
Information Security Chapter 2
Chapter 1 Network Security
guide to network security ch1
Chp02 INFO SYS TERMS
Other sets by this creator
Organizing your speech
Organizing your Speech
The communication Process
Other Quizlet sets
Science Quiz on everything up to and including 5.1…
patient assessment, monitoring and management
Auditing Chapter 5
True or false sexual harassment requires that a sexual comment be made directly to a specific person.
What goes the study involving rhesus monkeys suggest about the choices that human infants would make in the same situation?
Marco has just earned his college degree but is hiving a hard time finding a full-time job. He moves back home to live with his parents while he accepts temporary jobs and continues to look for a full-time position. What stage of life is Marco going through?
Technology has been credited with increasing population growth. In what ways might it be employed to slow down the rate of population growth?