55 terms

Chapter 11 quiz

Key terms
Computer security risk
any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
computer crime
Any illegal act involving a computer
online or internet-based illegal acts
someone who accesses a computer or network illegally
(has advanced computer and network skills)
someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action (has advanced computer and network skills)
Script kiddie
has the same intent as a cracker but does not have the technical skills and knowledge. Script kiddies often use pre-written hacking and cracking programs to break into computer.
someone who uses e-mail as a vehicle for extortion. these perpetrators send organization a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization's network- if they are not paid a sum of money.
someone who uses the internet or network to destroy or damage computers for political reasons.
an attack whose goal ranges from disabling a government's computer network to crippling a country. (usually require a team of highly skilled individuals, millions of dollars, and several years of planning)
Online security service
website that evaluates your computer to check for internet and e-mail vulnerabilities. (Service then provides recommendations of how to address the vulnerabilities)
Computer Emergency Response Team Coordination Center
(A federally funded internet security research and development center)
A potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user's knowledge or permission. Once the virus infects the computer, it can spread throughout and may damage files and system software, including the operating system.
Trojan horse
a program that hides within or looks like a legitimate program. A certain condition or action usually triggers the trojan horse. trojan horse does not replicate itself to other computers.
a program that hides in a computer and allows someone from a remote location to take full control or the computer. Once the rootkit is installed, the rootkit author can execute programs, change settings, monitor activity, and access files on the remote computer. Although rootkits can have legitimate uses, such as in law enforcement, their use in nefarious and illegal activities is growing rapidly.
The destructive event or prank the program is intended to deliver.
Trusted Source
organization or person you believe will not send a virus infected file knowingly.
(short for malicious software) programs that act without a user's knowledge and deliberately alter the computer's operations. other classes of malware include back doors and spyware.
instructions saved in software such as a word processing or spreadsheet program.
Anti-virus program
protects a computer against viruses by identifying and removing any computer viruses found in memory, on storage media or on incoming files.
Virus signature
(also called a Virus definition) a known specific pattern of virus code.
(to inoculate a program file) the antivirus program records information such as the file size and file creation date in a separate inoculation file. The antivirus program then uses this information to detect if a virus tampers with the data describing the inoculated program file.
A separate area of a hard disk that hods the infected file until the infection can be removed. This step ensures other files will not become infected.
Virus hoax
an e-mail message that warns user of a nonexistent virus or other malware. These hoaxes are in the form of a chain letter that requests the user to send a copy of the e-mail message to as many people as possible.
group of compromised computers connected to a network such as the internet that are used as part of a network that attacks other networks usually for nefarious purposes.
A computer whose owner is unaware the computer is being controlled remotely by an outside.
A program that performs a repetitive task on a network. Cybercriminals install malicous bots on unprotected computers to create a botnet.
Zombie army
(also called Botnet) groups of bots
Dos Attack
(also called denial of service attack) An assault whose purpose is to disrupt computer access to an internet service such as the web or e-mail.
(distributed Dos) attack, A zombie army is used to attack computers or computer networks.
(A more devastating type of DoS attack)
Back Door
A program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network.
A technique intruders use to make their network or internet transmission appear legitimate to a victim computer or netorks.
E-mail Spoofing
The sender's address or other other componets of the e-mail header are altered so that it appears the e-mail originated from a different sender.
IP Spoofing
An intruder computer fools a network into believing its IP address is associated with a trusted source. Perpetrators of IP spoofing trick their victims into interacting with the phony web site.
Hardware and/or software that protects a networks resources from intrusion by users on another network such as the internet.
Proxy server
A server outside the organization's network that controls which communications pass into the organization's network.
Personal Firewall
A utility program that detects and protects a personal computer and its data from unauthorized intrusions.
Intrusion detection software
Automattically analyzes all network traffic, assesses system bulnerabilities, identifies any unauthorized intrusions, and notifies network administrators of suspicious behavior patterns or system breaches.
A vulnerable computer that is set up to entice an intruder to break into it.
Unauthorized access
The use of a computer or network without permission
Unauthorized use
the use of a computer or its data fro unapproved or possibly illegal activites
(acceptable use policy)
Audit trail
Records in a file both successful and unsuccessful access attempts.
(Completely automated public turing test to tell computers and humans apart)
Possessed objects
Any item that you must carry to gain access to a computer or computer facility. (examples : badges, cards, smart cards, and keys.
Personal identification number, a numeric password, either assigned by a company or selected by a user.
Biometric Devices
authenticates a person's identity by translating a personal characteristic, such as a fingerprint, into a digital code that is compared with a digital code stored in the computer verifying a physical or behavioral characteristic.
Digital forensics
(computer forensics, network forensics, or cyberforensics)
the discovery, collection, and analysis of evidence found on computers and networks. involves the examination of computer media, programs, data and log files on computers, servers, and networks.
(Real time location system) track and identify the location of high-risk or high-value items.
process of converting readable data into unreadable characters to prevent unauthorized access
Decipher into a readable form
Pretty good privacy
(Certificate Authority)

Authorized person or company that issues and verifies digital certificates.
(Transport Layer Security)

Successor to Secure Sockets Layer (SSL), a security technique that provides encryption of all data that passes between a client and an Internet server.
(Secure Sockets Layer)

Security technique that provides encryption of all data that passes between a client and an Internet server.
Repetitive strain injury