67 terms

Compsci GR2


Terms in this set (...)

Information Security
the protection of data and information systems; the protection measures used to attain and preserve the integrity, availability, and confidentiality of information system resources. Information systems protect the entire system to include hardware, software, firmware, information/data, and telecommunication components.
information cannot be accessed by unauthorized parties
information is accurate and cannot be modified in an unauthorized manner.
information is available to authorized users for intended purposes.
External Threats
threats from those who are not already part of our trusted community.
want to improve their strategic and tactical position against other nations. Military capability, economic health and status, diplomatic standing, and public opinion.
Non-state actors
people such as terrorists who attack to achieve ideological ends
Business rivals
trying to gain a competitive advantage through theft or sensitive business data
use computer crime in order to make money or to act against rival criminal organizations
very technically adept and attack to prove their skills. don't plan to cause harm
Script Kiddies
have little technical skills; use tools created by others form the internet. Act as the same reason they would to commit vandalism.
Internal Threats
come from people whom have some degree of trust. Include family members, employees, and business partners.
Malicious insiders
act for personal gain or revenge
Untrained users
intend no harm, but compromise security through ignorant acts.
Attacker Goals
resources are unavailable or extremely limited. This ranges from
deletion of data to large-scale denial of service attacks
information is exposed to unauthorized parties. This can happen
by regular file transfer methods or by using unorthodox means of signaling and
transmission (side-channel attacks).
acceptance of false data. This includes both modification of existing data and
fabrication of new (false) data.
unauthorized control of some part of the system
is a weakness which, if exploited, allows the compromise of confidentiality, integrity, or availability
Physical attacks
such as disruption of the power supply or network connectivity, surreptitious entry into buildings to access system hardware, theft of backup media, or installation of an unauthorized transmission device;
Electronic eavesdropping
such as use of network sniffers to read traffic, detection of equipment radiation changes;
Deployment of malicious code
(viruses, rootkits, etc.) to log keystrokes, exfiltrate data, or launch attacks on other computers
Social engineering
in which the opponent tricks a legitimate user into breaching the system's security. This includes such practices as deceptive emails (phishing and, if targeted to an individual, spear phishing), misuse of people's desire to be helpful (shoulder-surfing into a building), and pretending to be a legitimate user in order to elicit information (pretexting).
provides assurance that statements and actions attributed to an entity were in fact performed by that entity. This is usually accomplished on computer systems by means of digital signatures
the study of disguising information so only authorized members may understand the content.
transposition cipher
takes the letters of a given message and rearranges them in a specific way. The recipient, who knows how the message was originally scrambled, undoes the rearrangement in order to restore the original message.
Substitution ciphers
are popularized by the Cryptoquote in the puzzle section of many newspapers. Types are include shift, vignere, and one-time pad.
shift cipher
also called the Caesar cipher (named after Julius Caesar, who is thought to have first used it). In this cipher, the cryptographer chooses a number of places to shift each letter of the message
Vigenère cipher
uses a keyword to apply multiple shift ciphers to the plaintext. Each letter of the keyword equates to a different shift value (ex: a=0, b=1, c=2, etc.).
one-time pad
consists of a sequence of random offsets and is distributed in advance to both the sender and receiver
symmetric-key encryption
Alice will still encrypt her plaintext message using a secret key and send the ciphertext to Bob. Upon receipt of the message, Bob uses the same key to decrypt the ciphertext to recreate the original plaintext.
symmetric-key encryption
is a fast, efficient way to encrypt large amounts of data and is most often used to maintain the confidentiality of large databases and other large files.
Asymmetric-key encryption
uses the same general form as the symmetric-key scheme, but with different types of keys. Instead of using a shared secret key, asymmetric-key encryption uses pairs
of keys. The two keys are mathematically related in such a way that a message encrypted with one
can only be decrypted with the other.
publickey encryption
In this scheme, one key of each pair (called the public key) is published and made known to everyone, while the other (called the private key) is kept secret and exclusive to one individual. The most common form of asymmetric encryption
A certificate
is a file that binds a particular user to the appropriate public key similar to the way an
identification card binds your identity to you. Conceptually a certificate includes three pieces of
information: the subject's identity, subject's public key, and the issuer's ID. A user or program can
use this certificate to verify the subject's identity much like security forces uses your CAC to verify
your identity.
certificate authority
digital certificates are managed (e.g., issued, updated, and revoked), by a......
(a trusted entity within the system).
mathematical operations that take a message and assign a unique number to that message based upon the actual contents of the message.
Hash functions
a special type of checksum chosen for the complexity of their calculation.
Intellectual property
is any product of the human intellect that is unique, novel, and unobvious and has some value in the marketplace. It includes the expression of ideas, inventions, and even unique names.
has the power to protect intellectual property. Note that such a right is exclusive, which means nobody else has it unless and until the owner chooses to give it, but it is also limited in time. At some point, the author can't claim that right any more, and anybody can use it.
Digital Forensics
The use of scientifically derived and proven methods towards the preservation, collection ,validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations
Locard's Principle
basically states that if an action was taken there will be some evidence behind. Generally applied to physical crime scenes (think CSI), it is the driving principle behind digital forensics
File System
Outside of the standard storage locations described above, the rest file system itself can provide tremendous forensic information. Forensic analysts have numerous tools that allow them to recover deleted files or even to search the computer's temporary memory.
Internet Cache History
Web browsers store all of the information pertaining to your browsing history on your hard drive to aid access should you visit the site in the future. The collection of these web page files is called your internet history cache. On a windows machine, the cache is stored in the folder: C:\Users\<your-user- name>\AppData\Local\Microsoft\Windows\Temporary Internet Files. This directory contains all of the webpages, images, videos, etc for any site you have recently visited. By default, Windows hides this directory though you can access it by typing it into Windows Explorer.
System Registry
For Microsoft Windows, the system registry is the central repository of all user and application related information. The registry stores information ranging from recently accessed files and webpages (as well as the autocomplete regions of the webpages) to what devices have been plugged into the machine. Many, if not most, programs use the registry to store session information that help improve the user's experience. As a warning, if you choose to interact directly with the registry you should be very careful. Creating erroneous registry entries, or modifying existing entries, could disable applications or even key functions of the operating system.
Digital forensics
is the field of retrieving and analyzing media and other static data to support criminal or intelligence efforts.
network forensics
analysts examine the content of the packets to see what sites the target has visited, what information they requested, and what information they received. Analysts will also look at the information the target sent with the HTTP Requests to see if there is any data being transmitted that is relevant to the purpose of the forensics.
is the process of making the systems more resilient against unauthorized access and manipulation.
Any new or modified system being introduced to an Air Force network is subjected to a rigorous
Information Assurance (IA) testing and accreditation process to ensure that the cyber defenses put in place will be able to deter and prevent successful cyber attacks
SCADA Targets
Power plants, water treatment plants, air traffic control systems, automotive systems, gas pipelines, food processing plants, traffic control systems, and dam controls.
SCADA systems
are difficult to defend because they are connected to the internet.
Network mapping
the study of physical connectivity of networks. Discovers the devices on the network and their connectivity.
Zero day attacks
are weapons that exploit vulnerabilities which are not publicly known or for which there is no existing patch for the vulnerability. Anti-virus software cannot detect these weapons because it does not know about them yet. Hackers who create these weapons closely protect them because they are difficult to create and are very effective at compromising systems.
Vulnerability identification
a process that defines, identifies, and classifies the security holes in a computer, network, or communications infrastructure.
the activity of defrauding an online account holder of financial information by posing as a legitimate company.
an email that appears to be from an individual or business that you know but really isn't.
targets senior executives and other leaders in key positions of influence
is a program designed to infect files on a system
a worm
In contrast to a virus, it is a stand-alone program that transmits itself over a network without user intervention
Trojan horse
is malware that is disguised as a legitimate or
beneficial program
is a set of executable code and configuration files (e.g. a kit) that allows a program to remain undetected to a user or computing system.
Logic Bomb
is executable code inserted into a computing system that will execute its malicious effects when specified conditions are triggered.
bypasses normal computing system authentication, granting an unauthorized user access to the computing system.
Keystroke logger
or keylogger, records the keys struck on a keyboard.
gathers and reports information about the user or computing system on
which it is installed. Information gathered can include internet browsing activity, personal
information, banking and credit card data, and user passwords.
are made of hundreds, thousands, or millions of computers infected with malware. Each of the computers is a Bot of the net. The Botnet is usually controlled by a central operator, but this operator has the cyber experience to obfuscate his location so that he is nearly impossible to find. Upon the central operator's command, the Bots are activated and attack in mass. Botnets can be used for a variety of purposes such as Distributed Denial of Service (DDoS) attacks, password cracking, web hosting of illicit material, or sending spam e-mails.
very technically adept and attack to prove their skills.usually act from malicious intent.