This site is 100% ad supported. Please add an exception to adblock for this site.

MIS 401 - Final Terms

Terms

undefined, object
copy deck
Authentication
is the process of determining whether someone or something is in fact who or what it is declared to be
Active threats
overt attacks or the release of hostile applications for the purpose of harm
Network intrusion detection system (NIDS)
monitors packets on a network wire and attempts to discover if a hacker is attempting to break into a system
Consequences
the ways the threat manifests its effects upon the resources and the extent of those effects
Demilitarized zone (DMZ)
area for systems on a network that need to have less protection than the rest of the systems
Wifi protected access (WPA)
system used to secure wireless networks, created to patch the security weaknesses of WEP—has authentication and encryption while WEP only has encryption
Risk management
the science and art of recognizing the existence of threats, determining their consequences to resources, and applying modifying factors in a cost-effective manner to keep adverse consequences within bounds
Denial-of-service (DoS/DDoS) attack
attack characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service—the attacks can disable a computer or network
Physical security
involves locks to server rooms, the condition and continuation of power, environmental control, and protection of wiring from traffic and water
Secure sockets layer (SSL)
commonly used protocol for managing the security of a message transmission on the internet
Hacker
person proficient in computers, who employ a tactical, rather than strategic approach to computer programming, administration, or security, as well as their culture
Proprietary information
information of importance to an organization such that disclosure could harm competitive advantage or divulge trade secrets
Heuristics
the application of experience-derived knowledge to a problem and is sometimes used to describe software that screens and filters out messages likely to contain a computer virus or other undesirable content
Service set identifier (SSID)
code attached to al packets on a wireless network to identify each packet as part of that network
Crosstalk
the reception of signals from another circuit or channel and is generally evidenced as noise
Security
the capability to defend against intrusion and to protect assets from access and disclosure, change or destruction
Spyware
any technology that aids in gathering information about a person or organization without their knowledge
Bayesian filter
a program that uses a special form of logic and analysis to evaluate the header and content of an incoming e-mail message and determine the probability that it constitutes spam
Spoofing
the creation of tcp/ip packets using bogus header information, such as somebody else's IP address
Public key infrastructure (PKI)
enables users of a basically insecure public network such as the internet to securely and privately exchange data and money through the use of a public and private cryptographic key pair that is obtained and shared through a trusted authority
Threats
the broad range of forces capable of producing adverse consequences
Trojan horse
a destructive program that masquerades as a benign application
Risks
threats from internal and external forces that are grounds for the possibility of loss or injury—its four components are threats, resources, modifying factors, and consequences—the expected value of the consequences of an unexpected event times the cost
Kerberos
a network authentication protocol designed to provide strong authentication for client-server applications by using secret-key cryptography
Passive threats
those threats that occur without malicious intent, without the active participation of people, or through unintentional consequences—user threats, systems software, environmental hazards
Firewall
a set of related programs, located a network gateway server, that protects the resources of a private network from users from other networks
Script kiddy
the derogatory term given to 'would-be' hackers who do not possess the knowledge or skill to write their own programs but rely on 'ready-to-use' kits from the internet or programs written by others
Adware
any software application in which advertising banners are displayed while the program is running
Man-in-the-middle (MITM) attack
an attack in which one entity with malicious intent intercepts a message between two communicating entities
Wired equivalent privacy (WEP)
part of the 802.11a standard used to secure WiFi networks
Rouge users
dishonest or unethical people, doing things to be mischievous or damaging and may range from intruders to disgruntled or dismissed employees
Blacklist
A database of known internet addresses used by persons or companies sending spam
Cracker
a hacker who commits the act of compromising the security of a system without permission from an authorized party
Risk assessment and analysis
the practice of methodological investigation of the organization's resources, personnel, procedures, and objectives to determine points of weakness
Phishing
the luring of sensitive information, such as passwords and other personal information, from a victim by masquerading as someone trustworthy with a real need for such information
Data security
the goals of both physical and virtual security measures, to keep an organization's information private and in tact
Logic bombs
applications that lie dormant until one or more logical conditions are met to trigger it
Accounting
allows us to measure and record the consumption of network or system resources
Worm
a program or algorithm that replicates itself over a computer network and usually performs malicious actions, such as using up the computer's resources and possibly shutting the system down
Virus
a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes—can replicate themselves
Virtual security
deals with the external world to which an organization connects but over which there may be limited control, that is, the environment
Social engineering
using non-technological means to gain access to your objective; to get people to do what you wish them to do
Disaster planning
requires the documentation of procedures to allow recovery after a disaster and permit the organization to continue operations
Proxy server
intercepts all messages entering and leaving the network—effectively hiding the true network addresses
Information warfare
the process of protecting your information and network resources, while, potentially denying the adversary access to his/hers
Temporal key integrity protocol (TKIP)
encryption method that scrambles keys using a hashing algorithm and uses integrity checking to validate keys that have not been altered
Wardriving
detecting and using unsecured wi-fi by driving around with a laptop and antenna
Authorization
the ability of a specific user to perform certain tasks
DNS cache poisoning
a technique that tricks your DNS server into believing it has received authentic information when, in reality, it has been lied to
Internet protocol security (IPsec)
is a standard for securing IP communications by encrypting and/or authenticating all IP packets
Biometric identification
the use of a human body part for unique authorization
Privacy
the added security provided for assets, especially information, of a personal nature
Digital certificate
an electronic 'credit card' that establishes your credentials when doing business or other transactions on the web
Modifying factors
the internal and external factors that influence the probability of a threat becoming a reality, or the severity of consequences when the threat materializes
Malware
is any program or file that is harmful to a computer user; it is created to exploit user machines
Certificate of authority (CA)
an authority in a network that issues and manages security credentials and public keys for message encryption
Warchalking
leaving chalk marks on the sidewalk or side of a building to indicate unsecured access points
Prevention
measures that help stop unauthorized users from accessing any part of the computer system
Transport layer security (TSL)
a protocol that ensures privacy between communicating applications and their users on the internet
Virtual private network (VPN)
a way to use a public telecommunications infrastructure, such as the internet, to provide remote offices or individuals secure access to their organization's network—utilizes tunneling protocols like the Layer Two Tunneling Protocol
Resources
things like assets, people, or earnings potentially affected by threats
Browser hijacking
external code that changes a user's Internet Explorer settings
Beacon interval
frame sent out to announce the presence of an access point
Packet filter
tool that looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules
AAA framework
the combination of authentication, authorization, and accounting
Zombie
a computer that has been implanted with a daemon—a process that runs in the background and performs a specified operation and predefined times or in response to certain events
Pharming
the seeking to obtain personal or private information through domain spoofing

Deck Info

67

permalink