Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
35 Cards in this Set
- Front
- Back
|
_____ is an attack on an information system that takes advantage of aparticular system vulnerability. Often this attack is due to poor system design or implemen-tation. Once the vulnerability is discovered, software developers quickly create and issue a“fix,” or patch, to eliminate the problem. |
exploit |
|
|
______takes place before the secu-rity community or software developer knows about the vulnerability or has been able torepair it. Although the potential for damage from zero-day exploits is great, few such attackshave been documented as of this writing. |
A zero-day attack |
|
|
______is a piece of programming code, usually disguised as something else, that causes acomputer to behave in an unexpected and usually undesirable manner. Often a virus isattached to a file, so that when the infected file is opened, the virus executes. Other viruses Computer and Internet Crime 75 76 Name Year released Worldwide economic impact Storm 2007 > $10 billion (est.) ILOVEYOU 2000 $8.75 billion Code Red 2001 $2.62 billion SirCam 2001 $1.15 billion Melissa 1999 $1.10 billion Chapter 3 sit in a computer’s memory and infect files as the computer opens, modifies, or createsthem. |
virus |
|
|
_____is a harmful program that resides in the active memory of the computer andduplicates itself. Worms differ from viruses in that they can propagate without humanintervention, sending copies of themselves to other computers by e-mail or Internet RelayChat ( |
worm |
|
|
what is negative impact of worm attack? |
lost data and programs, lost productivity due to workers being unable to usetheir computers, additional lost productivity as workers attempt to recover data andprograms, and lots of effort for IT workers to clean up the mess and restore everything toas close to normal as possible. |
|
|
______is a program in which malicious code is hidden inside a seemingly harmlessprogram. The program’s harmful payload can enable the hacker to destroy hard drives, cor-rupt files, control the computer remotely, launch attacks against other computers, stealpasswords or Social Security numbers, and spy on users by recording keystrokes and trans-mitting them to a server operated by a third party. A Trojan horse can be delivered as an e-mail attachment, downloaded from a Web site,or contracted via a removable media device such as a CD/DVD or USB memory stick. |
A Trojan horse |
|
|
Another typeof Trojan horse is ______ which executes when it is triggered by a specific event. Forexample, logic bombs can be triggered by a change in a particular file, by typing a specificseries of keystrokes, or by a specific time or date. |
logic bomb, |
|
|
_____ is a large group of computers controlled from one or more remote locations byhackers, without the knowledge or consent of their owners. Botnets are frequently used todistribute spam and malicious code. |
A botnet |
|
|
______ is one in which a malicious hacker takesover computers on the Internet and causes them to flood a target site with demands for dataand other small tasks. |
A distributed denial-of-service attack (DDoS) |
|
|
how DDos work? |
A distributed denial-of-service attack does not involve infiltration ofthe targeted system. Instead, it keeps the target so busy responding to a stream of automat-ed requests that legitimate users cannot get in—the Internet equivalent of dialing atelephone number repeatedly so that all other callers hear a busy signal. The targetedmachine “holds the line open” while waiting for a reply that never comes, and eventuallythe requests exhaust all resources of the target. The software to initiate a denial-of-service attack is simple to use and readily availableat hacker sites. A tiny program is downloaded surreptitiously from the attacker’s computerto dozens, hundreds, or even thousands of computers all over the world. Based on a com-mand by the attacker or at a preset time, these computers (called zombies) go into action,each sending a simple request for access to the target site again and again—dozens of timesper second. The zombies involved in a denial-of-service attack are often seriously compromised andare left with more enduring problems than their target. As a result, zombie machines needto be inspected to ensure that the attacker software is completely removed from the system.In addition, system software must often be reinstalled from a reliable backup to reestablishthe system’s integrity, and an upgrade or patch must be implemented to eliminate the vul-nerability that allowed the attacker to enter the system. |
|
|
A ____ is a set of programs that enables its user to gain administrator level access to acomputer without the end user’s consent or knowledge. |
rootkit |
|
|
how rootlet work? |
Attackers can use the rootkit to execute files, access logs, monitoruser activity, and change the computer’s configuration. Rootkits are one part of a blendedthreat, consisting of the dropper, loader, and rootkit. The dropper code gets the rootkitinstallation started and can be activated by clicking on a link to a malicious Web site in ane-mail or opening an infected .pdf file. The dropper launches the loader program and thendeletes itself. The loader loads the rootkit into memory; at that point the computer has beencompromised. |
|
|
_____ is the abuse of e-mail systems to send unsolicited e-mail to large numbers ofpeople. Spamis also an extremely inexpensive method of marketing used by many legitimate organiza-tions. For example, a company might send e-mail to a broad cross section of potential custo-mers to announce the release of a new product in an attempt to increase initial sales. Spam may also be used to deliver harmful worms or other malware. |
E-mail spam |
|
|
________ is the act of using e-mail fraudulently to try to get the recipient to reveal personaldata. In a phishing scam, con artists send legitimate looking e-mails urging the recipient totake action to avoid a negative consequence or to receive a reward. The requested actionmay involve clicking on a link to a Web site or opening an e-mail attachment. |
Phishing |
|
|
______ is a variation of phishing in which the phisher sends fraudulent e-mailsto a certain organization’s employees. The phony e-mails are designed to look like theycame from high-level executives within the organization. Employees are again directed toa fake Web site and then asked to enter personal information, such as name, Social Securitynumber, and network passwords. |
Spear-phishing |
|
|
______ test the limitations of information systems out of intellectual curiosity—to seewhether they can gain access and how far they can go. They have at least a basic under-standing of information systems and security features, and much of their motivation comesfrom a desire to learn even more. The term hacker has evolved over the years, leading to itsnegative connotation today rather than the positive one it used to have. While there is avocal minority who believe that hackers perform a service by identifying security weak-nesses, most people now believe that a hacker no longer has the right to explore public orprivate networks. |
Hackers |
|
|
Some hackers are smart and talented, but many are technically inept and are referredto as lamers or script kiddies by more skilled hackers |
kkk |
|
|
Cracking is a form of hacking that is clearly criminal activity. Crackers break intoother people’s networks and systems to cause harm—defacing Web pages, crashing computers, spreading harmful programs or hateful messages, and writing scripts and auto-mated programs that let other people do the same things. For example, crackers defaced aCERN (the European Organization for Nuclear Research) Web page, disparaging CERN’s ITsecurity staff as a “bunch of school kids” and saying they had no plan to disrupt CERN’soperations but simply wanted to highlight the lab’s security problems. The crackers camevery close to gaining access to a computer that controlled one of the 12,500 magnets thatcontrol the Large Hadron Collider built to perform particle physics experiments.28 |
kkkkk |
|
|
malicious insiders |
Insiders are not necessarily employees; they can also be consultants and contractors.However, “the typical employee who commits fraud has many years with the company, isan authorized user, is in a nontechnical position, has no record of being a problem employee, |
|
|
_______use illegal means to obtain trade secrets from competitors of their sponsor.Trade secrets are protected by the Economic Espionage Act of 1996, which makes it a feder-al crime to use a trade secret for one’s own benefit or another’s benefit. Trade secrets aremost often stolen by insiders, such as disgruntled employees and ex-employees. |
Industrial spies |
|
|
______ uses legal techniques to gather information that is availableto the public. Participants gather and analyze information from financial reports, trade jour-nals, public filings, and printed interviews with company officials. Industrial espionageinvolves using illegal means to obtain information that is not available to the public. |
Competitive intelligence |
|
|
_____are motivated by the potential for monetary gain and hack intocorporate computers to steal, often by transferring money from one account to another toanother—leaving a hopelessly complicated trail for law enforcement officers to follow. The use of stolen credit card information is a favorite ploy of computer criminals. |
Cybercriminals |
|
|
Some card issuers are issuing debit and credit cards in the form of smart cards, whichcontain a memory chip that is updated with encrypted data every time the card is used.This encrypted data might include the user’s account identification and the amount of cred-it remaining. To use a smart card for online transactions, consumers must purchase a cardreader that attaches to their personal computers and enter a personal identification numberto gain access to the account. |
kkkkk |
|
|
Hacktivism, a combination of the words hacking and activism, is hacking to achieve apolitical or social goal. A cyberterrorist launches computer-based attacks against othercomputers or networks in an attempt to intimidate or coerce a government in order toadvance certain political or social objectives. Cyberterrorists are more extreme in theirgoals than hacktivists although there is no clear demarcation line. |
kkkk |
|
|
Cyberterrorists seek to cause harm rather than gather information, and they use techni-ques that destroy or disrupt services. They are extremely dangerous, consider themselvesto be at war, have a very high acceptance of risk, and seek maximum impact. In early2009, Israeli hacktivists made available malware dubbed Patriot. When downloaded to com-puters of Israeli sympathizers, this malware converts those computers into zombies, whichlaunch a distributed denial-of-service attack intended to silence Hamas Web sites. Mean-while, anti-Israeli hacktivists were also on the offensive. Bruce Jenkins, a consultant fromthe application security firm Fortify Security, states, “Our observations suggest that a largenumber of Web sites have been defaced by a variety of hacker groups from Iran, Lebanon,Morocco and Turkey and the trend is accelerating.”31 |
kkk |
|
|
USA PatriotAct defines cyberterrorism as hacking attempts that cause $5,000 in aggregate damage inone year, damage to medical equipment, or injury to any person. Those convicted of cyber-terrorism are subject to a prison term of five to 20 years. |
kkkk |
|
|
____ is a method of computing that delivers secure, private, and reliablecomputing experiences based on sound business practices; this is what organizationsworldwide are demanding today |
Trustworthy computing |
|
|
_____ is the process of assessing security-related risks to an organization’scomputers and networks from both internal and external threats. Such threats can preventan organization from meeting its key business objectives. The goal of risk assessment is toidentify which investments of time and resources will best protect the organization from itsmost likely and serious threats. In the context of an IT risk assessment, an asset is any hard-ware, software, information system, network, or database that is used by the organizationto achieve its business objectives. A loss event is any occurrence that has a negative impacton an asset, such as a computer contracting a virus or a Web site undergoing a distributeddenial-of-service attack. |
A risk assessment |
|
|
A____ defines an organization’s security requirements, as well as the controlsand sanctions needed to meet those requirements. A good security policy delineates respon-sibilities and the behavior expected of members of the organization. |
security policy |
|
|
______ works by using the Internet to relay communications; it maintains privacythrough security procedures and tunneling protocols, which encrypt data at the sending endand decrypt it at the receiving end. |
A virtual private network (VPN) |
|
|
____ stands guard between an organization’s internal network and the Internet,and it limits network access based on the organization’s access policy |
A firewall |
|
|
____ work to prevent an attack by blocking viruses, mal-formed packets, and other threats from getting into the protected network. The IPS sitsdirectly behind the firewall and examines all the traffic passing through it. A firewall and anetwork IPS are complementary. Most firewalls can be configured to block everythingexcept what you explicitly allow through; |
Intrusion prevention systems (IPSs) |
|
|
_____ should be installed on each user’s personal computer to scan a compu-ter’s memory and disk drives regularly for viruses. Antivirus software scans for a specificsequence of bytes, known as a ____, that indicates the presence of a specificvirus. If it finds a virus, the antivirus software informs the user, and it may clean, delete, |
Antivirus software, virus signature |
|
|
The United States Computer Emergency Readiness Team (US-CERT ) is a partnershipbetween the Department of Homeland Security and the public and private sectors, estab-lished in 2003 to protect the nation’s Internet infrastructure against cyberattacks. US-CERThas long served as a clearinghouse for information on new viruses, worms, and other com-puter security topics (over 500 new viruses and worms are developed each month). Accord-ing to US-CERT, most of the virus and worm attacks that the team analyzes use alreadyknown programs. Thus, it is crucial that antivirus software be continually updated with thelatest virus signatures. |
kkkk |
|
|
Another important prevention tool is ____ that evaluates whether an organiza-tion has a well-considered security policy in place and if it is being followed. For example,if a policy says that all users must change their passwords every 30 days, the audit mustcheck how well the policy is being implemented. |
a security audit |
