Is an act that takes advantage of a vulnerability to compromise a controlled system?

Four Important Functions of Info Security

protect the orgs ability to function enable the safe operation of applications running on the orgs IT systems protecting the data the org collects and uses safeguarding the orgs technology assets

Responsible for protecting the functionality of an organization

both general management and IT management are responsible for implementing information security that protects the organizations ability to function

public key infrastructure (PKI)

integrated system of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure  

compromises to intellectual property

piracy copyright infringement

viruses, worms, macros, denial of service

deviations in quality of service

ISP, power, or WAN service issues from service providers

unauthorized access and/or data collection

fire, flood, earthquake, lightning

accidents, employee mistakes

blackmail, information disclosure

missing, inadequate, or incomplete

loss of access to information systems due to disk drive failure without proper backup and recovery plan organization policy or planning in place

missing, inadequate, or incomplete controls

network compromised because no firewall security controls

destruction of systems or information

illegal confiscation of equipment or information

technical hardware failures or erros

technical software failures or errors

bugs, code problems, unknown loopholes

technological obsolescence

antiquated or outdated technologies

trade secrets, copyrights, trademarks, and patents. unauthorized appropriation of IP constitutes a threat to information security

unlawful use or duplication of software based intellectual property

combat piracy/enforce copyright laws

online registration digital watermarks, embedded code, copyright codes, intentional placement of bad sectors on software media

malicious code/malware/malicious software

synonymous with malware or malicious software. software designed to damage, destroy, or deny service to the target systems

one of two forms of malicious code or malware. virus requires a host software environment in which to execute and it cannot function without such a host

one of the most common methods of virus transmission

virus that is contained in a downloaded file attachment such as word processing documents, spread sheets, and database applications

program that infects the key operating system files located in a computer's boot sector

one of two forms of malicious code or malware. virus that replicates itself on other machines without the need of another program environment

software programs that hide their true nature (usually destructive) and reveal their designed behavior only when activated

inventor of the worm, postgrad at Cornell

electronic hole in software that is left open by accident or intention that allows an attacker to access the system at will with special privileges. can be installed by a virus, worm or an attacker who takes control of a system

threat that changes its apparent shape over time, to become a new threat not detectable by techniques looking for a preconfigured signature

email warning of a virus that is fictitious

situation in which a product or service is not delivered to the organization as expected

Service Level Agreement (SLA)

contract of a web host provider covering responsibility for internet services as well as for hardware and software used to operate the web site

momentary increase in voltage

can lead to fluctuations such as power excesses, power shortages, and power losses. problems for orgs that provide adequately conditioned power for their info systems equipment

prolonged increase in voltage

momentary incidence of low voltage

prolonged drop in voltage

complete loss of power for a moment

broad category of electronic and human activities that can breach the confidentiality of information. unauthorized individual gains access to the info an org is trying to protect.

info gained legally that gives an org an advantage over its competition

info gained illegally that gives an org an advantage over its competition

acto of observing info without authorization by looking over a shoulder or spotting info from a distance

act of entering a premises or system without authorization 

people who use and create computer software to gain access to info illegally

expert hacker/elite hacker

individual develops software scripts and program exploits used by novice hackers. also a maser of several programming languages, networking protocols, and operating systems, has a mastery of the technical environment of the targeted system

individual who depends on the expertise of others to abuse systems

hackers of limited skill who use expertly written software to exploit a system but do not fully understand or appreciate the systems they hack

hackers of limited skill who use automated exploits to engage in distributed denial of service attacks

individual who removes an application's software protection that is designed to prevent unauthorized duplication, or a criminal hacker

person who hacks the public telephone network to make free calls and disrupt services

threat to hardware components of info systems that falls in forces of nature or acts of God because it is unexpected or occurs with little warning. structural damage to building housing equipment of the info system , also: smoke damage, water damage

threat that falls in forces of nature/acts of God. unexpected or very little warning. overflowing of water onto land that is normally dry, causing direct damage to all or part of info system or building that houses it

forces of nature/acts of God. unexpected, little warning. sudden movement of the earth's crust caused by the release of stress along geologic faults or volcanic activity. causes direct damage to info system and/or building that houses it

forces of nature/acts of God. unexpected/little warning. abrupt, discontinuous natural electric discharge. usually damages all or part of an info system and/or its power distribution components

forces of nature/acts of God. unexpected/very little warning. downward sliding of mass of earth and rock. may directly damage all or part of and info system or more likely the building that houses it

forces of nature/acts of God. unexpected/very little warning. typically rotating columns of air whirling at destructively high speeds. can directly damage all or part of an info system or more likely the bldg that houses it

forces of nature/acts of God. unexpected/little warning. in the equatorial regions of the atlantic ocean or caribbean sea or easter regions of the pacific ocean. usually involve heavy rains, can directly damage all or part of info system or bldg

forces of nature/acts of God. unexpected/little warning. very large ocean wave caused by underwater earthquake or volcanic eruption. direct damage to info system or building.

electrostatic discharge (ESD)

forces of nature/acts of God. unexpected/little warning. spark produced form a buildup of static electricity

forces of nature/act of God. Unexpected/little warning. can shorten the life of info systems and disrupt normal operations, causing unplanned downtime

acts performed without intent or malicious purpose by an authorized user. inexperience, improper training, incorrect assumptions are causes.

when an attacker or trusted insider steals information from a computer system and demands compensation for its return or for an agreement not to disclose it. common in credit card number theft.

missing, inadequate, or incomplete organizational policy/planning

makes an org vulnerable to loss, damage, or disclosure of info assets when other threats lead to attacks. info security is at its core, a mgmt function.

missing, inadequate, or incomplete controls

security safeguards and information asset protection controls that are missing, misconfigured, antiquated, or poorly designed or managed. make an org more likely to suffer losses when other threats lead to attacks.

deliberate sabotage of a computer system or business, or acts of vandalism to either destroy an asset or damage the image of the org. can range from petty vandalism by employees to organized sabotage against an organization

individual who uses technology as a tool for civil disobedience 

act of hacking to conduct terrorist activities through network or internet pathways

illegal taking of another's property

technical hardware failures or errors

when a manufacturer distributes equipment containing a known or unknown flaw. defects can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability

technical software failures or errors

software sometimes sold before all bugs are detected. some software/hardware combos reveal new bugs. failures range from bugs to untested failure conditions. sometimes they are purposeful shortcuts left by programmers for benign reasons

technological obsolescence

antiquated or outdated infrastructure can lead to unreliable and untrustworthy systems. risk of loss of data integrity from attacks. strategic planning should always include analysis of the technology currently in use.

act that takes advantage of a vulnerability to compromise a controlled system

specific instance or component that represents a danger to an orgs assets. can be accidental or purposeful. lightning strikes or hackers

weakness in a controlled system, where controls are not present or are no longer effective

viruses, worms, trojan horses, active web scripts with intent to destroy or steal info. designed to damage, destroy, or deny service to the target system

any technology that aids in gathering info about a person or org without their knowledge

automated software program that executes certain commands when it receives a specific input

any software program intended for marketing purposes such as those used to deliver and display advertising banners or popups to the user's screen or tracking the user's online usage or purchasing activity.

transmission of a virus hoax with a real virus attached. when the attack is masked in a seemingly legit message, unsuspecting users more readily distribute it

infected system scans a random or local range of IP addresses and targets any of several vulnerabilities known to hackers or left over from previous exploits such as CodeRed, Back orifice, or PoizonBox

infected system has write access to any web pages, it makes all web content files (.html, .asp, .cgi, and others) infectious, so that users who browse to those pages become infected

each infected machine infects certain common executable or script files on all computers to which it can write with virus code that can cause infection

using vulnerabilities in file systems and the way many organizations configure them, the infected machine copies the viral component to all locations it can reach

by sending email infections to addresses found in the address book, the infected machine infects many users, whose mail reading programs also automatically run the program and infect other systems

simple network management protocol (SNMP)

using only widely known passwords employed in early versions of this protocol (used for remote management of network and computer devices), the attacking program gains control of the device. Most vendors have closed these vulnerabilities with upgrades

using a known or previously unknown & newly discovered access mechanism, an attacker can gain access to a system or network resource

attempting to reverse calculate a password

application of computing and network resources to try every possible combination of options of a password

attempt to repeatedly guess passwords to commonly used accounts

brute force attack on passwords. uses a list of commonly used passwords instead of random combinations. in cryptography, done by encrypting each entry with the same crypto system used by target & comparing the result against target's cipher txt

attack which the attacker send a large number of connection or information requests to overwhelm and cripple a target

distributed denial of service (DDoS)

attach in which a coordinated stream of connection requests is launched against a target from many locations at the same time

computer that has been compromised and may later be used as an agent to be directed towards a target. The use as an agent is controlled remotely (usually by the way of a transmitted command) by the attacker

technique used to gain unauthorized access to computers, wherein the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host

man in the middle (TCP hijacking)

attack in which the abuser records data packets from the network, modifies them, and inserts them back into the network

unsolicited commercial email

form of denial of service attack in which the abuser sends a large number of connection or information requests to overwhelm and cripple a target

program or device that can monitor data traveling over a network

sniffers that work on TCP/IP networks

process of using social skills to convince people to review access credentials or other valuable information to the attacker

attempt to obtain personal or financial information using fraudulent means, usually by posing as a legitimate entity

highly targeted phishing attack that usually appears to be from an employer, colleague, or other legit correspondent

3 primary techniques of phishing

URL manipulation, Website forgery, phone phishing

redirection of legit web traffic to an illegitimate site for the purpose of obtaining private information

changing a legit host entry in a domain name server (DNS) to point to an attacker's website

attack in which an abuser explores the contents of a web browser's cache. these attacks allow a web designer to create a malicious form of cookie to store on the client's system

keep the design as simple and small as possible

base access decisions on permission rather than exclusion

every access to every object must be checked for authority

design should not be secret but rather depend on the possession of keys or passwords

where feasible, a protection mechanism should require two keys to unlock rather than one

every program and every user of the system should operate using the least set of privileges necessary to complete the job

minimize mechanisms ro shared variables common to more than one user and depended on by all users

psychological acceptability

essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly

buffer overflow (buffer overrun)

application error that occurs when more data is sent to a buffer than it can handle

occurs when user input is passed directly to a compiler or interpreter. underlying issue is the developer's failure to ensure that command input is validated before it is used in the program

occurs when an application running on a web server gathers data from auger in order to steal it

can cause a variety of unexpected system behaviors. programmers are expected to anticipate problems an prepare their application code to handle them

process to assure an organization that changes to systems are managed and all parties that need to be informed are aware of the planned changes. ensures that the working system delivered to users represents the intent of the developers

attacker changes the expected location of a file by intercepting and modifying a program code call, the attacker can force a program to use files other than the one it is supposed to use

one of the most common methods of obtaining inside and classified info is directly or indirectly from an individual, usually an employee

mathematical computing bug that is exploited indirectly by an attacker to corrupt other areas of memory in order to control an application

failure of a program that occurs when an unexpected ordering of events in the execution of the program results in a conflict over access to the same system resource

occurs when developers fail to properly validate user input before using it to query a relational database

unauthenticated key exchange

can occur on the internet where an attacker writes a variant of a public key system & places it out as freeware or corrupts or intercepts the function of someone else's public key encryption system by posing as a public key repository

Is an act that takes advantage of a vulnerability to compromise a controlled?

Which of the following terms refers to a tool or a technique that takes advantage of a vulnerability?

Which type of attacker will hack systems to conduct terrorist activities via network or Internet pathways?

What exploits do hackers use?