Exam #1 Review - Security Assurance Information Systems - INFS-4300

What was the worst year in history for security?

2017.

What are some common difficulties with security?

-Bring your own device (BYOD)
-Universally connected devices
-More sophisticated attacks.

What are the 4 major threat categories?

- Internal human-caused threats
-Internal non-human caused threats
-External human-caused threats
-External non-human-caused threats

What are some examples of these threats?
1. Internal human-caused threats
2. Internal non-human caused threats
3. External human-caused threats
4. External non-human-caused threats

1. Accidentally downloading malware/virus
2. Power outage
3. Hackers
4. Natural disasters

What does more security usually mean for the user?

Less convenience.

Why does more security usually mean less convenience for the user?

Because following proper protocol typically takes a lot longer.

What are the Three Major Goals of Information Security?

CIA:
Confidentiality: Only approved individuals may access information.
Integrity: Information is correct and unaltered.
Availability: Information is accessible to authorized users.

Describe the difference between encryption and decryption

Encryption is like encoding and decryption is like decoding. Scrambling and unscrambling data so that it can be protected and unlocked for later use.

Which is readable? Cleartext or Plaintext?

Cleartext is readable. It's actual sensitive data that you have, meaning the data to be encrypted.
Plaintext consists of procedures based on mathematical formulas.

What are the 3 types of cryptography?

1. Hashing
2. Symmetric
3. Asymmetric

Describe the 3 types of cryptography.

1. Hashing: Non-reversible encrypted data.
2. Symmetric: Uses a same single key to encrypt and decrypt a document.
3. Asymmetric: Uses two mathematically related keys. Public key available to everyone and freely distributed. Private key known only to indi

What is BitLocker?

A drive encryption software included in Windows. It encrypts the entire system volume, including the Windows Registry.

What is Hardware Encryption?

Cryptography embedded in hardware
-Provides higher degree of security
-Can be applied to USB devices and standard hard drives

What is a Man-In-The-Middle attack?

Legitimate information requested/sent between employees that is listened in to by the attacker.

What is a Man-in-the-Browser attack?

Attack intercepts communication between parties to steal or manipulate the data. When the browser is launched, the extension is activated.
Very difficult to get rid of because it is embedded in your browser which makes it hard for anti-malware software to

What is a Replay attack?

Attacker intercepts and then makes a copy of a transmission before sending it to the original recipient.

What is Poisoning?

The act of introducing a substance that harms or destroys.

What are the three types of poisoning?

ARP, DNS Poisoning, and Privilege Escalation.

Describe the three types of poisoning.

Address Resolution Protocol (ARP): Relies on MAC spoofing which is imitating another computer by means of changing the MAC address.
Domain Name System (DNS): The current basis for name resolution to IP address. DNS poisoning substitutes DNS addresses to r

What is a Denial of Service (DOS)?

A deliberate attempt to prevent authorized users from accessing a system by overwhelming it with requests.

What is a Distributed Denial of Service (DDoS)?

Using hundreds or thousands of devices flooding the server with requests.

What is a Smurf attack?

-Attacker broadcasts a network request to all computers on the network (computers, printers, laptops, phones, etc...)
-Then IP Spoofs the address from where the request came from.
-Appears as if victim's computer is asking for response from all computers

What is a DNS Amplification Attack?

A type of DDoS attack where an attacker sends out a DNS query with a forged IP address. This attack crashes the whole network, not just a computer.

What is a SYN (synchronized message) flood attack?

The attacker sends SYN segments in IP packets to the server. The attack modifies the source address of each packet to address that don't exist and spams a computer until it runs out of resources and becomes unresponsive.

What is a Zero-Day attack?

An attack that exploits previously unknown vulnerabilities.

What is an SQL Injection?

Inserts statements to manipulate a database server. Attackers can use it to bypass a web application's authentication and authorization mechanisms.

What is Hijacking?

Commandeering a technology and then using it for an attack.

What is Bluejacking?

An attack that sends unsolicited messages to Bluetooth enabled devices. Texts, images, sounds... No data is stolen.

What is Bluesnarfing?

An attack that accesses unauthorized information from a wireless device through Bluetooth connection.

What is Near Field Communication (NFC)?

A set of standards used to establish communication between devices in close proximity.

What is Radio Frequency Identification (RFID)?

Tags that are commonly used to transmit information between employee identification badges, inventory tags, and book labels that can be read by a proximity reader.

What is a Black Hat Hacker?

A hacker that violates computer security for personal gain and the goal is to inflict malicious damage.

What is a White Hat Hacker?

A hacker whose goal is to expose security flaws, not to steal or corrupt

What is a Grey Hat Hacker?

A hacker whose goal is to break into a system without the owner's permission, but not for their own advantage.

What is a script kiddie?

Individuals that want to attack computers yet lack the knowledge of computers and networks needed to do so.
They download automated hacking software (scripts) from websites.

What is an Exploit Kit?

Automated attack package that can be used without an advanced knowledge of computers.

What is a broker?

Attackers who sell knowledge of a vulnerability to other attackers or governments.

What is a Cyberterrorist?

An attacker whose motivation may be ideological or for the sake of principles or beliefs.

What is a State-Sponsored Attacker?

An attacker commissioned by the governments to attack enemies' information systems.

What is malware?

Malicious software that enters a computer system without the owner's consent.

What are the three types of malware that have primary traits of circulation and/or infections?

1. Viruses
2. Worms
3. Trojans

What is a computer virus?

Malicious computer code that reproduces itself on the same computer.

What is a program virus?

A virus that infects an executable program file.

What is a Macro?

A series of instructions that can be grouped together as a single command.

What is a Worm?

Malicious program that uses a computer network to replicate.

What is a Trojan Horse?

An executable program that does something other than advertised.
Contains hidden code that launches an attack.

What is a Rootkit?

Software tools used by an attacker to hide actions or presence of other types of malicious software.

What is Spyware?

Software that gathers information without user consent.

What is a Keylogger?

Captures and stores each keystroke that a user types on the computer's keyboard.

What is Adware?

Program that delivers advertising content in manner unexpected and unwanted by the user.

What is Ransomware?

Prevents a user's device from being properly operated until a fee is paid.

What is a Logic Bomb?

Computer code that lies dormant until it is triggered by a specific logical event.

What is a Backdoor?

Gives access to a computer, program, or service that circumvents normal security to give program access.

What is a Zombie?

An infected computer that is under the remote control of an attacker.

What is Social Engineering?

A means of gathering information for an attack by relying on the weaknesses of individuals.

What is Phishing?

Sending an email claiming to be from a legitimate source.

What is Typo Squatting?

Redirecting a user to a fictitious website based on a misspelling of the URL.

What is a Watering Hole Attack?

Directed toward a small group of specific individuals who visit the same website.

What is Domain Hijacking?

When a domain pointer that links a domain name to a specific web server is changed by a threat actor.

What is Clickjacking?

Hijacking a mouse click. A user is tricked into clicking a link that is not what it appears.

What is Malvertising?

An ad (typically on a well known website) that contains malware that redirects visitors who receive it to the attacker's webpage that then downloads malware.

What is Ad Fraud?

Threat actors manipulate pre-roll ads to earn ad revenue that is directed back to them.

What is a Platform as a Service (PaaS)?

Provides a platform allowing customers to develop, run, and manage applications without too much complexity.

What is Infrastructure as a Service (IaaS)?

Delivers computer infrastructure on an outsourced basis to support enterprise operations.

What is a Rogue Access Point?

An unauthorized access point that allows an attacker to bypass network security configurations.

What is an Evil Twin?

AP set up by an attacker mimicking an authorized AP.

What is Spoofing?

Attackers craft a fictitious frame that pretends to come from a trusted client when it actually comes from the attacker.