Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CIT292 Ch 1 and 2
CIT292 NW Security Ch 1 and 2 Terms
| Term | Definition |
|---|---|
| Information Security | Act of protecting information from unauthorized access. |
| Confidentiality | Prevention of disclosure of information to unauthorized persons. |
| Integrity | Data has not been tampered with or changed in any way. Authorization is necessary before data can be changed. |
| CIA | Three principles of information security: Confidentiality, Integrity, and Availability |
| Availability | Data is obtainable regardless of how information is stored, accessed, or protected. |
| Nonrepudiation | Have indisputable proof of something which can not be denied. |
| Authentication | Person's identity is established with proof such as login and password, smart card, etc. |
| Authorization | User is given access to certain data. Happens after authentication and includes permissions, ACLs (Access Control Lists), login or physical restrictions. |
| Accounting | Tracking of data, computer usage, and nw resources using logging, monitoring, auditing of data or resource. |
| AAA | Security concept that should be applied to security plans. Authentication, Authorization, Accounting |
| Defense in Depth | Layering of security that protect data through the entire life cycle: inception, usage, storage, transfer, and disposal |
| Ethical Hacker | Expert at breaking into systems but attacks with owners knowledge and consent to find security weaknesses. |
| White hat | nonmalicious hacker |
| Gray hat | Hacker who has no affiliation with company, but breaks into system and lets administrator of network know. |
| Black hat | Malicious hacker that attempts to break into computer systems without authorization. Attempt theft, fraud, piracy, and so on. |
| Encryption | Act of changing information using an algorithm known as cipher to make it "unreadable" to anyone except users who have "key" to data. |
| Malware | Software designed to infiltrate a computer system and possibly damage it without the user's knowledge or consent. |
| Virus | Code that runs on a computer without the user's knowledge that infects a computer when the code is accessed and executed. |
| Worm | Code that runs on a computer without the user's knowledge that is able to self-replicate. |
| Trojan horse | Applications that appear to perform desired functions but are actually performing malicious functions behind the scenes. |
| spyware | Type of malicious software either downloaded unwittingly from a web site or installed along with some other 3rd party software. |
| Adware | Type of spyware that pops up advertisements based on what it has learned about that user. |
| Grayware | General term used to describe applications that are behaving improperly but without serious consequences; often describes spyware. |
| Rootkit | Type of software designed to gain administrative-level control over a computer system without being detected |
| Logic Bomb | Code that has, in some way, been inserted into software, it is meant to initiate some type of malicious function when specific criteria are met. |
| Easter egg | Platonic extra added to OS or app as joke; harmless cousin of logic bomb. |
| Time bomb | Trojan set off at certain date |
| Botnet | Group of compromised computers used to distribute malware across the Internet: usually made up of zombies |
| Zombie | Individual compromised computers in a botnet. |
| spam | Abuse of electronic messaging systems such as email, broadcast media, and instant messaging |
| Active interception | Also known as active inception, normally includes a computer placed between the sender and receiver in effort to capture/modify info |
| open email relay | Also known as SMTP open relay; it enables anyone on the Internet to send email through an SMTP server. |
| HIDS (Host-based Intrusion Detection System | Type of system loaded on individual computer that analyzes and monitors what happens inside that computer; example checks for file integrity. |
| Pop-up blocker | Application or add-on to a web browser that blocks pop-up windows that usually contain advertisements. |
| Ad Filtering | Ways of blocking and filtering out unwanted advertisements; pop-up blockers and content filters are ad filtering methods. |
| Content filters | Individual computer programs that block external files that use JavaScript or images from loading into the browser. |
| Personal Firewall | Application that protect an individual computer from unwanted Internet traffic using a set of rules and policies |
| Privilege escalation | Act of exploiting a bug or design flaw in a software or firmware app to gain access to resources that normally are protected from a app or user. |
| Backdoor | Used in computer programming to bypass authorization and normal security mechanisms in place. |
| Hardware Security module | (HSM)Physical device that deals with the encryption of authentication processes, digital signings, and payment processes. |
| Bluejacking | Sending of unsolicited messages to Bluetooth-enabled devices such as mobile phones and PDAs |
| Bluesnarfing | The unauthorized access of information from a wireless device through a Bluetooth device. |
| ACL (Access Control List) | List of permissions on an object. Specify what level of access user, groups, have to an object. When dealing with firewalls, set of rules that apply to a list of network names, IP addresses, and port numbers. |
Created by:
Leisac
Popular Computers sets