Help
Options
Question
Drive By Hacking
click to flip
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't know
Question
black hat hackers
Remaining cards (47)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Chpt 28 Security
DAC1
| Question | Answer |
|---|---|
| Drive By Hacking | computer attack where an attacker accesses a wireless computer network, intercepts data uses network services, and or sends attack instructions without entering the home or office of the network |
| black hat hackers | break into other people's computer systems and may just look around or may steal and or destroy information. |
| crackers | have criminal intent when hacking |
| cyber terrorists | seek to cause harm to people or to destroy critical systems or information and use the internet as a weapon |
| hactivists | have philosophical and political reasons for breaking into systems and will often deface the website as a protest. |
| script kiddies or script bunnies | find hacking code on the internet and click and point their way into systems to cause damage or spread viruses. |
| White hat hackers | work at the request of the system owners to find system vulnerabilities |
| backdoor programs | open a way into the network for future attacks |
| denial of service attack (DDos) | attacks from multiple computers that flood a website with so many request for service that it slows down or crashes the site |
| spyware | is a special class of adware that collects data about the user ad transmits it over the internet without user's knowledge or permission |
| information secrecy | category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity |
| zombie farm | group of computers on which a hacker has planted zombie programs. |
| worm | spreads itself not only from file to file but also computer to computer |
| polymorphic viruses | viruses and worms change their form as the propagate. |
| Zombie | program that secretly takes over another computer for the purpose of launching attacks on other computers. |
| public key encryption | uses two keys a public key that everyone can have and a private key for only the recipient. |
| elevation of privilege | is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. go from guest to administrative privileges. |
| Hoaxes | attack computer systems by transmitting a virus hoax, with a real virus attached. By masking the attack in a seemingly legitimate message unsuspecting users send the message to others infecting many users along the way |
| malicious code | includes a variety of threats such as viruses, worms, and Trojan horses |
| Packet tampering | consists of altering the contents of packets as they travel over the internet or altering data on computer disks after penetrating a network. example attacker might tap a network to intercept packets leaving computer. Attacker could eavesdrop or alter |
| sniffer | program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, ....passwords and sensitive info. Tend to be favorite of hackers |
| spoofing | is the forging of the return address on an email so that the message appears to come from someone other than the actual sender. Way for virus authors to conceal id as they send out viruses |
| Splogs (spam blogs) | are fake blogs created solely to raise the search engine rank of affiliated websites. using blog to post comment with link to another spam site |
| spyware | software that comes hidden in free downloadable software and tracks online movements |
| information security policies | identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, change passwords every 30 days |
| information security plan | details how an organization will implement the information security policies. |
| destructive agents | malicious agents designed by spammers and other internet attackers to farm email addresses off websites or deposit spyware on machines. |
| information secrecy | is the category of computer security at addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity. |
| insiders | are legitimate users who purposely or accidentally missue their access to the environment and cause some kind of business-affecting incident. |
| phishing expedition | masquerading attack that combines spam with spoofing. |
| Spear phishing | emails are carefully designed to target a particular person or organization. |
| pharming | reroutes requests for legitimate websites to false websites. |
| pharming attack | uses a zombie farm, often by an organized crime association, to launch a massive phishing attack. |
| authorization | process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space. |
| tokens | are small electronic devises that change user passwords automatically. |
| smart card | device about the size of credit card, containing embedded technologies that can store information small amounts of software to preform some limited processing. |
| Time bombs | are computer viruses that wait for a specific date before executing their instructions. |
| content filtering | software that is used to filter content, such as emails to prevent the accidental or malicious transmission of unauthorized information. |
| decrpt | information is to decode it and is the opposite of encrypt. |
| cryptography | science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them. |
| advanced encryption standard (AES) | designed to keep government information secure. |
| public key encryption (PKE) | uses two keys: a public key that everyone can have and a private key for only the recipient. public key to all users to send info private key to receiver. |
| certificate authority | trusted third party ,such as VERISign that validates user identity by means of digital certificates. |
| digital certificate | data file that identifies individuals or organizations online and is comparable to a digital signature. |
| intrusion detection software (IDS) | features full-time monitoring tools that search for patterns in network traffic to identity intruders. |
| cyberwar | an organized attempt by a country's military to disrupt or destroy information and communication systems for another country. |
| firewall | hardware and software that guard a private network by analyzing incoming and outgoing information for the correct marking.s |
| organizations address security risks through two lines of defense: first and second | people technology. |
Created by:
smcdo11