1
Q
Information Security
A
the degree a system and its data are resistant to and protected from harm from a specific threat.
2
Q
Security breach
A
any incident that causes harm or unauthorized access to systems or their data
-direct monetary damages, negative impact on firm’s market value and reputation, or lead to government penalties
3
Q
Reasons of being a victim in security breach:
A
- have an identity
- know other people
- have access to computing resources (laptop, etc)
4
Q
Types of identity theft:
A
- Financial Identity Theft
- Medical Identity Theft
- Criminal Identity Theft
- Child Identity Theft
5
Q
identity theft
A
the unauthorized use of a person’s private information for gain
6
Q
Financial Identity Theft
A
stealing another person’s credit card or bank account number. This may also include using one’s identity (social security number, address, name, etc.) to apply for a credit card or loan that may impact credit ratings or cause unmerited financial obligations.
7
Q
Medical Identity Theft
A
stealing another person’s personal information to obtain medical care, buy drugs, or submit fake billings to an insurance company. Aside from its financial consequences, it could be life threatening if wrong information is inserted into one’s medical records and wrong medical actions are taken based on these records.
8
Q
Criminal Identity Theft
A
giving another person’s name, date of birth, driver’s license number, etc., to a law enforcement officer during an investigation or upon arrest. This may result in false criminal records, fines, or other illegal actions.
9
Q
Child Identity Theft
A
stealing a minor’s social security number for personal gain. This type of fraud can go undetected for years, and it may not be discovered until a child’s later years (when applying for a driver’s license, a bank account, etc.).
10
Q
Know other people
A
-attackers try to exploit other people’s social networks to steal from or harm their friends, work colleagues, and acquaintances.
- EX: attackers may break into a person’s email or social networking accounts to send messages to their friends and people in their contact list.
- appears to come from a trusted source, but are direct contacts to a fraudulent website, spread malware (malicious software such as a viruses), advertise unwanted products, send spam mail, or solicit friends for sensitive information.
11
Q
Access to computing resources
A
- anyone who owns a computer may be vulnerable to a security breach
- people can use unsecured computer resources to perform a variety of illegal activities (downloading illegal software, gambling, hosting illegal materials, or visiting bad sites)
- can install malware on victim’s computer that can be used to attack other people or organizations. EX: attacker can spread virus to millions of computers and turn them into zombies or bots. Using the army of infected computers, the attacker can attack an organization or government
- risk of experiencing hardware failure that may result in loss of information (personal files, pictures, music)
12
Q
zombies/bots
A
computer that can be controlled by a third party after being infected
13
Q
Who causes security threats?
A
- hackers
- malicious insider threats
- non-malicious threats
14
Q
Hacker
A
-people who try to attack an organization from the outside
-variety of motivations:
+for the challenge or curiosity
+receive monetary compensation for breaking into a computer system, stealing or destroying info
15
Q
Hactivists
A
- hackers who are activists
- promote political ends through breaking into computers or networks. They may deface a website (changing the appearance or content of a website) that is contrary to their opinion or make confidential information public to accomplish their political objective.
16
Q
Cyberterrorists
A
refer to hackers who use the internet to accomplish terrorist acts. Cyberterrorist acts may include disrupting or destroying an organization’s or nation’s infrastructure, such as disrupting a nation’s power supply or communication lines.
17
Q
Cyberwarfare
A
refers to nations or groups that conduct espionage or sabotage of another nation’s or organization’s information and infrastructure through hacking techniques
18
Q
White-hat hackers
A
hackers hired by organizations to break into their systems to expose vulnerabilities so the organizations can fix them
19
Q
malicious insider threats
A
- A legitimate and trusted members of an organization who compromise security
- adversary who operates as a trusted member of an organization to intentionally harm it
-EX: purposely install malware on a system, steal or expose sensitive information, sabotage systems, delete information, steal hardware, or perform financial fraud
20
Q
non-malicious threats
A
- users who put their organization at risk by not complying with the suggested security policy because of ignorance or non-malicious negligence
- EX: create weak passwords, not updating antivirus programs, not locking computers or office doors, visiting websites infected with malware, and disclosing sensitive information in emails or conversations
21
Q
computer crime
A
a crime that targets a computer, or using a computer to commit theft
22
Q
Internet crime
A
crime that specifically involved the internet, such as soliciting information to commit identity theft
23
Q
CIA Triad
A
-security threats and countermeasures
- Confidentially
- Availability
- Integrity
24
Q
Confidentially
A
Restricting access to information and resources to those who are authorized to use it
EX: online bank account is protected with a username and password to ensure that only the owner can access it
- ensuring that people who have access to that information don’t disclose that information to other unauthorized people
- enforced through a two step process: authentication & authorization
25
authentication
- refers to who you are
- accomplished through:
a. something you know
b. something you have
c. something you are
26
something-you-know
- include a username, password, or other information that you must retrieve from memory to enter in a login screen
- this is the most common form of authentication
27
something-you-have
- entails using an object (which you can carry with you) to authenticate
- EX: keys, smart card
28
smart card
-pocket-sized card that you can put in a slot on your computer or laptop and when you put this in the card slot on your computer it automatically authenticates and gives you access to the information and resources you are authorized to use
29
dual-factor authentication
often something you have is used together with something you know to authenticate
EX: some organizations with sensitive information, you must enter your username and password along with a code that is on a token
30
token
- small device that you can carry with you which display a code every 30-60 seconds
- the codes are synchronized with the system that will authenticate you
- if the code matches, you will be given access to the system assuming your password is correct to
31
something-you-are
```
using the physiological characteristics of a person to authenticate. For example, fingerprint scanners can be used to perform authentication. To gain access to a system, your fingerprint must match the fingerprint signature located on the authentication server. Other examples include:
Handprint readers
Retinal (eye) scanners
Vocalic (voice) characteristics
Keystroke timing
```
Once a person is authenticated (verified to be a legitimate user), a secure system should only allow that user to access the information and resources they are authorized to access.
32
Authorization
is the process of specifying access rights to users—i.e., specifying what users can and cannot access.
For example, a sales person should be able to access information about clients and products. However, a sales person should probably not be able to access information about other employees’ salaries.
33
Social Engineering �(one of the techniques used to access information)
Deceiving users with authorized access to disclose information
EX:
-trusted work colleague might say his account is locked and ask you to login using your credentials, or neighbor might ask for wifi password (with borrowed credentials, these people may access confidential information and may even perform illegal activities)
Asking users about sensitive information
Deceiving users to share credentials
Can be in person or over email—e.g., Phishing
34
Phishing (most common form of social engineering)
- fradulent technique for obtaining one's private information through an email
- typically asks you to provide personal information (usernames, passwords, credit card numbers, government ids, etc)
- or click on a link that will lead to a website that asks for personal information or that is infected with malware
EX: hackers pretending to be an IT department might ask you to click on a link to a fake login page to get your username & password
-or say you've won a large amount of money and ask for your bank account number to transfer your funds
35
spear phishing
personalized phishing messages:
- look very personable
- use actual name
- reference (CC) people you know
- appear to come from someone you know
36
Protect yourself (phishing)
- NEVER give out sensitive information in an email
- be cautious on clicking links in an email, check where it is really going
- be cautious clicking on attachments (can install malware on your computer or record your personal information), install an antivirus software that will scan the attachment before it is opened
- enable a spam folder in your email, spam filters tag characteristics of phishing emails and tag messages from known phishers
37
Network Sniffing
Intercepting packages on a wireless or wired network and viewing the contents of these packages
-when you send information over the internet (such as email, website request, instant messages, payment information, etc) it is divided into segments (known as packages) and sent across the network
38
Encryption (one way to protect your data from being readable to third parties)
- process of encoding a messages (or information) in such a way that third parties cannot easily understand it
- most encryption algorithms require a public key and to decrypt a message the receiver must have a private key
-can encrypt data on hard drive to protect confidentiality (if comp stolen)
39
public key
publicly available key or code that tells the algorithm how to encrypt the data
40
private key
key (not normally shared with others) that tells the algorithm how to decrypt the data
41
Protect yourself (network sniffing)
- only sharing information with websites that have an URL preceded with https
- only using wireless networks that are secure (require password or login)
- making sure your personal wireless network is secured with a password
- being hesitant sharing your wireless network password with anyone (could allow them to perform illegal activities or introduce malware on your network)
42
Password Guessing
- another type of attack to compromise confidentiality
- if you reuse passwords, can steal it from one site and use it for others
- can be performed by gathering personal information about an individual
- dictionary attack
43
Creating strong passwords
-through passphrase
44
passphrase
-sequence of words or other text that compose an easily rememberable but secure password
45
Protect yourself (passwords)
- create passphrases
- avoid reusing passwords for important sites
- avoid names of family members, pets, sports teams, etc
- use characters, special characters, and numbers in your password
- if system administrator, allow only a specific number of guesses before locking a system
46
Lost or Stolen Hardware
-phones, laptops, flashdrives, etc
EX: company's customer info on a flashdrive, and it falls out of pocket at a restaurant, the info may be accessed and used by anyone who picks up the drive
EX: lose a phone with no passcode on it they have access to apps, or other information on the phone including bank apps, email, notes, purchasing accounts (iTunes, etc)
47
Protect yourself (lost & stolen hardware)
- avoid putting any sensitive information on portable devices
- encrypt data on portable devices
- password protect laptops, phones, jump drives, or other portable devices
48
Availability
Ensuring that authorized users are able to access information and resources when they need it
-To create value, information must be available when users need it
EX: not able to login into comp because your account is locked (called downtime)
49
downtime
a period of time when a system is unavailable
-caused by: attacks, non-malicious & naturally occurring causes
50
User-Initiated Errors
-mistyped or forgotten credentials (also threaten availability)
51
Hardware failures
- also threaten availability
- lifespan of 3-5 years
- refers to a malfunction such that you can't access your stored information with a normal computer
52
redundancy
-refers to having important information in more than once place and having backup systems just in case the primary systems become nonfunctional (primary safeguard against hardware failure)
53
choosing backup strategy (redundancy)
-decide where to back up files:
+external hard drive & copying files to that drive periodically (most operating systems have a utility built in that will automatically create backups to an external drive)
+back up data online (allow you to automatically back up files to secure online server every time you connect to the internet)
-version control, what data to back up (entire vs. selected), how to secure (encryption vs. physical vs. online)
54
Malware
A malicious program that may occupy the resources of your computer so that it is slow or nonresponsive, cause damage to your computer, take control of your computer, or even steal information from your compute
3 types of malicious programs:
- virus
- worm
- trojan horse
55
virus
refers to a malicious program that attaches itself to another program or file. It spreads from one computer to another as users share programs or files with each other.
56
worm
is similar to a virus (refers to a malicious program that attaches itself to another program or file) except that it can spread from computer to computer by itself (without requiring users to share the virus).
57
Trojan horse
is a malicious program that is disguised to be a legitimate, useful program. However, when you open the Trojan horse, it may consume the resources of your computer, cause damage to your computer (e.g., delete files), steal information, or create a backdoor that allows someone to take control of your computer. Trojan horses do not self-replicate or infect files like worms or viruses respectively do
58
ways to get malware:
- phishing
- visiting infected website on your own
- shady websites (websites that contain illegal content)
- sharing flash drives, sharing files, and etc
- some can self-replicate (worms) across a network
- connecting to someone's non-secure wireless router that is infected
- if you have no virus protection
59
Protect yourself (malware)
- always have updated antivirus protection software
- do not click on unknown attachments in email
- do not visit shady websites, or click on unknown links in email
- be hesitant putting other people's flash drives in your comp
60
Denial-of-Service Attack
A distributed denial-of-service attack: a coordinated effort to flood a system (e.g., a website) with traffic -- such as having millions of comps trying to request a webpage at once to bring down the system and make it unavailable to users
61
firewall
-one way to combat against Denial-of-Service Attack
-hardware and/or software that guards a private network by analyzing the information leaving and entering the network and then blocks unauthorized or suspicious content
�(monitors the incoming and outgoing traffic of network and decides what traffic is allowed based on a set of rules)
-can also limit the number of ways an attack can come in, traffic can only enter or exit a network through certain entrances (known as ports), only certain types of traffic are allowed to enter through each port, can restrict which ports are open and thereby which types of traffic are allowed
-can be used to protect a system from a variety of other threats
EX: can limit what leaves a network, therefore an organization can prevent their network from being used to conduct an attack
-can prevent unauthorized internet users from accessing an organizations intranet (private network) that may contain sensitive data and constrained resources
-prevent malware from entering network
62
Integrity
Protecting data from unauthorized modification or deletion
-unauthorized change to data may occur from someone accidentally deleting or modifying data despite having good intentions
EX: breach of data occurs if well-minded employee accidentally deletes historical sales database or conducted by someone malicious - hacker intercepting message and changing or deleting its contents
63
file permissions
-refer to the rules that specify what can and cannot be done to a file
EX: read only program
-on a larger scale, organizations can specify who can access and modify resources using group policies (policies that specify what users and computers can do). once a group policy is set at the organizational level, all computers on the organization's network will then enforce it
64
version control
- management to change files
- if an unauthorized modification or deletion does occur, it is important to have the ability to restore the previous version of the data
65
checksums
- to help ensure that data was not modified during transmission (when transferring data across the internet, packets can become corrupted or even intercepted and changed before reaching the destination.
- checksums utilize cryptography (encryption) to create a unique signature of a file & its contents, the signature is referred to as "hash"
- person can create a hash of a file, transmit the file, compute another hash of the file at the destination and compare the two hashes to ensure nothing has changed
66
defense in depth
having multiple layers of security
67
onion model
- one way to conceptualize the defense in depth
- compares security to an onion
- in the middle of the onion is the sensitive data or data you want to protect, but the core is protected by several layers of security
EX: sensitive data/resources (center), encryption, permissions, firewalls/IPS/packet inspection, physical security
ISYS 201
flashcards
Decks in class (12)
# Cards
