Deck 14: Computer Security Threats

Obstruction is when an entity assumes unauthorized logical or physical control of a system resource.

Repudiation is when an entity deceives another by falsely denying responsibility for
an act.

Unauthorized disclosure is a threat to authenticity.

A rootkit is a set of programs installed on a system to maintain administrator access to that system.

One way to obstruct system operation is to overload the system by placing excess burden on communication traffic or processing resources.

A stealth virus is a form of virus where just the payload is hidden.

Deception is a threat to availability or system integrity.

Software piracy is an example of a software confidentiality threat.

Insider attacks are among the easiest to detect and prevent.

An active attack attempts to alter system resources or affect their operation.

Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.

Nimda has worm, virus, and mobile code characteristics.

A loss of confidentiality is the unauthorized disclosure of information.

Traditionally, those who hack into computers do so for the thrill of it or for status.

__________ assures that information and programs are changed only in a specified and authorized manner.

Defacing a Web server, running a packet sniffer on a workstation to capture user names and passwords, viewing sensitive data without authorization, and copying a database containing credit card numbers, are all examples of _________ .

_________ is the protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources.

__________ means verifying that users are who they say they are and that each input arriving at the system came from a trusted source.

Masquerade, falsification, and repudiation are attacks resulting in a __________ threat consequence.

Three key objectives of computer security are: confidentiality, availability, and _________ .

A _________ attack attempts to learn or make use of information from the system but does not affect system resources.

The three key concepts that are at the heart of computer security form what is often referred to as the __________ .

__________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

_________ is a circumstance or event that results in control of system services or functions by an unauthorized entity.

A __________ is code embedded in some legitimate program that is set to "explode" when certain conditions are met.

The _________ facility is what distinguishes a bot from a worm.

A _________, also known as a zombie or drone, is a program that secretly takes over another Internet-attached computer and then uses that computer to launch attacks that are difficult to trace to the creator.

A computer _________ is a piece of software that can "infect" other programs by modifying them; the modification includes injecting the original program with a routine to make copies of itself, which can then go on to infect other programs.

A __________ is a secret entry point into a program that allows someone who is aware of it to gain access without going through the usual security access procedures.