Deck 2: The Need for Security

A worm can deposit copies of itself onto all Web servers that the infected system can reach,so that users who subsequently visit those sites become infected.

A mail bomb is a form of DoS.

Information security safeguards the technology assets in use at the organization.

Compared to Web site defacement,vandalism within a network is less malicious in intent and more public.

A number of technical mechanisms-digital watermarks and embedded code,copyright codes,and even the intentional placement of bad sectors on software media-have been used to enforce copyright laws.

A firewall is a mechanism that keeps certain kinds of network traffic out of a private network.

Forces of nature,force majeure,or acts of God can present some of the most dangerous threats,because they are usually occur with very little warning and are beyond the control of people.

Organizations can use dictionaries to disallow passwords during the reset process and thus guard against easy-to-guess passwords.

Information security's primary mission is to ensure that systems and their contents retain their confidentiality at all costs.

DoS attacks cannot be launched against routers.

Much human error or failure can be prevented with training and ongoing awareness activities.

An act of theft performed by a hacker falls into the category of "theft," but is also often accompanied by defacement actions to delay discovery and thus may also be placed within the category of "forces of nature."

A timing attack involves the interception of cryptographic elements to determine keys and encryption algorithms.

A worm requires that another program is running before it can begin functioning.

Attacks conducted by scripts are usually unpredictable.

Expert hackers are extremely talented individuals who usually devote lots of time and energy to attempting to break into other people's information systems.

With electronic information is stolen,the crime is readily apparent.

With the removal of copyright protection,software can be easily distributed and installed.

A sniffer program shows all the data going by on a network segment including passwords,the data inside files-such as word-processing documents-and screens full of sensitive data from applications.

The shoulder looking technique is used in public or semipublic settings when individuals gather information they are not authorized to have by looking over another individual's shoulder or viewing the information from a distance._________________________

A(n)cookie can allow an attacker to collect information on how to access password-protected sites._________________________

Hackers are "people who use and create computer software to gain access to information illegally." _________________________

Sniffers often work on TCP/IP networks,where they're sometimes called packet sniffers._________________________

The macro virus infects the key operating system files located in a computer's boot sector._________________________

The term phreaker is now commonly associated with an individual who cracks or removes software protection that is designed to prevent unauthorized duplication._________________________

Once a(n)back door has infected a computer,it can redistribute itself to all e-mail addresses found on the infected system._________________________

The application of computing and network resources to try every possible combination of options of a password is called a brute crack attack._________________________

When voltage levels surge (experience a momentary increase),the extra voltage can severely damage or destroy equipment._________________________

One form of e-mail attack that is also a DoS is called a mail spoof,in which an attacker routes large quantities of e-mail to the target._________________________

Packet kiddies use automated exploits to engage in distributed denial-of-service attacks._________________________

A(n)polymorphic threat is one that over time changes the way it appears to antivirus software programs,making it undetectable by techniques that look for preconfigured signatures._________________________

The malicious code attack includes the execution of viruses,worms,Trojan horses,and active Web scripts with the intent to destroy or steal information._________________________

Intellectual property is defined as "the ownership of ideas and control over the tangible or virtual representation of those ideas." _________________________

Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways._________________________

A virus or worm can have a payload that installs a(n)____________________ door or trap door component in a system,which allows the attacker to access the system at will with special privileges.

A(n)____________________ is an object,person,or other entity that represents an ongoing danger to an asset.

A computer virus consists of segments of code that perform ____________________ actions.

Duplication of software-based intellectual property is more commonly known as software ____________________.

A(n)____________________ is a malicious program that replicates itself constantly,without requiring another program environment.

A(n)____________________ is an application error that occurs when more data is sent to a program buffer than it is designed to handle.

A(n)____________________ hacks the public telephone network to make free calls or disrupt services.

A momentary low voltage is called a(n)____________________.

Describe the capabilities of a sniffer.

When information gatherers employ techniques that cross the threshold of what is legal or ethical,they are conducting industrial ____________________.

Some information gathering techniques are quite legal,for example,using a Web browser to perform market research.These legal techniques are called,collectively,competitive ____________________.

The timing attack explores the contents of a Web browser's ____________________.

The expert hacker sometimes is called ____________________ hacker.

Attempting to reverse-calculate a password is called ____________________.

Script ____________________ are hackers of limited skill who use expertly written software to attack a system.

In the context of information security,____________________ is the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker.

Describe viruses and worms.

____________________ is a technique used to gain unauthorized access to computers,wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host.

____________________ is unsolicited commercial e-mail.

ESD means electrostatic ____________________.

A(n)____________________ is an identified weakness in a controlled system,where controls are not present or are no longer effective.

A(n)____________________ is an act that takes advantage of a vulnerability to compromise a controlled system.

List at least six general categories of threat.