Shared Flashcard Set

Details

Cyber Security
Cyber Security Vocabulary
75
Computer Science
Not Applicable
02/09/2012

Additional Computer Science Flashcards

 


 

Cards

Term
Adware
Definition
Any software application which displays advertising banners while the program is running. The authors include additional code, which can be viewed through pop-up windows or through a bar that appears on the computer screen. Adware has been criticized because it usually includes code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge.
Term
Alert
Definition
Notification that a specific attack has been directed at the information system of an organization.
Term
Attack
Definition
Intentional act of attempting to bypass one or more computer security controls.
Term
Audit Trail
Definition
A record showing who has accessed a computer system and what operations he or she has performed during a given period of time.  Audit trails are useful both for maintaining security and for recovering lost transactions.
Term
Authenticate
Definition
To verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an information system, or to establish the validity of a transmission.
Term
Authentication
Definition
Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual's authorization to receive specific categories of information. Also see Two Factor Authentication
Term
Back Door
Definition
Hidden software or hardware mechanism used to circumvent security controls. Synonymous with trap door.
Term
Backup
Definition
A copy of data and/or applications contained in the IT stored on magnetic media outside of the IT to be used in the event IT data are lost.
Term
Blended Threat
Definition
A computer network attack that seeks to maximize the severity of damage and speed of contagion by combining methods, for example using characteristics of both viruses and worms, while also taking advantage of vulnerabilities in computers, networks, or other physical systems. An attack using a blended approach might send a virus via an e-mail attachment, along with a Trojan horse embedded in an HTML file that will cause damage to the recipient computer. The Nimda, CodeRed, and Bugbear exploits were all examples of blended threats.
Term
Bots
Definition
Bots are remote control agents installed on your system. Bots are often controlled remotely via Internet Relay Chat (IRC). Once a system is infected with a bot, it becomes part of a bot network (botnet) and is used in conjunction with other botnet members to carry out the wishes of the bot owner or bot herder. Bots can scan networks for vulnerabilities, install various Distributed Denial of Service (DDoS) tools, capture network packets, or download and execute arbitrary programs. Often bots will contain additional spyware or install it. Computers or systems infected with bots can be used to distribute spam to make it harder to track and prosecute the spammers
Term
Broadband
Definition
"Broadband" is the general term used to refer to high-speed network connections.  In this context, Internet connections via cable modem and Digital Subscriber Line (DSL) are frequently referred to as broadband Internet connections. "Bandwidth" is the term used to describe the relative speed of a network connection -- for example, most current dial-up modems can support a bandwidth of 56 kbps (thousand bits per second). There is no set bandwidth threshold required for a connection to be referred to as "broadband", but it is typical for connections in excess of 1 Megabit per second (Mbps) to be so named.
Term
Browser/Browser Settings
Definition
One browser configuration strategy to manage the risk associated with active content while still enabling trusted sites is the use of Internet Explorer security zones. Using security zones, you can choose preset levels of security.
Term
Certification
Definition
The comprehensive evaluation of the technical and non-technical security features of an IT and other safeguards, made in support of the accreditation process, that establishes the extent to which a particular design and implementation meet a specified set of security requirements.
Term
Ciphertext
Definition
Form of cryptography in which the plaintext is made unintelligible to anyone, who intercepts it by a transformation of the information itself, based on some key.
Term
Cookie
Definition
Cookies are pieces of information generated by a Web server and stored in the user's computer, ready for future access. Cookies are embedded in the HTML information flowing back and forth between the user's computer and the servers. Cookies were implemented to allow user-side customization of Web information. For example, cookies are used to personalize Web search engines, to allow users to participate in WWW-wide contests (but only once!), and to store shopping lists of items a user has selected while browsing through a virtual shopping mall.
Term
Configuration Management
Definition
The process of keeping track of changes to the system, if needed, approving them.
Term
Contingency Plan
Definition
A plan for emergency response, backup operations, and post-disaster recovery maintained by an activity as a part of its security program that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.
Term
Countermeasures
Definition
Action, device, procedure, technique or other measure that reduces the vulnerability of an information system.
Term
Data Driven Attack
Definition
A form of attack that is encoded in seemingly innocuous data which is executed by a user or a process to implement an attack. A data driven attack is a concern for firewalls, since it may get through the firewall in data form and launch an attack against a system behind the firewall.
Term
Data Integrity
Definition
The state that exists when automated data is the same as that in source documents, or has been correctly computed from source data, and has not been exposed to alteration or destruction.
Term
Denial of Service
Definition
Result of any action or series of actions that prevents any part of an information system from functioning.
Term
Dial-up
Definition
The service whereby a computer terminal can use the telephone to initiate and effect communication with a computer.
Term
Dictionary attack
Definition
An attack that uses a brute-force technique of successively trying all the words in some large, exhaustive list.
Term
Digital Signature
Definition
Digital signatures are a way to verify that an email message is really from the person who supposedly sent it and that it hasn't been changed. You may have received emails that have a block of letters and numbers at the bottom of the message. This information is actually a digital signature. To generate a signature, a mathematical algorithm is used to combine the information in a key with the information in the message. The result is a random-looking string of letters and numbers.
Term
Distributed Tool
Definition
A tool that can be distributed to multiple hosts, which can then be coordinated to anonymously perform an attack on the target host simultaneously after some time delay.
Term
DNS Spoofing
Definition
Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.
Term
DSL
Definition
Digital Subscriber Line (DSL) Internet connectivity, unlike cable modem-based service, provides the user with dedicated bandwidth. However, the maximum bandwidth available to DSL users is usually lower than the maximum cable modem rate because of differences in their respective network technologies. Also, the "dedicated bandwidth" is only dedicated between your home and the DSL provider's central office -- the providers offer little or no guarantee of bandwidth all the way across the Internet.
Term
Encryption
Definition
Encryption is the translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.
Term
EULA – End User License Agreements
Definition
An end-user license agreement (EULA) is a contract between you and the software's vendor or developer. Some software packages state that by simply removing the shrink-wrap on the package, you agree to the contract. However, you may be more familiar with the type of EULA that is presented as a dialog box that appears the first time you open the software. It usually requires you to accept the conditions of the contract before you can proceed.
Term
Firewall
Definition
A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. A firewall is considered a first line of defense in protecting private information.
Term
Flooding
Definition
Type of incident involving insertion of a large volume of data resulting in denial of service.
Term
Gateway
Definition
A bridge between two networks.
Term
Hacker
Definition
Unauthorized user who attempts to or gains access to an information system.
Term
Internet
Definition
A global network connecting millions of computers.  As of 1999, the Internet has more than 200 million users worldwide, and that number is growing rapidly.
Term
Intranet
Definition
A network based on TCP/IP protocols (an internet) belonging to an organization, usually a corporation, accessible only by the organization’s members, employees, or others with authorization.  An intranet’s Web sites look and act just like any other Web sites, but the firewall surrounding an intranet fends off unauthorized access.
Term
Intrusion
Definition
Unauthorized act of bypassing the security mechanisms of a system.
Term
ISP
Definition
Who provides you internet services
Term
Malicious Code
Definition
Software capable of performing an unauthorized process on an information system.
Term
Management Controls
Definition
Security methods that focus on the management of the computer security system and the management of risk for a system.
Term
Mobile Code
Definition
Software modules obtained from remote systems, transferred across a network, and then downloaded and executed on a local system without explicit installation or execution by the recipient. Malicious mobile code is designed, employed, distributed, or activated with the intention of compromising the performance or security of information systems and computers, increasing access to those systems, disclosing unauthorized information, corrupting information, denying service, or stealing resources.
Term
Operation Controls
Definition
Security methods that focus on mechanisms that primarily are implemented and executed by people (as opposed to systems).
Term
Packet
Definition
A block of data sent over the network transmitting the identities of the sending and receiving stations, error-control information, and message.
Term
Packet Filtering
Definition
A feature incorporated into routers to limit the flow of information based on pre-determined communications such as source, destination, or type of service being provided by the network. Packet filters let the administrator limit protocol specific traffic to one network segment, isolate email domains, and perform many other traffic control functions.
Term
Packet Sniffer
Definition
A device or program that monitors the data traveling between computers on a network.
Term
Patches (Software Patches)
Definition
Patches are updates that fix a particular problem or vulnerability within a program. Sometimes, instead of just releasing a patch, vendors will release an upgraded version of their software, although they may refer to the upgrade as a patch.  Make sure to apply relevant patches to your computer as soon as possible so that your system is protected.  Also see Software Assurance
Term
Pharming
Definition
Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.
Term
Phishing
Definition
Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts
Term
Probe
Definition
An attempt to gather information about an information system for the apparent purpose of circumventing its security controls.
Term
Proxy
Definition
Software agent that performs a function or operation on behalf of another application or system while hiding the details involved.
Term
RADIUS
Definition
Short for Remote Authentication Dial-In User Service, an authentication and accounting system used by many Internet Service Providers (ISPs).  When you dial in to the ISP you must enter your username and password. This information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system.
Term
Remote Access
Definition
The hookup of a remote computing device via communication lines such as ordinary phone lines or wide area networks to access network applications and information
Term
Replicator
Definition
Any program that acts to produce copies of itself. Examples include; a program, a worm, or virus.
Term
Retro-virus
Definition
A retro-virus is a virus that waits until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state.
Term
Risk Analysis
Definition
The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards.  Risk analysis is a part of risk management.
Term
Risk Management
Definition
Process of identifying, controlling, and eliminating or reducing risks that may affect IT resources.
Term
Rootkit
Definition
A hacker security tool that captures passwords and message traffic to and from a computer. A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software. Rootkit is available for a wide range of operating systems.
Term
Security Incident
Definition
An adverse event in a computer system or the threat of such an event occurring.
Term
Security Incident
Definition
An adverse event in a computer system or the threat of such an event occurring.
Term
Security Plan
Definition
Document that details the security controls established and planned for a particular system.
Term
Security Specifications
Definition
A detailed description of the safeguards required to protect a system
Term
Sensitive Data
Definition
Any information, the loss, misuse, modification of, or unauthorized access to, could affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under Section 552a of Title 5, U.S. Code, but has not been specifically authorized under criteria established by an Executive order or an act of Congress to be kept classified in the interest of national defense or foreign policy.
Term
Smart Card
Definition
A credit-card-sized device with embedded microelectronics circuitry for storing information about an individual.  This is not a key or token, as used in the remote access authentication process.
Term
Smurfing
Definition
Software that mounts a denial of service attack by exploiting IP broadcast addressing and ICMP ping packets to cause flooding
Term
Spam
Definition
To indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages, especially commercial advertising in mass quantities. Noun: electronic "junk mail". Spam can contain worms, viruses and other malicious code.  For more information, see [link: http://onguardonline.gov/spam.html]
Term
Spim
Definition
Spam that is sent over Instant Messaging. Like spam, spim can contain worms, viruses and other malicious code.
Term
Spoofing
Definition
Unauthorized use of legitimate identification and authentication data, however it was obtained, to mimic a subject different from the attacker. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
Term
Spyware
Definition
Any software using someone's Internet connection in the background without their knowledge or explicit permission. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.
Term
System Integrity
Definition
The quality that a system has when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Term
Threat
Definition
Any circumstance or event with the potential to adversely impact an information system through unauthorized access, destruction, disclosure, modification of data, and/or denial of service.
Term
Trojan Horse
Definition
A malicious or harmful code contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk.
Term
Virus
Definition
Self-replicating, malicious code that attaches itself to an application program or other executable system component and leaves no obvious signs of its presence.
Term
Vulnerability
Definition
A weakness in automated system security procedures, technical controls, environmental controls, administrative controls, internal controls, etc., that could be used as an entry point to gain unauthorized access to information or disrupt critical processing.
Term
Web Bugs
Definition
Web bugs are HTML elements, often in the form of image tags, that retrieve information from a remote web site. While the image may not be visible to the user, the act of making the request can provide information about the user. Web bugs are often embedded in web pages or HTML-enabled email messages.
Term
Worm
Definition
Independent program that replicates from machine to machine across network connections often clogging networks and information systems as it spreads.
Supporting users have an ad free experience!