Zusammenfassung der Ressource
IS Security and Privacy
- Key Terms
- Backup scope, Frequency, and Media
- Information Security
- Encompasses the protection the protection of
information from accidental or intentional misuse
by person inside or outside an organization
- Hackers and Viruses are the two hottest threats
- Hacker
- An expert in tech who use their knowledge to
break into a comp or comp network either for
profit or simply for the challenge
- Hacker Weapons
Anmerkungen:
- Hoaxes
Anmerkungen:
- transmits a virus using a hoax virus with a real one attached
- Malicious Code
Anmerkungen:
- includes a variety of threats including viruses, worms, and Trojan horses
- Denial of Service (DOS) attack
Anmerkungen:
- Floods a website with so many requests for service that it slows down or crashes the site
- Virus
- Trojan-Horse Virus
- Worm
Anmerkungen:
- Spreads itself not only from file to file, but also from computer to computer.
Different then a virus because a WORM does not need to attach to anything to spread and can tunnel itself into computers
- distributed DOS (DDOS) attack
Anmerkungen:
- Similar to DOS except that it attacks from multiple computers.
Ping of Death-When thousands of computers try to access a website simultaneously, overloading it and causing it to shut down
- Packet Tampering
Anmerkungen:
- altering packets of data as they travel over the internet or intercept to eavesdrop (think class example when Anderson had a kid throw a paper ball)
or altering data on comp disks after penetrating a network
- Sniffer
Anmerkungen:
- A program or device that can monitor data as it travels over a network-Sniffer can pull all data like passwords, cc info, etc
Fav weapon in Hackers arsenal
- Spoofing
Anmerkungen:
- Forging the address of an email to appear to be coming from that user-NOT A VIRUS but a way to spread viruses
- Spyware
Anmerkungen:
- Special class of adware that collects user data and transmits it over the web without the user knowing
- CONCEPTS
- What is the difference between the first and second lines of defense?
- First Line: PEOPLE
Anmerkungen:
- information security policies can help
- problem is that you have careless or malicious people ,such as:
- Insider
Anmerkungen:
- A real user who purposely or accidentally misuses their access to an environment and causes some sort of business-affecting incident
- Social Engineering
Anmerkungen:
- Hackers use social skills to trick people into revealing access credentials or other valuable info
- Second Line: TECHNOLOGY
- DATA: Prevention and Resistance
- Content Filtering
- Encryption
Anmerkungen:
- scrambles info and needs a key or password to decrypt
- Firewall
Anmerkungen:
- Firewalls are like bouncers that monitors what goes in and out
- What is an example of prevention and resisitance
- 3 areas that Technology can help with information security
- People: Authentication and Authorization
- Authentication
Anmerkungen:
- What is an example of Authentication and Authorization
- Biometrics
Anmerkungen:
- ID of users based on physical characterisitics
- Smart Card
Anmerkungen:
- A device that can store info or small software to perform some limited processing
like a key card, data storage device, form of digital cash
- Token
Anmerkungen:
- Small electronic devices that change user passwords automatically
- Authorization
Anmerkungen:
- Once you have identified yourself through authentication then the system determines what level of access privileges
- And
- Prevents
- Phishing
Anmerkungen:
- a technique used to gain personal information for the purpose of identity theft
-usually done by fraudulent emails that look like they came for legit businesses asking for you to provide some sort of important info
- Attack: Detection and Response
- Intrusion Detection Software
- What is an example of Detection and Response
Anmerkungen:
- Intrusion Detection Software (IDS) Like a network policeman looking for suspicious things happening
- What is the difference between the types of malicious code?