Chapter 4-Security

Description

Flashcards with the terms in Chapter 4-Security.
Alex Pascutiu
Flashcards by Alex Pascutiu, updated more than 1 year ago
Alex Pascutiu
Created by Alex Pascutiu over 7 years ago
7
0

Resource summary

Question Answer
Access levels Settings that determine who can access an item and what they can do with it (read, write, delete). Applies to files, folders, and databases among other things.
Anti-virus Software to detect and remove viruses and other malware.
Asymmetric key encryption Encryption system in which two keys are used: a public key used only to encrypt data, and a private key used only to decrypt it.
Authentication Establishing a user's identity.
Backdoor Method of bypassing security in a system, built in by the system designers.
Biometric enrolment Process of registering a user for a biometric system by taking an initial sample.
Biometric template Measurements taken from a biometric sample.
Biometrics Use of fingerprints, retina scans, or other body features as an authentication mechanism.
Botnet Group of zombie computers under the control of a criminal
Brute force attack Attempt to break a password by trying all possible combinations of letters, numbers, and symbols.
CAPTCHA “Scribble text” displayed as an image, which the user must type in to verify that they are a person.
Certificate Authority Organization that issues digital certificates to individuals and companies
Ciphertext Result of encrypting plaintext.
Computer Misuse Act UK law governing criminal offences committed using a computer.
Cracking Gaining illegal access to a computer system
DDoS Denial of service attack committed using dozens of computers, usually zombies on a botnet.
Denial of service attack Flooding a computer system with data so that it cannot respond to genuine users
Dictionary attack Attempt to break a password by trying all possible words.
Digital signatures Technique used to authenticate remote users, such as online shopping businesses.
Distributed Denial of Service attack Denial of service attack committed using dozens of computers, usually zombies on a botnet.
DNS poisoning Technique used by criminals to alter DNS records and drive users to fake sites, to committing phishing.
DoS Flooding a computer system with data so that it cannot respond to genuine users.
Drive-by download Program which automatically downloads when a user visits a web page, usually without their knowledge or consent.
Encryption System of encoding plaintext so that it cannot be understood with access to an encryption key
Encryption key Used to encrypt and decrypt data.
EV SSL Extended Validation SSL. Digital certificate validation technique used on the world wide web.
False negative When a system incorrectly rejects an action instead of accepting it
False positive When a system incorrectly accepts an action instead of rejecting it
Full disk encryption System that encrypts all data saved to a hard disk automatically and transparently
Hacking Gaining illegal access to a computer system
Home directory Directory that contains a user’s personal files.
HTTPS Protocol used to send web pages securely over the Internet.
Identity theft Stealing personal data in order to impersonate a person.
Key escrow Idea of having encryption keys stored by a third party company so the government can access them if needed.
Key logger Software or hardware which records all key strokes on a computer system
Key pair A public key and private key that work together in a public encryption system.
Macro virus Virus that takes advantage of the macro programming languages built into some software.
Malware Generic name for malicious software
Multi-factor authentication Use of several authentication techniques together, such as passwords and security tokens.
One time password Password generated by a security token, which expires as soon as it is used.
Packet sniffer Software or hardware used to collect data travelling over a network.
Passphrase Word or phrase used to authenticate a user.
Password Word or phrase used to authenticate a user.
Pharming Technique used by criminals to alter DNS records and drive users to fake sites, to committing phishing.
Phishing Use of fake emails and web sites to trick users into revealing sensitive data
Physical security Locks, alarms, and other techniques used to securely a building or computer room.
Plaintext Message before it is encrypted, or after it has been decrypted.
Private key Key used for decryption in a public key encryption system
Public key Key used for encryption in a public key encryption system.
Public key encryption Encryption system in which two keys are used: a public key used only to encrypt data, and a private key used only to decrypt it.
Root user User will full control over a computer system.
Rootkit Type of malware which infiltrates the operating system and attempts to hide itself from view.
Secret key encryption Encryption system in which a single key is used for both encryption and decryption.
Secure Socket Layer System used to encrypt https web traffic.
Security token Hardware device that must be present during login to authenticate a user.
Security update Software update to fix a security problem discovered in software
Smishing Phishing attacks committed using text messages (SMS)
Social engineering Tricking a user into revealing their password or other sensitive data.
Spam Unwanted, bulk email.
Spam bot Program that scans web pages for email address, in order to send spam
Spam filters Program designed to identify and block spam messages while letting genuine messages through.
Spyware Malware which covertly records a user's actions, such as their key presses.
SSL System used to encrypt https web traffic.
Symmetric key encryption Encryption system in which a single key is used for both encryption and decryption.
System administrator Personal in overall charge of a computer system in an organisation.
TLS System used to encrypt https web traffic
Transport Layer Security System used to encrypt https web traffic
Trojan horse Malware which pretends to be a genuinely useful program to trick the user into using it.
Unauthorised access Gaining illegal access to a computer system
Virus Computer program which damages files and data spreads when infected programs are copied.
Virus definition file Used by anti-virus programs to recognise known viruses.
Vishing Phishing attacks committed using telephone calls or VoIP systems.
Vulnerability scanner Software to scan a system for potential security problems.
Web bug Technique used by spammers to detect if an email address is valid or not.
WEP Wired Equivalence Protocol. Wireless network encryption system.
Show full summary Hide full summary

Similar

Cory & Manuel_1
Prudensiano Manu
Connected Educators
Remind
Maths GCSE - What to revise!
sallen
Exchange surfaces and breathing
megan.radcliffe16
Cell Organelles and Functions
Melinda Colby
A-level Maths: Key Differention Formulae
humayun.rana
Unit 1 flashcards
C R
CCNA Security 210-260 IINS - Exam 2
Mike M
Dr Jekyll and Mr Hyde
rachel allan
Specific topic 7.7 Timber (tools/equipment/processes)
T Andrews