CHAPTER 3 Flashcards by Angie Morales

involves policies, procedures, and controls that determine
who can access the operating system, which resources (files, programs, printers, etc.)
they can use, and what actions they can take.

Operating system security

How well did you know this?

Not at all

Perfectly

is the computer’s control program. It allows users and their
applications to share and access common computer resources, such as processors, main
memory, databases, and printers.

operating system

How well did you know this?

Not at all

Perfectly

is a program whose purpose is to capture IDs and passwords from unsus-
pecting users. These programs are designed to mimic the normal log-on procedures of the
operating system.

Trojan horse

How well did you know this?

Not at all

Perfectly

is a software program that allows unauthorized
access to a system without going through the normal (front door) log-on procedure. Pro-
grammers who want to provide themselves with unrestricted access to a system that they
are developing for users may create a log-on procedure that will accept either the user’s
private password or their own secret password, thus this to the system.
The purpose of this may be to provide easy access to perform program main-
tenance, or it may be to perpetrate a fraud or insert a virus into the system.

A back door (also called a trap door)

How well did you know this?

Not at all

Perfectly

is a destructive program, such as a virus, that some predetermined event
triggers. Often a date (such as Friday the 13th, April Fool’s Day, or the 4th of July) will
be the logic bomb’s trigger. Events of less public prominence, such as the dismissal of an
employee, have also triggered these bombs.

logic bomb

How well did you know this?

Not at all

Perfectly

is used interchangeably with virus. It is a software program that
virtually burrows into the computer’s memory and replicates itself into areas of idle
memory. This systematically occupies idle memory until the memory is exhausted
and the system fails.

worm

How well did you know this?

Not at all

Perfectly

is a program (usually destructive) that attaches itself to a legitimate program
to penetrate the operating system and destroy application programs, data files, and
the operating system itself. An insidious aspect of this is its ability to spread
throughout the host system and on to other systems before perpetrating its destruc-
tive acts.

virus

How well did you know this?

Not at all

Perfectly

is a random access technique that detects collisions when they occur.
This technique, which is formally labeled carrier-sensed multiple access with collision
detection (CSMA/CD), is used with the bus topology.

Carrier sensing

How well did you know this?

Not at all

Perfectly

involves transmitting a special signal—the token—around the network
from node to node in a specific sequence. Each node on the network receives the
token, regenerates it, and passes it to the next node. Only the node possessing the
token is allowed to transmit data.

Token passing

How well did you know this?

Not at all

Perfectly

is the most popular technique for establishing a communication session in
WANs. One site, designated the master, polls the other slave sites to determine if they
have data to transmit. If a slave responds in the affirmative, the master site locks the
network while the data are transmitted.

Polling

How well did you know this?

Not at all

Perfectly

Two or more signals transmitted simultaneously will
result in a _________, which destroys both messages.

data collision

How well did you know this?

Not at all

Perfectly

is the most popular LAN topology. It is so
named because the nodes are all connected to a common cable—the bus. One or more
servers centrally control communications and file transfers between workstations. As
with the ring topology, each node on the bus has a unique address, and only one node
may transmit at a time. The technique, which has been used for over two decades, is
simple, reliable, and generally less costly to install than the ring topology.

bus topology

How well did you know this?

Not at all

Perfectly

The term client-server is often misused to describe any type of network arrangement. In
fact, the _____ has specific characteristics that distinguish it from the
other topologies.

client-server topology

How well did you know this?

Not at all

Perfectly

eliminates the central site. This is a
peer-to-peer arrangement in which all nodes are of equal status; thus, responsibility for
managing communications is distributed among the nodes.

ring topology

How well did you know this?

Not at all

Perfectly

is one in which a host computer is connected to several levels of
subordinate, smaller computers in a master–slave relationship. This structure is applicable
to firms with many organizational levels that must be controlled from a central location.

hierarchical topology

How well did you know this?

Not at all

Perfectly

describes a network of computers with a large
central computer (the host) at the hub that has direct connections to a periphery of smaller computers. Communications between the nodes in the star are managed and
controlled from the host site.

star topology

How well did you know this?

Not at all

Perfectly

LAN nodes often share common resources such as programs, data, and printers,
which are managed through special-purpose computers called

servers

How well did you know this?

Not at all

Perfectly

The physical connection of workstations to the LAN is achieved through a ________, which fits into one of the expansion slots in the microcomputer.
This device provides the electronic circuitry needed for internode communications. The
_______ works with the network control program to send and receive messages, programs,
and files across the network.

network
interface card (NIC)

How well did you know this?

Not at all

Perfectly

is the physical arrangement of the components (e.g., nodes, servers,
communications links, etc.) of the network.

network topology

How well did you know this?

Not at all

Perfectly

The computers connected to a LAN are called

nodes

How well did you know this?

Not at all

Perfectly

is the document format used to produce Web pages.
It defines the page layout, fonts, and graphic elements as well as hypertext links to
other documents on the Web. It is used to lay out information for display in an
appealing manner such as one sees in magazines and newspapers.

Hypertext markup language (HTML)

How well did you know this?

Not at all

Perfectly

is used to connect to Usenet groups on the
Internet. Usenet newsreader software supports the NNTP protocol

Network news transfer protocol (NNTP)

How well did you know this?

Not at all

Perfectly

is a private network within a public network. For years,
common carriers have built VPNs, which are private from the client’s perspective, but
physically share backbone trunks with other users.

A virtual private network (VPN)

How well did you know this?

Not at all

Perfectly

This is a password-controlled
network for private users rather than the general public. Extranets are used to provide
access between trading partner internal databases. Internet sites containing information
intended for private consumption frequently use an extranet configuration.

Extranet

How well did you know this?

Not at all

Perfectly

is an Internet facility that links user sites locally and around the world. In 1989, Tim Berners-Lee of the European Center for Nuclear Research (CERN) in Geneva developed the Web as a means of sharing nuclear research information over the Internet. The fundamental format for the Web is a text document called a Web page that has embedded hypertext markup language (HTML) codes that provide the formatting for the page as well as hypertext links to other pages.

World Wide Web (WWW)

is used to restrict employees who are sharing the same computers to specific directories, programs, and data files. Under this approach, different passwords are used to access different functions. Thus, each employee is required to enter a password to access his or her applications and data.

Multilevel password control

The intercompany exchange of computer-processable business information in stan- dard format.

electronic data interchange

incorporates an extra bit (the parity bit) into the structure of a bit string when it is created or transmitted. Parity can be both verti- cal and horizontal (longitudinal).

The parity check

involves the receiver of the message returning the mes- sage to the sender. The sender compares the returned message with a stored copy of the original. If there is a discrepancy between the returned message and the original, suggesting a transmission error, the message is retransmitted. This technique reduces, by one-half, throughput over communications channels. Using full-duplex channels, which allow both parties to transmit and receive simultaneously, can increase throughput.

Echo Check. The echo check

The most common problem in data communications is data loss due to. The bit structure of the message can be corrupted through noise on the communications lines.

Line Errors

is made up of random signals that can interfere with the message signal when they reach a certain level.

Noise

requires the dial-in user to enter a password and be identified. The system then breaks the connection to perform user authentication. If the caller is authorized, the call-back device dials the caller’s number to establish a new connection. This restricts access to authorized terminals

call-back device

An intruder may attempt to prevent or delay the receipt of a message from the sender. When senders and receivers are not in constant contact, the receiver may not know if the communications channel has been interrupted and that messages have been diverted. Using __________, a control message from the sender and a response from the receiver are sent at periodic, synchronized intervals. The timing of the messages should fol- low a random pattern that will be difficult for the intruder to determine and circumvent.

request-response technique

An intruder may successfully penetrate the system by trying different password and user ID combinations. Therefore, all incoming and outgoing messages, as well as attempted (failed) access, should be recorded in a ________. The log should record the user ID, the time of the access, and the terminal location or telephone number from which the access originated.

message transaction log

An intruder in the communications channel may attempt to delete a message from a stream of messages, change the order of messages received, or duplicate a message. Through message sequence numbering, a sequence number is inserted in each message, An intruder in the communications channel may attempt to delete a message from a stream of messages, change the order of messages received, or duplicate a message. Through__________ a sequence number is inserted in each message, and any such attempt will become apparent at the receiving end. and any such attempt will become apparent at the receiving end.

message sequence numbering,

is electronic authentication that cannot be forged. It ensures that the message or document that the sender transmitted was not tampered with after the signa- ture was applied.

digital signature

The _____ is a mathematical value calculated from the text content of the message. The ______ is then encrypted using the sender’s private key to produce the digital signature.

digest

Verifying the sender’s identity requires a _______, which is issued by a trusted third party called a _________.A digital certificate is used in conjunction with a public key encryption system to authenticate the sender of a message.

digital certificate, certification authority (CA).

is the conversion of data into a secret code for storage in databases and transmission over networks. The sender uses an ______ algorithm to convert the original message (called cleartext) into a coded equivalent (called ciphertext). At the receiving end, the ciphertext is decoded (decrypted) back into cleartext.

Encryption

The earliest encryption method is called the ______, which Julius Caesar is said to have used to send coded messages to his generals in the field. Like modern-day encryption, it has two fundamental components: a key and an algorithm.

Caesar cipher

The ____ is a mathematical value that the sender selects.

key

The is the proce- dure of shifting each letter in the cleartext message the number of positions that the key value indicates

algorithm

Two commonly used methods of encryption are

private key and public key encryption.

it is a Private Key Encryption that is a 128-bit encryp- tion technique that has become a U.S. government standard for private key encryption. The AES algorithm uses a single key known to both the sender and the receiver of the message. To encode a message, the sender provides the encryption algorithm with the key, which is used to produce a ciphertext message. The message enters the communica- tion channel and is transmitted to the receiver’s location, where it is stored. The receiver decodes the message with a decryption program that uses the same key the sender employs

Advance encryption standard (AES)

s an enhancement to an older encryption technique called the data encryption standard (DES). It provides considerably improved secu- rity over most single encryption techniques.

Triple DES encryption

Two forms of triple-DES encryption are

EEE3 and EDE3.

uses three different keys to encrypt the message three times.

EEE3

uses one key to encrypt the message

EDE3

uses two different keys: one for encoding messages and the other for decoding them. Each recipient has a private key that is kept secret and a public key that is published. The sender of a message uses the receiver’s public key to encrypt the message. The receiver then uses his or her private key to decode the message. Users never need to share their private keys to decrypt messages, thus reducing the likelihood that they fall into the hands of a criminal.

Public key encryption

is a highly secure public key cryptography method. This method is, however, computationally intensive and much slower than standard DES encryption.

Rivest-Shamir-Adleman (RSA)

Sometimes, both DES and RSA are used together in what is called a

digital envelope

is the computer’s control program. It allows users and their applications to share and access common computer resources, such as processors, main memory, databases, and printers.

operating system

As a countermeasure to DDoS attacks, many organizations have invested in intrusion _________ that employ _________to determine when an attack is in progress. DPI uses a variety of analytical and statistical techniques to evalu- ate the contents of message packets. It searches the individual packets for protocol non- compliance and employs predefined criteria to decide if a packet can proceed to its destination.

prevention systems (IPS) deep packet inspection (DPI)

provide a higher level of customizable network security, but they add overhead to connectivity. These systems are configured to run security applications called proxies that permit routine services such as e-mail to pass through the firewall, but can perform sophisticated functions such as user authentication for spe- cific tasks. It also provide comprehensive transmission logging and auditing tools for reporting unauthorized activity.

Application-level firewalls

provide efficient but low-security access control. This type of firewall consists of a screening router that examines the source and destination addresses that are attached to incoming message packets. The firewall accepts or denies access requests based on filtering rules that have been programmed into it and directs incoming calls to the correct internal receiving node. These are insecure because they are designed to facilitate the free flow of information rather than restrict it. This method does not explicitly authenticate outside users.

Network-level firewalls

is a system of software and hardware that prevents unauthorized access to or from a private network. Typically these are implemented to prevent unauthorized Internet users and hackers from accessing private networks that are connected to the Internet.

firewall

. The motivation behind DoS attacks may originally have been to punish an organization with which the perpetrator had a grievance or simply to gain bragging rights for being able to do it.

Motivation behind DoS Attacks

These collections of compro- mised computers are known as .

botnets

attack may take the form of a SYN flood or smurf attack. The distinguishing feature of the DDoS is the sheer scope of the event. The perpetrator of a DDoS attack may employ a virtual army of so-called _____ or bot (robot) computers to launch the attack. Because vast numbers of unsuspecting intermediaries are needed, the attack often involves one or more _______ networks as a source of zombies.

A distributed denial of service (DDoS) zombie Internet relay chat (IRC)

is a popular interactive service on the Internet that lets thousands of people from around the world engage in real-time communications via their computers.

IRC or Internet Relay Chat

involves three parties: the perpetrator, the intermedi- ary, and the victim. It is accomplished by exploiting an Internet maintenance tool called a ping, which is used to test the state of network congestion and determine whether a particular host computer is connected and available on the network.

smurf attack

uses a program to create a ping message packet that contains the forged IP address of the victim’s computer (IP spoofing) rather than that of the actual source computer. The ping message is then sent to the intermediary, which is actually an entire subnetwork of computers. By sending the ping to the net- work’s IP broadcast address, the perpetrator ensures that each node on the intermediary network receives the echo request automatically. Consequently, each intermediary node sends echo responses to the ping message, which are returned to the victim’s IP address, not that of the source computer. The resulting flood echoes can overwhelm the victim’s computer and cause network congestion that makes it unusable for legitimate traffic.

The perpetrator of a smurf attack

is an unwilling and unaware party. Indeed, the intermediary is also a victim and to some extent suffers the same type of network con- gestion problems the target victim suffers. One method of defeating smurf attacks is to disable the IP broadcast addressing option at each network firewall and thus eliminate the intermediary’s role. In response to this move, however, attackers have developed tools to search for networks that do not disable broadcast addressing. These networks may subsequently be used as intermediaries in smurf attacks. Also, perpetrators have developed tools that enable them to launch smurf attacks simultaneously from multiple intermediary networks for maximum effect on the victim.

The intermediary in a smurf attack

is an assault on a Web server to prevent it from servicing its legitimate users. Although such attacks can be aimed at any type of Web site, they are particularly devastating to business entities that are prevented from receiving and proces- sing business transactions from their customers. Three common types of DoS attacks are: SYNchronize (SYN) flood, smurf, and distributed denial of service (DDoS).

A denial of service attacks

. When a user establishes a connection on the Internet through Transfer control protocol/Internet protocol (TCP/IP) (see Internet protocols in the appen- dix), a three-way handshake takes place. The connecting server sends an initiation code called a SYN packet to the receiving server. The receiving server then acknowledges the request by returning a SYNchronize–ACKnowledge (SYN-ACK) packet. Finally, the initi- ating host machine responds with an ACK packet code. The SYN flood attack is accom- plished by not sending the final acknowledgment to the server’s SYN-ACK response, which causes the server to keep signaling for acknowledgement until the server times out.

SYN Flood Attack

is a form of masquerading to gain unauthorized access to a Web server and/ or to perpetrate an unlawful act without revealing one’s identity. To accomplish this, a perpetrator modifies the IP address of the originating computer to disguise his or her identity.

IP spoofing

consist of small LANs and large wide area networks (WANs) that may contain thousands of individual nodes. Intranets are used to connect employees within a single building, between buildings on the same physical campus, and between geographically dispersed locations.

Intranets

are logs that record activity at the system, application, and user level. Operating systems allow management to select the level of auditing to be recorded in the log.

System audit trails

involves recording both the user’s keystrokes and the system’s responses. This form of log may be used after the fact to reconstruct the details of an event or as a real-time control to prevent unauthorized intrusion. Keystroke monitoring is the computer equivalent of a telephone wiretap. Whereas some situations may justify this level of surveillance, keystroke monitoring may also be regarded as a violation of privacy. Before implementing this type of control, management and auditors should consider the possible legal, ethical, and behavioral implications.

Keystroke monitoring

summarizes key activities related to system resources. Event logs typically record the IDs of all users accessing the system; the time and duration of a user’s session; programs that were executed during a session; and the files, databases, printers, and other resources accessed.

Event Monitoring.

can occur in real time or after the fact. The primary objective of real-time detection is to protect the sys- tem from outsiders attempting to breach system controls. A real-time audit trail can also be used to report changes in system performance that may indicate infestation by a virus or worm

Detecting unauthorized access

Audit trail analysis can be used to reconstruct the steps that led to events such as system failures, or security violations by individuals. Knowledge of the conditions that existed at the time of a system failure can be used to assign responsi- bility and to avoid similar situations in the future.

Reconstructing Events.

Audit trails can be used to monitor user activity at the lowest level of detail. This capability is a preventive control that can influence behavior. Individuals are less likely to violate an organization’s security policy when they know that their actions are recorded in an audit log.

Personal Accountability.

was designed to overcome the afore- mentioned problems. Under this approach, the user’s password changes continuously. This technology employs a credit card-sized smart card that contains a microprocessor programmed with an algorithm that generates, and electronically displays, a new and unique password every 60 seconds.

The one-time password

The most common method of password control is the ________. The user defines the password to the system once and then reuses it to gain future access. The quality of the security that a ________ provides depends on the quality of the password itself. If the password pertains to something personal about the user, such as a child’s name, pet’s name, birth date, or hair color, a computer crimi- nal can often deduce it.

reusable password.

is a secret code the user enters to gain access to systems, applications, data files, or a network server.

password

User access privileges are assigned to individuals and to entire workgroups authorized to use the system. Privileges determine which directories, files, applications, and other resources an individual or group may access. They also determine the types of actions that can be taken. Recall that the systems administrator or the owner of the resource may assign privileges. Management should ensure that individuals are not granted privileges that are incompatible with their assigned duties. Consider, for example, a cash receipts clerk who is granted the right to access and make changes to the accounts receivable file

Controlling Access Privileges

The central system administrator usually determines who is granted access to specific resources and maintains the access control list. In distributed systems, however, end users may control (own) resources. Resource owners in this setting may be granted _____________, which allow them to grant access privileges to other users.

discretionary access privileges

is assigned to each IT resource (computer directory, data file, pro- gram, or printer), which controls access to the resources. These lists contain information that defines the access privileges for all valid users of the resource. When a user attempts to access a resource, the system compares his or her ID and privileges contained in the access token with those contained in the ____________. If there is a match, the user is granted access.

access control list

If the log-on attempt is successful, the operating system creates an ________ that contains key information about the user, including user ID, password, user group, and privileges granted to the user. The information in the access token is used to approve all actions the user attempts during the session.

Access Token

is the operating system’s first line of defense against unau- thorized access. When the user initiates the process, he or she is presented with a dialog box requesting the user’s ID and password. The system compares the ID and password to a database of valid users. If the system finds a match, then the log-on attempt is authenticated. If, however, the password or ID is entered incorrectly, the log-on attempt fails and a message is returned to the user. The message should not reveal whether the password or the ID caused the failure. The system should allow the user to reenter the log-on information. After a specified number of attempts (usually no more than five), the system should lock out the user from the system.

A formal log-on procedure

CHAPTER 3 Flashcards

(81 cards)