csp chapter 5

heuristic approach

approach that gives results that are “good enough” when an exact answer isn’t necessary

traveling salesman problem (TSP)

to map out shortest route for visiting a list of cities and returning to original city

• computationally hard

• NP problem

computationally hard

even computers would take very long amounts of time to find the exact solution

NP problem

“nondeterministic polynomial time”

• can be verified, but not solved in an efficient amount of time

P problem

problem that can be both solved and verified

hackers

“black hats” - exploit weaknesses on a computer or network

white hat hackers

explore vulnerabilities on a computer or network to fix weaknesses and make data more secure

CIA triad

• confidentiality

  • private data should remain private and companies should take steps so hackers cannot access this information

• integrity

  • data should be protected from being altered or deleted by hackers

• availability

  • all data should be accessible by authorized parties at appropriate times

malware

• malicious software

• installed w/ intention of causing damage to computer or network

virus

program that infects other programs and usually spreads to other programs or computers by copying itself repeatedly

• spread due to user behavior

• need application to use as a host

worms

standalone pieces of malware that disrupt networks

• human interaction is not necessary for worms to copy themselves repeatedly

logic bomb

malicious code that doesn’t execute until certain conditions are met

• code that will delete or encrypt data after a fixed amount of time

trojan horse

malware designed to hide its true intent

• serve as backdoors to infected computers

backdoor

secret way to bypass traditional access to a device or network

• not always bad

distributed denial-of-service attack (DDoS)

• hackers flood a site w/ fake requests making the site’s resources unavailable for legitimate users

• must employ a large network of internet bots (botnet) to carry out these attacks

botnet

large network of internet robots controlled by a command and control server, often used for DDoS attacks

phishing

using “bait” to trick users into entering sensitive information

spear phishing

targets a specific person or group using pre-existing knowledge

password strength

main way to increase password strength: make it longer

• combine 4 or more random words into a long word

hashing

process of running data through function that returns a fixed length value

• one way function: easy to do, hard to undo

• MD5, SHA-256, bcrypt (good)

salting passwords

random set of characters added to password

• good for avoiding use of lookup and rainbow tables

multi-factor authentication (two-factor authentication)

combine something the user knows, has, and is

• knows: password, SSN, knowledge

• has: phone, physical ID, physical authentication

• is: fingerprint, face, iris, DNA

encryption

taking text and converting it so it’s illegible

• decryption does the opposite

cipher

pair of algorithms that give details on how to encrypt/decrypt data

diffie-hellman encryption

first public key encryption protocol - considered key exchange algorithm (swaps private keys needed for other encryption algorithms)

RSA

• followed diffie-hellman

• allows for digital signatures

TLS and SSL

• uses public key by authenticating digital certificate (trusted third party that verifies control of site)

• transport layer security and secure sockets layer (TLS is newer but referred to as SSL)