Chapter 9 - Security

studied byStudied by 1224 people
4.9(20)
Get a hint
Hint

Authentication

1 / 29

flashcard set

Earn XP

Description and Tags

30 Terms

1

Authentication

The process of verifying that you really are the person allowed to access a given computer.

(1) What you know (such as username and password) (2) What you have (such as key/phone muti-factor authentication) (3) What you are (such as fingerprint or iris scanner)

Authentication is authenticating user to let them IN.

Found in Lecture 9 Part 1 - Security

New cards
2

Does a computer store passwords in text?

NO

Stored passwords are encrypted, typically via hashing.

Found in Lecture 9 Part 1 - Security

New cards
3

Password cracker

computer program used to discover passwords from a hashed password file

Found in Lecture 9 Part 1 - Security

New cards
4

Suppose you created a 6-character password, using only the letters a-z and 0-9. How many different passwords are possible?

Is this secure?

36 x 36 x 36 x 36 x 36 x 36 = 36^6 = 2,176,782,336 (over a billion possibilities!).

A 6-character password, even if RANDOM, is NOT a good password

Found in Lecture 9 Part 1 - Security

New cards
5

What are good password practices when CHOOSING a specific password?

  • Use long password (at least 8 chars)

  • Use a mixture of uppercase and lowercase letters, digits, and special symbols.

  • Consider using the first letter of some long phrase that is meaningful to you, mixed with some digits or special symbols.

  • Avoid personal info such as name, userID, pet's name, or birth date.

  • Avoid common dictionary words.

  • Avoid obvious choices like "abcde", "123456"...

Found in Lecture 9 Part 1 - Security

New cards
6

What are good password practices for USING passwords?

  • Change your password often (many systems require this), DO NOT reuse old passwords.

  • Use different passwords for different applications.

  • Don't tell anyone your password.

  • Don't write your password down.

  • Use a password manager (password vault), a central cite that securely stores all your passwords in encrypted form.

  • Be very careful about entering a password over an unencrypted wireless network.

Found in Lecture 9 Part 1 - Security

New cards
7

Authorization

governs what an authenticated user is allowed to do

Authorization is deciding what user can do once IN.

Found in Lecture 9 Part 1 - Security

New cards
8

Access control lists (RWX)

Lists kept by the operating systems keeps that specify exactly what a user is allowed to do and disallows any action where the user does not have the proper privilege.

RWX = Read-Write-eXecute

Found in Lecture 9 Part 1 - Security

New cards
9

Computer security

prevention of unauthorized computer access

This includes viewing, changing, or destroying a computer or data

Found in Lecture 9 Part 1 - Security

New cards
10

Computer breach

a case of unauthorized computer access

Found in Lecture 9 Part 1 - Security

New cards
11

Hack

a malicious computer breach

the most common computer breach

Found in Lecture 9 Part 1 - Security

New cards
12

Security hole

an aspect of a computer that can be used to breach security

Most of the security holes are in the OS (remember, the OS is 40+ million LOC)

Found in Lecture 9 Part 1 - Security

New cards
13

Malware

MALicious softWARE

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9

New cards
14

Virus

program/file that can copy itself when activated

works like a biological virus ... embeds itself into program/file ... when program/file activated, the virus is copied

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9

New cards
15

worm

standalone program that can replicate itself

similar to virus, but can send copies of items to other computers ... does NOT need to embed in a file

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9

New cards
16

Trojan horse

pretends to do legitimate task while breaching security

appears to do a legitimate task but also doing something nasty e.g., catching credit card keystrokes

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9

New cards
17

denial of service

authorized user's access interrupted due to malicious action

tons of traffic to some site shuts down site to legitimate users, as site can't handle the # of requests

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9

New cards
18

botnet

herd of computers controlled to perform task w/o user's knowledge

Botnets can cause new attacks to get more infected computers

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9

New cards
19

phishing

An attempt to obtain sensitive information by disguising as a trustworthy entity in an electronic communication

Phishing is NOT malware.

Example: Sending an email for a mandatory training at a company, but linking to a malicious site where the user must enter their company credentials

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9

New cards
20

Social Engineering

The "psychological manipulation of people into performing actions or divulging confidential information"

Examples: -Leaving an infected thumb drive in an employee parking lot -Calling customer support claiming you are someone else and cannot remember your password -Wearing a suit and confidently walking into a large corporation, discretely plugging in a small device on the network -Sending an email for a mandatory training at a company, but linking to a malicious site where the user must enter their company credentials

Found in Lecture 9 Part 2 - Security

New cards
21

Caesar cipher

Also known as Shift cipher.

Simplest form of encryption.

Shift letters by a certain amount. To decrypt: Unshift by the same amount (backwards!).

SYMMETRIC encryption algorithm. Substitution cipher.

Clearly NOT that secure ... only have to try at most 25 combinations to break

KEY POINT: simple one character substitutions are NOT very secure

Found in Lecture 9 Part 2 - Security

New cards
22

Symmetric Encryption Algorithm

requires one secret key known by BOTH sender and receiver

Found in Lecture 9 Part 2 - Security and Crash Course Cryptography video

New cards
23

Asymmetric Encryption Algorithm

requires two secret keys: -1 public key known by BOTH sender and receiver -1 private key known by ONLY receiver

no way to transmit a single shared key electronically; instead, better to have asymmetric algorithm with public and private keys

Found in Lecture 9 Part 3

New cards
24

Data Encryption Standard (DES)

  • Block cipher

  • 64-bit block going in

  • 56-bit secret key

  • Uses simple operations (substitutions, reductions, expansions, and permutations)

  • 16 rounds

DES is a SYMMETRIC algorithm

Found in Lecture 9 Part 3 - Security

New cards
25

Advanced Encryption Standard (AES)

A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES. A key length can be 128, 192 or 256 bits!

Found in Lecture 9 Part 3 - Security

New cards
26

RSA

most common public-key encryption algorithm today

RSA = Rivest, Shamir, Adleman (The authors of the public-key encryption algorithm)

New cards
27

Steganography

the practice of hiding the very existence of a message

can conceal a file/image/message/etc. in another file

Found in Lecture 9 Part 3 - Security

New cards
28

Block cipher

operates on input characters in groups (or blocks). It encodes block of characters together.

Three steps:

  1. Apply S Mapping (A=1, B=2, etc).

  2. Multiply S result with matrix X (wraparound using modular arithmetic).

  3. Apply S' to multiplication result (aka convert the digit output to characters).

algorithm "scatters" the plaintext throughout the ciphertext w/matrix multiplication

Found in Lecture 9 Part 3 - Security

New cards
29

How to decode Block cipher?

Use same step/algorithm as block cipher but you multiply the encrypted message by the invertible matrix X' instead!

Found in Lecture 9 Part 3 - Security

New cards
30

Cryptographic agility

How quickly software can support new cryptographic algorithms

Found in Post Quantum Cryptography reading

New cards

Explore top notes

note Note
studied byStudied by 9 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 4 people
Updated ... ago
4.0 Stars(1)
note Note
studied byStudied by 33 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 10 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 18 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 58 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 21 people
Updated ... ago
5.0 Stars(2)
note Note
studied byStudied by 2074 people
Updated ... ago
5.0 Stars(11)

Explore top flashcards

flashcards Flashcard25 terms
studied byStudied by 1 person
Updated ... ago
5.0 Stars(1)
flashcards Flashcard44 terms
studied byStudied by 10 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard40 terms
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard39 terms
studied byStudied by 18 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard140 terms
studied byStudied by 3 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard106 terms
studied byStudied by 16 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard77 terms
studied byStudied by 4 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard496 terms
studied byStudied by 767 people
Updated ... ago
5.0 Stars(8)