Chapter 9 - Security

4.9(20)
studied byStudied by 1224 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/29

flashcard set

Earn XP

Description and Tags

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

30 Terms

1
New cards
Authentication
The process of verifying that you really are the person allowed to access a given computer.

(1) What you know (such as username and password)
(2) What you have (such as key/phone muti-factor authentication)
(3) What you are (such as fingerprint or iris scanner)

Authentication is authenticating user to let them IN.

Found in Lecture 9 Part 1 - Security
2
New cards
Does a computer store passwords in text?
NO

Stored passwords are encrypted, typically via hashing.

Found in Lecture 9 Part 1 - Security
3
New cards
Password cracker
computer program used to discover passwords from a hashed password file

Found in Lecture 9 Part 1 - Security
4
New cards
Suppose you created a 6-character password, using only the letters a-z and 0-9. How many
different passwords are possible?

Is this secure?
36 x 36 x 36 x 36 x 36 x 36 = 36^6 = 2,176,782,336 (over a billion possibilities!).

A 6-character password, even if RANDOM, is NOT a good password

Found in Lecture 9 Part 1 - Security
5
New cards
What are good password practices when CHOOSING a specific password?
- Use long password (at least 8 chars)

- Use a mixture of uppercase and lowercase letters, digits, and special symbols.

- Consider using the first letter of some long phrase that is meaningful to you, mixed with some digits or special symbols.

- Avoid personal info such as name, userID, pet's name, or birth date.

- Avoid common dictionary words.

- Avoid obvious choices like "abcde", "123456"...

Found in Lecture 9 Part 1 - Security
6
New cards
What are good password practices for USING passwords?
- Change your password often (many systems require this), DO NOT reuse old passwords.

- Use different passwords for different applications.

- Don't tell anyone your password.

- Don't write your password down.

- Use a password manager (password vault), a central cite that securely stores all your passwords in encrypted form.

- Be very careful about entering a password over an unencrypted wireless network.

Found in Lecture 9 Part 1 - Security
7
New cards
Authorization
governs what an authenticated user is allowed to do

Authorization is deciding what user can do once IN.

Found in Lecture 9 Part 1 - Security
8
New cards
Access control lists (RWX)
Lists kept by the operating systems keeps that specify exactly what a user is allowed to do and disallows any action where the user does not have the proper privilege.

RWX = Read-Write-eXecute

Found in Lecture 9 Part 1 - Security
9
New cards
Computer security
prevention of unauthorized computer access

This includes viewing, changing, or destroying a computer or data

Found in Lecture 9 Part 1 - Security
10
New cards
Computer breach
a case of unauthorized computer access

Found in Lecture 9 Part 1 - Security
11
New cards
Hack
a malicious computer breach

the most common computer breach

Found in Lecture 9 Part 1 - Security
12
New cards
Security hole
an aspect of a computer that can be used to breach security

Most of the security holes are in the OS (remember, the OS is 40+ million LOC)

Found in Lecture 9 Part 1 - Security
13
New cards
Malware
MALicious softWARE

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9
14
New cards
Virus
program/file that can copy itself when activated

works like a biological virus ... embeds itself into program/file ...
when program/file activated, the virus is copied

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9
15
New cards
worm
standalone program that can replicate itself

similar to virus, but can send copies of items to other computers ...
does NOT need to embed in a file

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9
16
New cards
Trojan horse
pretends to do legitimate task while breaching security

appears to do a legitimate task but also doing something nasty
e.g., catching credit card keystrokes

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9
17
New cards
denial of service
authorized user's access interrupted due to malicious action

tons of traffic to some site shuts down site to legitimate users, as site can't handle the # of requests

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9
18
New cards
botnet
herd of computers controlled to perform task w/o user's knowledge

Botnets can cause new attacks to get more infected computers

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9
19
New cards
phishing
An attempt to obtain sensitive information by disguising as a trustworthy entity in an electronic communication

Phishing is NOT malware.

Example:
Sending an email for a mandatory training at a company, but linking to a malicious site where
the user must enter their company credentials

Found in Lecture 9 Part 2 - Security and zyBooks chapter 9
20
New cards
Social Engineering
The "psychological manipulation of people into performing actions or divulging confidential information"

Examples:
-Leaving an infected thumb drive in an employee parking lot
-Calling customer support claiming you are someone else and cannot remember your password
-Wearing a suit and confidently walking into a large corporation, discretely plugging in a small device on the network
-Sending an email for a mandatory training at a company, but linking to a malicious site where the user must enter their company credentials

Found in Lecture 9 Part 2 - Security
21
New cards
Caesar cipher
Also known as Shift cipher.

Simplest form of encryption.

Shift letters by a certain amount.
To decrypt: Unshift by the same amount (backwards!).

SYMMETRIC encryption algorithm.
Substitution cipher.

Clearly NOT that secure ... only have to try at most 25 combinations to break

KEY POINT: simple one character substitutions are NOT very secure

Found in Lecture 9 Part 2 - Security
22
New cards
Symmetric Encryption Algorithm
requires one secret key known by BOTH sender and receiver

Found in Lecture 9 Part 2 - Security and Crash Course Cryptography video
23
New cards
Asymmetric Encryption Algorithm
requires two secret keys:
-1 public key known by BOTH sender and receiver
-1 private key known by ONLY receiver

no way to transmit a single shared key electronically; instead, better to have asymmetric algorithm with public and private keys

Found in Lecture 9 Part 3
24
New cards
Data Encryption Standard (DES)
- Block cipher
- 64-bit block going in
- 56-bit secret key
- Uses simple operations (substitutions, reductions, expansions, and permutations)
- 16 rounds

DES is a SYMMETRIC algorithm

Found in Lecture 9 Part 3 - Security
25
New cards
Advanced Encryption Standard (AES)
A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES. A key length can be 128, 192 or 256 bits!

Found in Lecture 9 Part 3 - Security
26
New cards
RSA
most common public-key encryption algorithm today

RSA = Rivest, Shamir, Adleman (The authors of the public-key encryption algorithm)
27
New cards
Steganography
the practice of hiding the very existence of a message

can conceal a file/image/message/etc. in another file

Found in Lecture 9 Part 3 - Security
28
New cards
Block cipher
operates on input characters in groups (or blocks). It encodes block of characters together.

Three steps:
1) Apply S Mapping (A=1, B=2, etc).
2) Multiply S result with matrix X (wraparound using modular arithmetic).
3) Apply S' to multiplication result (aka convert the digit output to characters).

algorithm "scatters" the plaintext throughout the ciphertext w/matrix multiplication

Found in Lecture 9 Part 3 - Security
29
New cards
How to decode Block cipher?
Use same step/algorithm as block cipher but you multiply the encrypted message by the invertible matrix X' instead!

Found in Lecture 9 Part 3 - Security
30
New cards
Cryptographic agility
How quickly software can support new cryptographic algorithms

Found in Post Quantum Cryptography reading