Computer Science Illuminated - Chapter 17

Information security

techniques and policies used to ensure proper access to protected data

CIA triad

synthesis of confidentiality, integrity, and availability

Confidentiality

ensuring data is protected from unauthorized access

Integrity

ensuring that data can be changed only by appropriate mechanisms

Availability

degree of authorized users' access to information for legitimate purposes

Risk analysis

process of figuring out nature and likelihood of risks to key data

What principle is used by information security experts through having redundant checks and/or approvals needed for key activities?

concept of separating available data management privileges to avoid individuals to have an impact on system

User authentication

process of verifying credentials of a user on a computer or software system

Authentication credentials

info used for identification

Smart card

card embedded with a memory chip used to identify users and control access

Name three general types of authentication credentials

1) username, password, PIN

2) smart card

3) biometrics

Biometrics

using physiological characteries to identify users and control access

General criteria for creating a password

6 or more characters

1 uppercase/lowercase

1 digit

1 special character

Password criteria

set of rules that must be followed when creating a password

Password management software

program that helps you manage sensitive data in a secure manner

CAPTCHA

software mechanism used to verify that web form is submitted by a human and not a computer

What does CAPTCHA stand for?

Completely
Automated
Public
Turing (test to tell)
Computers (and)
Humans
Apart

reCAPTCHA

Software that helps digitize books at the same time

Fingerprint analysis

scanning technique used for user authentication by copying user's fingerprint

Malicious code/malware

computer program that tries to bypass authorization safeguards and/or perform unauthorized functions

Computer virus

malicious, self-replicating program that embeds itself into other codes

Worm

malicious stand-alone program that often targets network resources

Trojan horse

malicious program disguised as a benevolent resource

Logic bomb

malicious program that's set up to execute when specific system event occurs

Antivirus software

software for detecting/removing/preventing malicious software

Signature detection

software that looks for recognizable patterns of malware within executable code and removes it

Heuristics

strategies used to identify general patterns of malicious codes

Password guessing

attempt to get access to computer system by repeatedly guessing/using different passwords to get user's password

Phishing

technique that tries to look like a trusted web page to trick users to reveal their security information

Spoofing

attack on computer system where malicious user disguises self as an authorized user

Back door

program feature that allows special access into computer system or application to anyone who knows it exists

Buffer overflow

defect in program that can cause system crashes and leave user with heightened privileges

Denial of service (DoS)

network resource attack preventing authorized users from accessing the system

Man-in-the-middle

security attack where network communication is intercepted in attempt to obtain key data

Cryptography

field of study related to encoded information

Encryption

process of converting plaintext into ciphertext

Decryption

translating ciphertext into plaintext

Cipher

algorithm used to perform particular type of encryption and decryption

Substitution ciphers

cipher that substitutes one character with another

Caesar cipher

substitution cipher that shifts characters certain number of positions in alphabet

Transposition ciphers

cipher that rearranges characters order in a message

Route cipher

transposition cipher that lays out message in a grid and traverses it in a particular way

Cryptanalysis

decrypting process without knowing the cipher or key used to encrypt it

Public-key cryptography

each user has two related keys (private and public)

Digital signatures

data that is appended to message that's made from message and the sender's private key to ensure message authenticity

Digital certificate

representation of sender's authenticated public key used to minimize malicious forgeries

Security policy

written statement describing constraints or behavior an organization embraces regarding information provided by its users

Global Positioning System (GPS)

system that uses satellites to pinpoint location of any GPS receiver

Encrypted information vs decrypted information

Encrypted information cannot be read

Decrypted information can be read

Wiki

website that can be created and edited by multiple users

WikiLeaks

organization that publishes secret and classified documents on Web and hides information sources from government

Password

string of characters only you should know as the user of a particular account

Why does the touch ID system have issues recognizing users?

if the scanner is not clean or if the initial fingerprint scan was not done carefully

Online gambling issues

potential for fraud, reduction in state tax revenues

False rejection

rejecting an authorized individual

False acceptance

accepting an unauthorized individual

Buffer underflow

when a buffer is used to communicate between two devices/processes but it's fed with data at a lower speed than the data is being read from it

Biometrics vs PIN

1) authentication credentials that are related to what a person is physiologically

2) authentication credentials that is based on something that the user knows