AP Comp Sci Principles - Computer Security

information security

the techniques and policies used to ensure proper access to data

confidentiality

ensuring that data is protected from unauthorized access

integrity

ensuring that data can be modified by the appropriate mechanisms

availability

the degree at which authorized users can access information for legitimate purposes

risk analysis

determining the nature and likelihood of the risks to key data, goal is to minimize vulnerability to threats that put a system at the most risk

authentication credentials

information users provide to identify themselves for computer access

user authentication

the process of verifying the credentials of a particular user of a computer or software system

user knowledge, smart card, biometrics

types of authentication

user knowledge

name, password, PIN

smart card

a card with an embedded memory chip used for identification

biometrics

human characteristics such as fingerprints, retina, face, or voice patterns

password criteria

a set of rules that must be followed when creating a password

six

a password must contain _____ or more characters

uppercase, lowercase

a password must contain one _____ letter and one _____ letter

digit, special character

a password must contain one _____ and one _____

password management software

a program that helps a user manage passwords in a secure manner

CAPTCHA

software that verifies that the user is a human not a computer by asking the user to identify characters or pictures that are difficult for a program to recognize

reCAPTCHA

software that helps digitize books

malicious code (malware)

a computer program that attempts to bypass appropriate authorization and/or perform unauthorized functions

virus

a malicious, self replicating program that embeds itself in another program, when the host is executed the ___ runs as well, causes problems by corrupting or deleting files

virus host

the infected file is referred to as the _____

worm

malicious, stand alone code that often targets network resources, self replicating but does not require a host, causes problems on the network by sending copies of itself to other programs, usually consuming bandwidth

trojan horse

malicious program disguised as a benevolent resource, will appear to be helpful but actually causes problems when executed, difficult to track down, appears to be beneficial

logic bomb

malicious program that is set up to execute when a specific system event occurs, ex: on a certain date or when a certain program is run

virus, worm, trojan horse, logic bomb

types of malicious code/malware

security attacks

attempts to gain inappropriate access or exploit development flaws

password guessing

attempt to gain access to a computer system by methodically trying to determine a users password, impractical for humans to try but computer programs can try thousands quickly

phishing

using a web page to masquerade as part of a trusted system to trick users into revealing security information, usually you receive an email that claims to be from a company and might ask you to log in to your account to fix an issue

spoofing

an attack on a computer system in which a malicious user masquerades as an authorized user

back door

a program feature that gives special and unauthorized access to a software system to anyone who knows it exists, it can be put there deliberately or exist unintentionally

buffer overflow

a defect in a computer program that could cause a system to crash and leave the user with heightened privileges, an area of memory of a particular size, crashes when user tries to put more information than it can store

denial of service

an attack on a network a network resource that prevents authorized users from accessing the system, caused my flooding a website or network with communication packets that keep it so busy it cannot deal with authorized users, may even cause the system to crash

man in the middle

a security attack in which network communication is intercepted in an attempt to obtain key data

password guessing, phishing, spoofing, back door, buffer overflow, denial of service, man in the middle

types of security attacks

anti-virus software

software designed to detect, remove, or prevent malicious code and software being on a computer system

signature detection

looks for recognizable patterns of particular malware within executable code

heuristics

looks for more general patterns than the strict signature detection approach, so that it hopefully can detect an entire family of similar malware

cryptography

the field of study related to encoded information

encryption

the process of converting plaintext to cipher text

decryption

the process of converting cipher text to plaintext

cipher

an algorithm used to encrypt or decrypt text

key

the set of parameters that guide a cipher

substitution cipher

a cipher that substitutes one character for another

caesar cipher

a substitution cipher that shifts characters a certain number of positions in the alphabet

transposition ciphers

a cipher that rearranges the order of existing characters in a message in a certain way

cryptanalysis

the process of decrypting a message without knowing the cipher or key used to encrypt it

substitution and transposition

______________ ciphers are easy to break

public-key cryptography

an approach in which each user has two related keys, one public and one private, one's public key is distributed freely, a person encrypts an outgoing message using the receiver's public key, only the receiver's private key can decrypt the message

digital signature

data that is appended to a message, made from the message itself and the sender's private key, to ensure the authenticity of the message

digital certificate

a representation of a sender's authenticated public key used to minimize malicious forgeries