Introduction to Computer Security

Flashcards covering key concepts in Computer Security including risk management, ethical hacking, and the C.I.A. triad.

C.I.A.

Confidentiality, Integrity, Availability

Confidentiality

Access to files and systems is restricted to authorized users only.

Integrity

Data remains unchanged and accurately represents reality over time.

Availability

Ensuring that data and systems are accessible to those who need them.

DoS

Denial of Service, an attack that aims to make a system unavailable.

Ransomware

Malicious software that encrypts files and demands payment for access.

Redundancy

Implementation of backup components to ensure system availability.

FSU

Functionality, Security, Usability; a framework for evaluating devices.

Ethical Hacking

Legitimate hacking activities conducted with permission to assess security.

Risk Management

The process of identifying, assessing, and prioritizing risks.

Threat

An agent or factor that has the potential to cause harm to an asset.

Vulnerability

A weakness that can be exploited by a threat to cause harm.

Risk

The likelihood and potential consequence of a threat materializing.

Reconnaissance

The phase in an attack where information is gathered about a target.

Scanning

The phase where live hosts and services are identified.

Gaining Access

The phase where unauthorized entry to a system is achieved.

Maintaining Access

Continued entry to a system is ensured post-breach.

Covering Tracks

Removing evidence of unauthorized access to a system.

Black Hat

An unethical hacker who breaks into systems for malicious purposes.

Gray Hat

A hacker who may violate ethics but does not necessarily have malicious intent.

White Hat

An ethical hacker who uses skills for defensive and security purposes.

Network Access

The ability to connect and interact with a network.

Weak Passwords

Simple passwords that are easy to guess or crack.

Strong Passwords

Complex passwords that are difficult to guess or crack.

Encryption

The process of converting information into a coded format to protect it.

CRC

Cyclic Redundancy Check, a method used for detecting errors in data.

Spoofing

Disguising as another device or user to gain unauthorized access.

Hashes

Cryptographic functions that convert data into a fixed-size string of characters.

UPS

Uninterruptible Power Supply; provides backup power to systems.

Social Engineering

Manipulating individuals into divulging confidential information.

Information Gathering

The process of collecting data for analysis and attack planning.

Risk Analysis

Evaluating the potential impact and likelihood of identified threats.

Mitigation Strategies

Actions taken to reduce the risk or impact of security threats.

Cyber Attack

An assault launched by cybercriminals using one or more computers.

Phishing

A fraudulent attempt to obtain sensitive information via electronic communication.

Patch Management

Regularly updating software to fix vulnerabilities.

Firewall

A network security system that monitors and controls incoming and outgoing network traffic.

Backup

A copy of data stored separately to protect against data loss.

What is the First Phase of Attack - Comprimising CIA

Reconnaissance - Gather information about a system

What is the Second Phase of Attack - Comprimising CIA

Scanning - Determine live systems and running services

What is the Third Phase of Attack - Comprimising CIA

Gaining Access - Access system resources

What is the Fourth Phase of Attack - Comprimising CIA

Maintaining Access - Ensure continued access to a system

What is the Fifth Phase of Attack - Comprimising CIA

Covering/Clearing Tracks - Remove evidence of access