MIS 561 Exam 2

studied byStudied by 15 People
0.0(0)
Get a hint
hint

All People Seem To Need Data Processing

1/125

Studying Progress

New cards
125
Still learning
0
Almost done
0
Mastered
0
125 Terms
New cards

All People Seem To Need Data Processing

Application, Presentation, Session, Transport, Network, Data Link, Physical

New cards
New cards

7 application layer

  • interface between the user's application and the network

  • types of communication: email, file transfer, client/server

New cards
New cards

6 presentation layer

  • provides a context for communication between layers

  • handles encryption, data conversion

New cards
New cards

5 session layer

  • controls the dialogs between computers; also controls duplexing, termination, and restarts

  • maintains order

New cards
New cards

4 transport layer

  • provides end to end communication control

  • ensures delivery of entire file/message

New cards
New cards

3 network layer

  • provides connections between hosts on different networks

  • routes data to different LANs and WANs based on network address

New cards
New cards

2 data link layer

  • provides connections between hosts on the same network

  • transmits packets from node to node based on station address

New cards
New cards

1 physical layer

  • describes electrical and physical specifications on devices

  • electrical signals or cabling

New cards
New cards

subnet mask

A 32-bit number assigned to each host for dividing the 32-bit binary IP address into network and node portions. (ex. 255.255.255.255)

New cards
New cards

default gateway

address that tells computer where the router is and allows computer to access the internet

New cards
New cards

internal/private ip address

  • usually starts with a 10 or a 192 (class b and c addresses)

  • routers give these ip addresses to private end users so that they can connect to the internet

  • ex: ipad, laptops, computers, etc.

New cards
New cards

external/public ip address

  • the ip address that is given to the router by the isp

  • allows router to communicate w/ all other publicly available routers

  • central area for internet, allows the internet to identify the router

New cards
New cards

common ports

  • 25/2525/465/587 (STMP)

  • 80/443 (HTTP)

  • 110/995 (POP3)

  • 143/993 (IMAP4)

  • 23 (Telnet)

  • 20, 21 (FTP)

  • 53 (DNS)

  • 389 (Lightweight Directory Access Protocol)

New cards
New cards

well known port

port number reserved for use by a particular application. allows a client to send a TCP or UDP segment to a server, to the correct destination port for that application.

New cards
New cards

registered port

port that can be used by network users and processes that are not considered standard processes. Default assignments of these ports must be registered with IANA.

New cards
New cards

dynamic (private) port

port number that can be assigned by a client or server as the need arises

New cards
New cards

inbound port

  • port for when a connection was initiated from outside of your computer and traffic flows inward

  • ex: a server that you own gets requests from people

New cards
New cards

outbound port

  • port for when a connection was initiated from your computer and the traffic flows outward to the destination intended

  • ex: connecting to a server

New cards
New cards

switch

  • a computer networking device that connects network segments

  • occurs at layer 2 (Data Link)

New cards
New cards

router

  • a device that transfers data from one network to another in an intelligent way

  • occurs at layer 3 (Network)

New cards
New cards

hub

  • a device that uses its ports to connect devices (computers, printers, etc.) together

  • outdated

  • occurs at layer 1 (Physical)

New cards
New cards

dhcp server

  • automatically provides and assigns ip addresses, default gateways, and subnet masks to devices

  • handles having to find your own ip address, default gateway, and subnet masks every time you connect

New cards
New cards

Some People Fear Birthdays

Segments, Packets, Frames, Bits.

New cards
New cards

segment

data in the transport layer

New cards
New cards

packet

data in the network layer

New cards
New cards

frame

data in the data link layer

New cards
New cards

bits

data in the physical layer

New cards
New cards

ipv4

  • the dominant protocol for routing traffic on the Internet

  • 32 bit PROS

  • simple prefixes

  • system handling is good CONS

  • running out of addresses

New cards
New cards

ipv6

  • a new protocol developed to replace IPv4, addressing the issue of IP address exhaustion

  • 128 bit PROS

  • unique addresses

  • no subnetting issues CONS

  • long addresses that can be hard to type

  • computer routing issues

New cards
New cards

threat environment

the types of attackers and attacks that companies face

New cards
New cards

Sony data breach

2014 incident where malware installed on a company computer allowed hackers to steal scripts, emails, and personal information of employees and customers

New cards
New cards

hacking

unauthorized access, modification, or use of an electronic device or some element of a computer system

New cards
New cards

social engineering

  • technique for breaching a system's security by exploiting human nature

  • uses standard techniques to get users to give up info needed to gain access to a target system by getting preliminary info about a target organization and leveraging it to obtain additional info from system users

New cards
New cards

denial of service attack (dos)

when hackers flood a website with so many requests for service that it slows down or crashes the site

New cards
New cards

cyberwarfare

State-sponsored activity designed to cripple and defeat another state or nation by damaging or disrupting its computers or networks

New cards
New cards

Cyberterrorism

politically motivated attacks on information systems

New cards
New cards

hacktivism

hacking that is intended as political activism

New cards
New cards

cybercriminal

Someone who attacks a computer system or network for financial gain

New cards
New cards

cryptography

the art of protecting information by transforming it into an unreadable format, called cipher text

New cards
New cards

initial authentication

authentication at the beginning of a communication session, before the two sides exchange working data.

New cards
New cards

public key encryption (asymmetric)

one key (public key) is used to encrypt a message, and another (private key) is used to decrypt the message

New cards
New cards

Kerckhoff's Law

law that says that in order to have confidentiality, communication partners only need to keep the key secret, not the cipher.

New cards
New cards

birthday attack

an attack that searches for any two digests that are the same.

New cards
New cards

data in transit

Any data sent over a network. It's common to encrypt sensitive data-in-transit.

New cards
New cards

data in use

Any data currently being used by a computer. Because the computer needs to process the data, it is not encrypted while in use.

New cards
New cards

data at rest

Data that is stored on electronic media.

New cards
New cards

worm

A destructive computer program that bores its way through a computer's files or through a computer's network.

New cards
New cards

virus

A program that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data

New cards
New cards

malware

software that is intended to damage or disable computers and computer systems.

New cards
New cards

phising

an identity theft tool that appears in the form of an E-mail or pop-up message; usually looks like it's from a legitimate financial institution and prompts you to provide your personal infromation in order to fix a problem with your account

New cards
New cards

spearfishing

Phishing expedition that targets groups

New cards
New cards

trojan horse

a program that appears desirable but actually contains something harmful

New cards
New cards

payload

Malware delivered by social engineering and/or by exploiting vulnerability in software.

New cards
New cards

threat surface

The total set of penetrations of a boundary or perimeter that surrounds or contains systems elements.

New cards
New cards

logic bomb

A computer program or part of a program that lies dormant until it is triggered by a specific logical event.

New cards
New cards

shoulder surfing

Watching an authorized user enter a security code on a keypad.

New cards
New cards

eavesdropping

listening secretly to a conversation for the purpose of getting sensitive information

New cards
New cards

dumpster diving

combing through trash to identify valuable assets

New cards
New cards

baiting

When a malicious individual leaves malware-infected removable media, such as a USB drive or optical disc, lying around in plain view.

New cards
New cards

piggybacking

The process of connecting to a wireless network without the permission of the owner of the network.

New cards
New cards

wateringhole attack

A malicious attack that is directed toward a small group of specific individuals who visit the same website.

New cards
New cards

mantraps

New cards
New cards

pretexting

a form of social engineering in which the

New cards
New cards

privilege escalation

a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications

New cards
New cards

backdoor attack

An attack that exploits an unprotected access method or pathway.

New cards
New cards

boot sector

________ viruses are often transmitted by a flash drive left in a USB port.

New cards
New cards

session hijacking

An attack in which an attacker attempts to impersonate the user by using his session token.

New cards
New cards

session theft

When an attacker attempts to steal a user's session using the owner's cookie and authentication information

New cards
New cards

tcp hijacking

A form of man-in-the-middle attack whereby the attacker inserts himself into TCP/IP-based communications.

New cards
New cards

spyware

software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.

New cards
New cards

rootkits

a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.

New cards
New cards

ransomware

a type of malicious software designed to block access to a computer system until a sum of money is paid.

New cards
New cards

adware

software that automatically displays or downloads advertising material (often unwanted) when a user is online.

New cards
New cards

grayware

software that isn't benign nor malicious and tends to behave improperly without serious consequences

New cards
New cards

teardrop attack

Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine to halt/freeze it

New cards
New cards

smurf attack

An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

New cards
New cards

SYN flood attack

An attack that takes advantage of the 3 way handshake to flood servers

New cards
New cards

fraggle attack

Smurf attack variation that uses ports 7 & 19 to a broadcast address

New cards
New cards

ping flood attack

Ping utility used to send large number of echo request messages and overwhelms server

New cards
New cards

diversion theft

When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.

New cards
New cards

spear phising

a phishing method in which the emails are carefully designed to target a particular person or organization

New cards
New cards

whaling

A phishing attack that where the attacker attempts to compromise information about a specific highly valuable employee

New cards
New cards

vishing

a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information

New cards
New cards

malicious insider

An employee or contractor who attempts to gain financially and/or disrupt a company's information systems and business operations

New cards