MIS 561 Exam 2

studied byStudied by 15 people
0.0(0)
get a hint
hint

All People Seem To Need Data Processing

1 / 124

Tags and Description

125 Terms

1

All People Seem To Need Data Processing

Application, Presentation, Session, Transport, Network, Data Link, Physical

New cards
2

7 application layer

  • interface between the user's application and the network

  • types of communication: email, file transfer, client/server

New cards
3

6 presentation layer

  • provides a context for communication between layers

  • handles encryption, data conversion

New cards
4

5 session layer

  • controls the dialogs between computers; also controls duplexing, termination, and restarts

  • maintains order

New cards
5

4 transport layer

  • provides end to end communication control

  • ensures delivery of entire file/message

New cards
6

3 network layer

  • provides connections between hosts on different networks

  • routes data to different LANs and WANs based on network address

New cards
7

2 data link layer

  • provides connections between hosts on the same network

  • transmits packets from node to node based on station address

New cards
8

1 physical layer

  • describes electrical and physical specifications on devices

  • electrical signals or cabling

New cards
9

subnet mask

A 32-bit number assigned to each host for dividing the 32-bit binary IP address into network and node portions. (ex. 255.255.255.255)

New cards
10

default gateway

address that tells computer where the router is and allows computer to access the internet

New cards
11

internal/private ip address

  • usually starts with a 10 or a 192 (class b and c addresses)

  • routers give these ip addresses to private end users so that they can connect to the internet

  • ex: ipad, laptops, computers, etc.

New cards
12

external/public ip address

  • the ip address that is given to the router by the isp

  • allows router to communicate w/ all other publicly available routers

  • central area for internet, allows the internet to identify the router

New cards
13

common ports

  • 25/2525/465/587 (STMP)

  • 80/443 (HTTP)

  • 110/995 (POP3)

  • 143/993 (IMAP4)

  • 23 (Telnet)

  • 20, 21 (FTP)

  • 53 (DNS)

  • 389 (Lightweight Directory Access Protocol)

New cards
14

well known port

port number reserved for use by a particular application. allows a client to send a TCP or UDP segment to a server, to the correct destination port for that application.

New cards
15

registered port

port that can be used by network users and processes that are not considered standard processes. Default assignments of these ports must be registered with IANA.

New cards
16

dynamic (private) port

port number that can be assigned by a client or server as the need arises

New cards
17

inbound port

  • port for when a connection was initiated from outside of your computer and traffic flows inward

  • ex: a server that you own gets requests from people

New cards
18

outbound port

  • port for when a connection was initiated from your computer and the traffic flows outward to the destination intended

  • ex: connecting to a server

New cards
19

switch

  • a computer networking device that connects network segments

  • occurs at layer 2 (Data Link)

New cards
20

router

  • a device that transfers data from one network to another in an intelligent way

  • occurs at layer 3 (Network)

New cards
21

hub

  • a device that uses its ports to connect devices (computers, printers, etc.) together

  • outdated

  • occurs at layer 1 (Physical)

New cards
22

dhcp server

  • automatically provides and assigns ip addresses, default gateways, and subnet masks to devices

  • handles having to find your own ip address, default gateway, and subnet masks every time you connect

New cards
23

Some People Fear Birthdays

Segments, Packets, Frames, Bits.

New cards
24

segment

data in the transport layer

New cards
25

packet

data in the network layer

New cards
26

frame

data in the data link layer

New cards
27

bits

data in the physical layer

New cards
28

ipv4

  • the dominant protocol for routing traffic on the Internet

  • 32 bit PROS

  • simple prefixes

  • system handling is good CONS

  • running out of addresses

New cards
29

ipv6

  • a new protocol developed to replace IPv4, addressing the issue of IP address exhaustion

  • 128 bit PROS

  • unique addresses

  • no subnetting issues CONS

  • long addresses that can be hard to type

  • computer routing issues

New cards
30

threat environment

the types of attackers and attacks that companies face

New cards
31

Sony data breach

2014 incident where malware installed on a company computer allowed hackers to steal scripts, emails, and personal information of employees and customers

New cards
32

hacking

unauthorized access, modification, or use of an electronic device or some element of a computer system

New cards
33

social engineering

  • technique for breaching a system's security by exploiting human nature

  • uses standard techniques to get users to give up info needed to gain access to a target system by getting preliminary info about a target organization and leveraging it to obtain additional info from system users

New cards
34

denial of service attack (dos)

when hackers flood a website with so many requests for service that it slows down or crashes the site

New cards
35

cyberwarfare

State-sponsored activity designed to cripple and defeat another state or nation by damaging or disrupting its computers or networks

New cards
36

Cyberterrorism

politically motivated attacks on information systems

New cards
37

hacktivism

hacking that is intended as political activism

New cards
38

cybercriminal

Someone who attacks a computer system or network for financial gain

New cards
39

cryptography

the art of protecting information by transforming it into an unreadable format, called cipher text

New cards
40

initial authentication

authentication at the beginning of a communication session, before the two sides exchange working data.

New cards
41

public key encryption (asymmetric)

one key (public key) is used to encrypt a message, and another (private key) is used to decrypt the message

New cards
42

Kerckhoff's Law

law that says that in order to have confidentiality, communication partners only need to keep the key secret, not the cipher.

New cards
43

birthday attack

an attack that searches for any two digests that are the same.

New cards
44

data in transit

Any data sent over a network. It's common to encrypt sensitive data-in-transit.

New cards
45

data in use

Any data currently being used by a computer. Because the computer needs to process the data, it is not encrypted while in use.

New cards
46

data at rest

Data that is stored on electronic media.

New cards
47

worm

A destructive computer program that bores its way through a computer's files or through a computer's network.

New cards
48

virus

A program that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data

New cards
49

malware

software that is intended to damage or disable computers and computer systems.

New cards
50

phising

an identity theft tool that appears in the form of an E-mail or pop-up message; usually looks like it's from a legitimate financial institution and prompts you to provide your personal infromation in order to fix a problem with your account

New cards
51

spearfishing

Phishing expedition that targets groups

New cards
52

trojan horse

a program that appears desirable but actually contains something harmful

New cards
53

payload

Malware delivered by social engineering and/or by exploiting vulnerability in software.

New cards
54

threat surface

The total set of penetrations of a boundary or perimeter that surrounds or contains systems elements.

New cards
55

logic bomb

A computer program or part of a program that lies dormant until it is triggered by a specific logical event.

New cards
56

shoulder surfing

Watching an authorized user enter a security code on a keypad.

New cards
57

eavesdropping

listening secretly to a conversation for the purpose of getting sensitive information

New cards
58

dumpster diving

combing through trash to identify valuable assets

New cards
59

baiting

When a malicious individual leaves malware-infected removable media, such as a USB drive or optical disc, lying around in plain view.

New cards
60

piggybacking

The process of connecting to a wireless network without the permission of the owner of the network.

New cards
61

wateringhole attack

A malicious attack that is directed toward a small group of specific individuals who visit the same website.

New cards
62

mantraps

New cards
63

pretexting

a form of social engineering in which the

New cards
64

privilege escalation

a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications

New cards
65

backdoor attack

An attack that exploits an unprotected access method or pathway.

New cards
66

boot sector

________ viruses are often transmitted by a flash drive left in a USB port.

New cards
67

session hijacking

An attack in which an attacker attempts to impersonate the user by using his session token.

New cards
68

session theft

When an attacker attempts to steal a user's session using the owner's cookie and authentication information

New cards
69

tcp hijacking

A form of man-in-the-middle attack whereby the attacker inserts himself into TCP/IP-based communications.

New cards
70

spyware

software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.

New cards
71

rootkits

a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.

New cards
72

ransomware

a type of malicious software designed to block access to a computer system until a sum of money is paid.

New cards
73

adware

software that automatically displays or downloads advertising material (often unwanted) when a user is online.

New cards
74

grayware

software that isn't benign nor malicious and tends to behave improperly without serious consequences

New cards
75

teardrop attack

Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine to halt/freeze it

New cards
76

smurf attack

An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

New cards
77

SYN flood attack

An attack that takes advantage of the 3 way handshake to flood servers

New cards
78

fraggle attack

Smurf attack variation that uses ports 7 & 19 to a broadcast address

New cards
79

ping flood attack

Ping utility used to send large number of echo request messages and overwhelms server

New cards
80

diversion theft

When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.

New cards
81

spear phising

a phishing method in which the emails are carefully designed to target a particular person or organization

New cards
82

whaling

A phishing attack that where the attacker attempts to compromise information about a specific highly valuable employee

New cards
83

vishing

a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information

New cards
84

malicious insider

An employee or contractor who attempts to gain financially and/or disrupt a company's information systems and business operations

New cards
85

CIAAAN

  • Confidentiality: information kept private and secure

  • Integrity: data not modified, deleted, or added

  • Availability: systems available to whom requires them

  • Authenticity: providing verification of the identities

  • Accountability: assurance by recording identities and activities

  • Non-repudiation: assuring the identities of the parties in a transaction

New cards
86

symmetric encryption

  • type of encryption where only one key is used to encrypt and decrypt electronic information

  • require a shorter key length to be secure

  • faster than asymmetric encryption

New cards
87

cipher suite

a complete, packaged set of methods (algorithms) needed to secure a network connection through SSL/TLS (ex: Cisco AnyConnect)

New cards
88

cipher suite negotiation

method for establishing secure communication

  • stage 1: selecting security methods and parameters

  • stage 2: authentication

  • stage 3: keying

New cards
89

hashing (hashing vs encryption)

  • used for signing plaintext

  • 1 way, non-reversible

  • ex: taking a person's finger-print -ex: used for storing Windows passwords or verifying an ISO file

New cards
90

encryption (hashing vs encryption)

  • used for encoding plaintext

  • 2 way, reversible

  • ex: putting a lock on a box -ex: using an ATM and needing info to be protected

New cards
91

transposition cipher (transition vs substitution)

symmetric cipher that does not change individual letters or bits of a plaintext, but it changes their order

New cards
92

substitution cipher (transition vs substitution)

symmetric cipher that substitutes one letter (or bit) for another in each place of a plaintext

New cards
93

electronic signature

  • used to verify that someone intended to sign something, the identity was verified, and that the document did not change after the signature was made

New cards
94

digital signature

  • a code digitally signed by a company or person that verifies who sent a message

  • sender selects the file they want to send, then their computer creates a hash for it.

  • the hash value is encrypted with the sender's private key and is sent to the receiver

  • the receiver gets the file, opens it in the correct app, and the app verifies that it was digitally signed

  • the receiver's computer decrypts the digital signature using the sender's public key

<ul><li><p>a code digitally signed by a company or person that verifies who sent a message</p></li><li><p>sender selects the file they want to send, then their computer creates a hash for it.</p></li><li><p>the hash value is encrypted with the sender&apos;s private key and is sent to the receiver</p></li><li><p>the receiver gets the file, opens it in the correct app, and the app verifies that it was digitally signed</p></li><li><p>the receiver&apos;s computer decrypts the digital signature using the sender&apos;s public key</p></li></ul>
New cards
95

digital certification

  • used to validate the authenticity and integrity of a message

  • generates a hash of a message and encrypts it using the sender's private key. Then, the message is signed and sent to the recipient

  • The recipient generates their own hash of the message and decrypts the sender's hash using the sender's public key

  • If both hashes match the document wasn't modified and the sender was authenticated

New cards
96

one time pad (OTP)

secure method of encryption information that involves using random generated key only once

New cards
97

botnets

  • a logical computer network of zombies under the control of an attacker

  • controlled via a handler (compromised hosts used to manage large groups of bots)

New cards
98

zombies

  • computers that have been taken control by hackers

  • used to directly attack victims

  • can floor victims with different requests and can be updated for new functionality

New cards
99

macro

viruses that infect the macros in office documents

New cards
100

program

a detailed plan or procedure for solving a problem with a computer

New cards

Explore top notes

note Note
studied byStudied by 8 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 13 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 17 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 3 people
Updated ... ago
5.0 Stars(2)
note Note
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 8 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 4 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 133792 people
Updated ... ago
4.8 Stars(628)

Explore top flashcards

flashcards Flashcard136 terms
studied byStudied by 383 people
Updated ... ago
5.0 Stars(3)
flashcards Flashcard33 terms
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard118 terms
studied byStudied by 48 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard140 terms
studied byStudied by 8 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard44 terms
studied byStudied by 18 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard74 terms
studied byStudied by 6 people
Updated ... ago
4.0 Stars(1)
flashcards Flashcard374 terms
studied byStudied by 12 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard146 terms
studied byStudied by 92 people
Updated ... ago
5.0 Stars(1)