Information Security

Study online at quizlet.com/_684ks

1.

Access active vulnerability scanners address restrictions adware

a subject or object's ability to use, manipulate, modify, or affect another subject or object scan networks for highly detailed information. An active scanner is one that initiates traffic on the network in order to determine security holes rules designed to prohibit packets with certain addresses or partial addresses from passing through the device any software program intended for marketing purposes such as that used to deliver and display advertising banners or pop ups to the user's screen or tracking the user's online usage or purchasing activity the organizational resource that is being protected An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it allows the attacker to access the system at will with special privileges based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed system user an automated software program that executes certain commands when it receives specific input the application of computing and network resources to try every possible password combination an application error that occurs when more data is sent to a program buffer than it is designed to handle all IDPS control functions are implemented and managed in a central location

18.

false reject rate fingerprinting firewall

the percentage of supplicants who are in fact authorized users but are denied access systematic survey of all of the target organization's internet address an information security program that prevents specific types of information from moving between the outside world ( untrusted network) and the inside network( trusted network) organized research of the internet address owned or controlled by a target organization all control functions are applied at the physical location of each IDPS component

2.

19.

20.

3.

4.

21.

footprinting fully distributed IDPS control strategy Hackers honey pots honeynet information security Information system

22.

5.

Asset Attack

23.

6.

people who use and create computer software [to] gain access to information illegally decoy systems designed to lure potential attackers away from critical systems collection of honey pots to protect the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission more than the hardware: it is the entire set of software, hardware, data, people, procedures, and networks that make possible the use of information resources in the organization occurs when an attacker attempts to gain entry into or disrupt the normal operations of an information system finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again procedures and systems that identify system intrusions activities that deter an intrusion encompasses the actions an organization takes when an intrusion is detected uses symmetric key encryption to validate an individual user to various network resources attack includes the execution of viruses, worms, trojan horses, and active web scripts with the intent to destroy or steal information

24.

7.

back door/ trap door biometric access control bot

25. 26.

8.

27.

9.

10.

brute force attack/ password attack buffer overrun central IDPS control strategy crossover error rate distributed denial-ofservice (DDoS) enticement

28.

intrusion

11.

29.

intrusion correction

12.

30.

13.

the level at which the number of false rejections equals the false acceptance an attack in which a coordinated stream of requests is launched against a target from many locations at the same time is an act of attracting attention to a system by placing tantalizing information in key locations-legal the act of luring an individual into committing a crime to get a conviction-illegal the percentage of supplicants who are unauthorized users but are granted access

intrusion detection intrusion prevention Intrusion reaction kerberos malicious code

31.

14.

32.

15.

33.

34.

16.

entrapment false accept rate

17.

35.

man in the middle (TCP hijacking attack) network security operations security packet sniffer partially distributed IDPS control strategy passive vulnerability scanner personnel security pharming

an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network to protect networking components, connections, and other contents to protect communication media, technology, and content a network that collects copies of packets from the network and analyzes them still analyze and respond to local threats, their reporting to a hierarchical central facility enables the organization to detect widespread attacks one that listens in on the network and determines vulnerable versions of both server and client software to protect the individual or group of individuals who are authorized to access the organization and its operations the redirection of legitimate web traffic to an illegitimate site for the purpose of obtaining private information to protect physical items, objects, or areas from unauthorized access and misuse one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for reconfigured signatures the quality or state of ownership or control primary purpose is to restrict internal access to external material the probability that something unwanted will happen the quantity and nature of risk the organization is willing to accept momentary increase technique used to authorize access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the message are coming from a trusted host any technology that aids in gathering information about a person or organization without their knowledge a prolonged increase a methodology for the design and implementation of an information system

54.

Trap-andtrace trojan horse

use a combination of techniques to detect an intrusion and then trace it back to its source software programs that hide their true nature and reveal their designed behavior only when activated quality or state of having value for some purpose or end a private and secure connection between systems that uses the data communication capability of an unsecured and public network a weakness or fault in a system or protection mechanism that opens it to attack or damage machines that are directed remotely (usually by a transmitted command) by the attacker to participate in the attack

55.

36.

56.

utility virtual Private networks Vulnerability Zombies

37.

57.

38.

39.

58.

59.

40.

41.

42.

43.

Physical Security polymorphic threat

44.

45. 46.

possession reverse firewalls Risk risk appetite spike spoofing

47.

48.

49. 50.

51.

spyware

52. 53.

surge Systems development life cycle