Flashcards by marnus.db, updated more than 1 year ago
Created by marnus.db over 5 years ago


ISEC Chapter 2

Resource summary

Question Answer
any software program intended for marketing purposes such as that used to deliver and display advertising banners or popups to the user’s screen or tracking the user’s online usage or purchasing activity. Adware
an act that takes advantage of a vulnerability to compromise a controlled system. Attack
degradation of service caused by events such as incidents such as a backhoe taking out a fiber-optic link for an ISP. Availability disruption
component in a system, which allows the attacker to access the system at, will with special privileges. Back door
a complete loss of power for a more lengthy period of time. Blackout
a complete loss of power for a more lengthy period of time. Blackout
infects the key operating system files located in a computer’s boot sector. Boot virus
an abbreviation of robot; “an automated software program that executes certain commands when it receives a specific input. Bot
a more prolonged drop in voltage. Brownout
the application of computing and network resources to try every possible password combination. Brute force attack
When any form of processing overload takes place. Buffer overflow:
an application error that occurs when more data is sent to a program buffer than it is designed to handle. Buffer overrun
a process developers used to ensure that the working system delivered to users represents the intent of the developers. Change control
legal information gathering techniques employed. Competitive intelligence
attempting to reverse-calculate a password. Cracking
occurs when an application running on a Web server gathers data from a user in order to steal it. Cross site scripting (XSS)
One who uses exploitative techniques for emotional online activities Cyber activist
hacks of systems to conduct terrorist activities via network or Internet pathways. Cyberterrorism
a variation of the brute force attack that narrows the field by selecting specific target accounts and using a list of commonly used passwords (the dictionary) instead of random combinations. Dictionary attack
an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. Distributed denial-of-service (DDoS)
develops software scripts and program exploits used by those in the second category; usually a master of several programming languages, networking protocols, and operating systems and also exhibits a mastery of the technical environment of the chosen targeted system. Expert hacker
complete loss of power for a moment. Fault
people who use and create computer software [to] gain access to information illegally Hackers
nterfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency. Hacktivist
when information gatherers employ techniques that cross the threshold of what is legal or ethical. Industrial espionage
fall into four broad classes: overflows, underflows, truncations, and signedness errors; are usually exploited indirectly—that is, triggering an integer bug enables an attacker to corrupt other areas of memory, gaining control of an application Integer bugs
embedded in automatically executing macro code used by word processors, spread sheets, and database applications. Macro virus
an attacker routes large quantities of e-mail to the target. Mail bomb
software designed and deployed to attack a system. Malicious code
an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. Man-in-the-middle
script kiddies who use automated exploits to engage in distributed denial-of-service attacks. Packet monkeys
a sniffer on a TCP/IP network. Packet sniffers
the redirection of legitimate Web traffic (e.g., browser requests) to an illegitimate site for the purpose of obtaining private information. Pharming
an attempt to gain personal or financial information from an individual, usually by posing as a legitimate entity. Phishing
hacks the public telephone network to make free calls or disrupt services. Phreaker
one that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. Polymorphic threat
a momentary low voltage. Sag
hackers of limited skill who use expertly written software to attack a system. Script kiddies
an agreement providing minimum service levels. Service Level Agreement (SLA)
used in public or semipublic settings when individuals gather information they are not authorized to have by looking over another individual’s shoulder or viewing the information from a distance. Shoulder surfing
a program or device that can monitor data traveling over a network. Sniffer
the process of using social skills to convince people to reveal access credentials or other valuable information to the attacker. Social engineering
the unlawful use or duplication of software-based intellectual property. Software piracy
unsolicited commercial e-mail. Spam
a label that applies to any highly targeted phishing attack. Spear phishing
a momentary increase in voltage Spike
a technique used to gain unauthorized access to computers, wherein the intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host. Spoofing
any technology that aids in gathering information about a person or organization without their knowledge. Ø Surge: a prolonged increase in voltage. Spyware:
the illegal taking of another’s property, which can be physical, electronic, or intellectual. Theft
damages or steals an organization’s information or physical asset. Threat agent
an object, person, or other entity that presents an ongoing danger to an asset. Threat
explores the contents of a Web browser’s cache and stores a malicious cookie on the client’s system. Timing attack
Intentional vulnerability placed by security personnel to lure attackers. Trap door
unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. Trespass
software programs that hide their true nature and reveal their designed behavior only when activated. Trojan horses
e-mails warning of supposedly dangerous viruses that don’t exist. Virus hoaxes
consists of segments of code that perform malicious actions. Virus
an identified weakness in a controlled system, where controls are not present or are no longer effective. Vulnerability
a malicious program that replicates itself constantly, without requiring another program environment. Worm
machines that are directed remotely (usually by a transmitted command) by the attacker to participate in the attack. Zombies
Show full summary Hide full summary


Types of Attacks
River L.
Information Security: Chapter 2
Business Studies - Globalization
Rawan Jurdi
2.1 Business Influences and Associated Security Risks
DJ Perrone
Starting University
Systems software L1 Network threats Quiz
Sam Houghton
Data-centric Security
Michael Mihalik
Miss Aalya
Atletas de Medio Rendimiento
Nerak Ter
Marine Ecosystems
Caitlyn Grayston