Shared Flashcard Set

Details

MIS 483 Chapter 12
Terms from the chapter for the final exam
62
Business
Undergraduate 4
05/11/2013

Additional Business Flashcards

 


 

Cards

Term
Defense in Depth
Definition
Principle in which attackers are forced to break multiple lines of defense to be able to access the target system or protected areas.
Term
Host Hardening
Definition
Where every server and client machine should be hardened by having frequent backups, timely software patches for applications and operation systems, host firewalls, and other authentication control measures.
Term
confidentiality
Definition
Should be readable only by the intended party
Term
Cryptography
Definition
protects the confidentiality of messages from such threats as packet sniffing and man-in-the-middle attack (MITM)
Term
Data Integrity
Definition
Assures that data (or messages) are not manipulated accidentally or maliciously by unauthorized parties.
Term
Frame Check Sequence(FCS)
Definition
added at the end of each from for error detection is a general approach to detect such changes.
Term
Authentication
Definition
Means that the identity of communicating parties and message sources need to be validated.
Term
What is authentication an effective weapon against?
Definition
Man-in-the-middle attacks and various types of spoofing.
Term
Access control and authorization
Definition
refer to the proces of granting/denying the access of a network of systems attached to the network, and of resources such as files, directories, and programs available within a system.
Term
What tool should be used to enforce access policy?
Definition
Access Control List (ACL)
Term
Identity management and directory service
Definition
Access privelages should be arranged so that a person or a user group is granted limited access to specific service and system resources.
Term
What is a popular technology for message confidentiality?
Definition
Cryptography
Term
What are popular technologies for message Integrity?
Definition
Checksum/frame check sequence (FCS)
Digital Signatures
Term
What are popular technologies for access control?
Definition
Access Control List (ACL)
Anti-Virus and Anti-Spyware
Intrusion detection and prevention system
Directory Server
Term
What are popular technologies for Authentication?
Definition
Passwords and Passphrases
Digital Signatures and digital certificates
Smart cards and biometric solutions (ex. voice and face recognition)
Security tokens)
Term
Firewall
Definition
represents software and/or hardware designed to prot4ect a network from various attacks by cntrolling they type of service for inbound and outbound; and by monitoring the patterns of message flows and the network usage by local and remote users.
Term
Production network
Definition
an internal network that needs secure protection from external threats
Term
DMZ network
Definition
houses servers such as email and web server that provide public servies and therefore can be more vulnerable to attacks coming from the internet.
Term
Firewalls/routers either pass or drop a packet based on the filtering rules defined in the...?
Definition
Access Control List (ACL)
Term
Stateful Filterin
Definition
a rudimentary form of screening in which the firewall examined each packet as an isolated case.
Term
Stateful filtering
Definition
The firewall reviews each arriving packet in the context of the previous engagement, making the packet screening much more effective than stateless filtering.
Term
ingress=
Definition
inbound
Term
egress=
Definition
outbound
Term
For inbound packets, does filtering or routing occur first?
Definition
Filter first, then routing
Term
when the packet is outbound, does filtering or routing occur first?
Definition
Routing occurs first, then filtering
Term
Cryptography
Definition
a procedure that transforms a message into an unreadable code
Term
what are the four elements of cryptography?
Definition
plaintext, ciphertext, cipher, and key
Term
plaintext
Definition
An original unencrypted message in various formats including text, voice, data, and video
Term
ciphertext
Definition
is an encryption algorithm used to convert plaintext to ciphertext and vice versa
Term
how many types of ciphers are there?
Definition
two (Stream and block ciphers)
Term
what are the two types of ciphers?
Definition
Block and stream ciphers
Term
What does a stream cipher do?
Definition
Encrypts a message bit by bit (bit-level encryption)
Term
What does a block cipher do?
Definition
Encryption per block of certain size (128 bit block) *most ciphers are block ciphers
Term
What is the most common type of cipher?
Definition
Block Cipher
Term
Key
Definition
represents a binary value the cipher utilizes to encrypt/decrypt the data
Term
What is the recommended key size to safeguard encrypted messages?
Definition
100 is recommended and most web browsers use 128 bits
Term
T/F does a cryptography system use a fixed key size?
Definition
True
Term
Can a key value be randomly generated based on encryption software or derived from a password?
Definition
YES
Term
Session Key
Definition
A randomly generated key used for only a particular session
Term
Symmetric Key
Definition
When both the sender and receiver have the same key before the session begins
Term
asymmetric key
Definition
The sender utilizes a public key to encrypt the data and then utilizes their private key to decrypt the data
Term
Which is more secure, asymmetric or symmetric keys?
Definition
asymmetric keys
Term
Synonym for electronic autpographs
Definition
digital signatures
Term
Are asymmetric keys shorter or longer than symmetric keys?
Definition
MUCH LONGER which is a disadvantage
Term
are the two types of keys used in a hybrid fashion?
Definition
Yes, generally symmetric keys are used to encrypt actual messages while asymmetric keys are used to send symmetric keys and authenticate communicating parties.
Term
Digital Signature
Definition
A high-tech solution for message and sender authentication.
Term
Digital Certificates
Definition
A digital equivalent of an ID card and is used in conjunction with the asymmetric encryption system
Term
Who sells digital certificates?
Definition
Certificate authorities (CAs) ex. verisign...
Term
What is the widely accepted standard from the International Telecommunications Untion (ITU) defining a format of digital certificated?
Definition
X.509
Term
Are Certificate Authorities public or Private institutes?
Definition
Both! examples are verisign, Microsoft, American Online
Term
can a Certificate Authority revoke a certificate?
Definition
Yes!
Term
Certificate revocation list
Definition
Revoked certificates go on this list!
Term
If the certificate is not recognized, does the browser warn the user?
Definition
yes and it advises against proceeding
Term
How strong is Wired Equivalent Privacy?
Definition
weak
Term
How strong is Wi-Fi Protected Access(WPA)?
Definition
Better
Term
How strong is IEEE 802.11i(also called WPA2)?
Definition
Best
Term
When was WEP introduced?
Definition
1997
Term
Why is WPA and WPA2 better than WEP?
Definition
Because WPA and WPA2 are dynamically changing after the initial setup
Term
IS WPA and offical IEEE standard?
Definition
NO...it was meant as a transition between WEP and WPA2
Term
Robust Security Network (RSN)
Definition
Only allows authorized users onto the network
Term
PSK-WPA
Definition
Personal mode of WPA...basically is setup for small businesses or home offices
Term
Enterprise WPA
Definition
Is setup in a way that the system relies on a central server for key management which ensures consistency in user authentication
Supporting users have an ad free experience!