Shared Flashcard Set

Details

NS670
Vocab
45
Computer Science
Graduate
06/28/2006

Additional Computer Science Flashcards

 


 

Cards

Term
vulnerability
Definition
weakness in the security system that might be exploited to cause loss or harm
Term
Principle of Easiest Penetration
Definition
An intruder must be expected to use any available means of penetration.
Term
describe the relationship among threats, controls, and vulnerabilities
Definition
A threat is blocked by control of a vulnerability
Term
threat
Definition
a set of circumstances that has the potential to cause loss or harm
Term
attack
Definition
an exploitation of a vulnerability
Term
control
Definition
an action, device, procedure, or technique that removes or reduces a vulnerability
Term
interception
Definition
some unauthorized party has gained access to an asset
Term
Ex. of interception (2)
Definition
- illicit copying of program or data files
- wiretapping to obtain data in a network
Term
interruption
Definition
an asset of the system becomes lost, unavailable, or unusable
Term
Ex. of interruption (3)
Definition
- malicious destruction of a hardware device
- erasure of a program or data file
- malfunction of an operating system file manager so that it cannot find a particular disk file.
Term
modification
Definition
unauthorized party not only accesses but tampers with an asset
Term
Ex. of modification (3)
Definition
*someone might change the values in a database
*alter a program so that it performs an additional computation
*modify data being transmitted electronically
Term
fabrication
Definition
counterfeit objects on a computing system
Term
Ex. of fabrication
Definition
* insert spurious transactions to a network communication system

* add records to an existing database
Term
malicious attacker must have what three things
Definition
# Method: the skills, knowledge, tools, and other things with which to be able to pull off the attack

#Opportunity: the time and access to accomplish the attack

#Motive: a reason to want to perform this attack against this system
Term
confidentiality
Definition
computer-related assets are accessed only by authorized parties
Term
integrity
Definition
assets can be modified only by authorized parties or only in authorized ways
Term
Availability
Definition
assets are accessible to authorized parties at appropriate times
Term
Three goals of computer security
Definition
confidentiality, integrity, and availability
Term
configuration management
Definition
access to software is usually carefully controlled so that software is not deleted, destroyed, or replaced accidentally
Term
logic bomb
Definition
where a program is maliciously modified to fail when certain conditions are met or when a certain date or time is reached
Term
Trojan horse
Definition
program that overtly does one thing while covertly doing another
Term
virus:
Definition
a specific type of Trojan horse that can be used to spread its "infection" from one computer to another
Term
trapdoor
Definition
a program that has a secret entry point
Term
information leaks
Definition
code that makes information accessible to unauthorized people or programs
Term
Principle of Adequate Protection
Definition
Computer items must be protected only until they lose their value. They must be protected to a degree consistent with their value
Term
salami attack
Definition
the crook shaves a little from many accounts and puts these shavings together to form a valuable result, like the meat scraps joined together in a salami.
Term
replay
Definition
*intercept a message ordering one bank to credit to an account.
* The fabricator might try to replay that message, causing the receiving bank to credit the same account again.
Term
cracker vs hacker
Definition
*"hacker," (nonmaliciously) programs, manages, or uses computing systems

*"cracker," someone who attempts access to computing systems for malicious purposes. Crackers are the "evildoers."
Term
risk.
Definition
possibility for harm to occur
Term
Encryption
Definition
formal name for the scrambling process
Term
protocol
Definition
an agreed-upon sequence of actions that leads to a desired result
Term
internal program controls
Definition
parts of the program that enforce security restrictions, such as access limitations in a database management program
Term
operating system and network system controls
Definition
limitations enforced by the operating system or network to protect each user from all other users
Term
independent control programs
Definition
application programs, such as password checkers, intrusion detection utilities, or virus scanners, that protect against certain types of vulnerabilities
Term
development controls
Definition
quality standards under which a program is designed, coded, tested, and maintained, to prevent software faults from becoming exploitable vulnerabilities
Term
Ex. of hardware controls
Definition
* hardware or smart card implementations of encryption
* locks or cables limiting access or deterring theft
* devices to verify users' identities
* firewalls
* intrusion detection systems
* circuit boards that control access to storage media
Term
Ex. of physical controls
Definition
locks on doors, guards at entry points, backup copies of important software and data, and physical site planning that reduces the risk of natural disasters
Term
Principle of Effectiveness
Definition
Controls must be used—and used properly—to be effective. They must be efficient, easy to use, and appropriate
Term
Principle of Weakest Link
Definition
Security can be no stronger than its weakest link. Whether it is the power supply that powers the firewall or the operating system under the security application or the human who plans, implements, and administers controls, a failure of any control can lead to a security failure.
Term
four kinds of attacks on computing systems
Definition
interception, interruption, modification, and fabrication
Term
principle of timeliness
Definition
a system must be protected against penetration only so long as the penetration has value to the penetrator
Term
overlapping controls
Definition
*several different controls may apply to address a single vulnerability

*sometimes called a layered defense

*expectation that one control will compensate for a failure of anothe
Term
administrative controls
Definition
rely on agreed-upon procedures or policies among users
Term
Ex. of administrative control
Definition
frequent changes of passwords
Supporting users have an ad free experience!