Security Standards Conclusion
This module discussed the concept of security and demonstrated several security threats.
You also learned about the categories of resources that need protection, the attributes of an effective security system, and the types of people who make security systems necessary.
Now that you have completed this module, you should be able to:
- Describe security and security statistics
- Define risk analysis
- List the attributes of an effective security system
- Describe security standards in current use
- Plan a security policy for your business
- Increase security effectiveness by establishing organizational training
Key terms and concepts
- Back door: An intentional hole in a firewall or security apparatus that allows access around security measures.
- Brute-force attack: An attempt by a hacker to defeat authentication by obtaining a legitimate user' s password.
- Buffer overflow: A popular bug-based attack that works by sending more data than the target system is intended to receive at one time.
- Bug: A computer program or hardware error that causes recurring malfunctions.
- Computer Emergency Response Team (CERT): An organization devoted to dealing with computer-related security issues.
Based at the Carnegie Mellon University, CERT is a part of the Internet Society which establishes the protocols that govern the Internet.
- Computer Security Division (www.itl.nist.gov): One of eight divisions within NIST\'s Information Technology Laboratory.
The mission of the Division is to enable organizations and individuals to use information technology with the assurance and trust that the confidentiality, integrity, reliability and availability of information resources are protected.
- Denial-of-service: An attempt by attackers to prevent legitimate users of a service from using that service by flooding a network, or by disrupting connections or services.
- Dictionary program: A program specifically written to break into a password-protected system. A dictionary program has a relatively large list of common password names that the program repeatedly uses to gain access.
- Front-door attack: An attempt by a hacker to access a network by using a valid user name and password.
- Hacker: A user who breaks into sites for malicious purposes.
- Internet Service Provider (ISP): An Internet Service Provider, a company that provides access to the Internet.
- IP spoofing: A hacker imitating an Internet Protocol (IP) device that has an IP address allowing the hacker to gain access to the system.
- Open network: A group of servers and computers, such as the Internet, which allows free access.
- Password cracking: An attempt by a hacker to access a network using possible passwords. A dictionary file is often used to crack passwords.
- Password sniffing: Finding a way to intercept the transmission of a password during the authentication process. A sniffer is a program used to intercept passwords.
- Security system: All components used by a company to provide a security strategy, including hardware, software, employee training, and a security policy.
- Social engineering: The use of tricks and disinformation to gain access to passwords and other sensitive information.
- Sniffer: A program used to intercept passwords.
- Spoofing: A form of identity theft in which a hacker attempts to defeat authentication. Specific examples include IP spoofing, ARP spoofing, router spoofing, and DNS spoofing.
- System snooping: The action of a hacker who enters a computer network and begins mapping the contents of the system.
- Trojan (trojan horse): A file or program that purports to operate in a legitimate way, but which also has an alternative, secret operation, such as emailing sensitive company information to a hacker.
A trojan horse is a specific program that destroys information on a hard drive.
- Virus: Self-replicating software used to infect a computer.
Security Basics - Quiz
Click the Quiz link below to take a multiple-choice quiz with respect to the material that was covered in this module.
Security Basics - Quiz