Wednesday, April 2, 2008
Chapter 10 Key Concepts
- Biometric Security Device-is a device that uses an element of a person’s biological make up to perform the identification.
- Privacy-is the protection of individual rights to nondisclosure.
- Sniffer Programs-provide the means to record information that passes through a computer or router that is handling Internet traffic.
- Backdoors-electronic holes found by security experts.
- Active Wiretapping-exists when an unauthorized party can alter a message stream of information.
- Cybervandilism-is the electronic defacing of an existing Web site’s page.
- Masquerading or Spoofing-pretending to be someone you are not, or representing a web site as an original when it is a fake; it is a means of disrupting Web sites.
- Domain Name Servers (DNSs)-are the computers on the internet that maintain directories that link domain names to IP addresses.
- Phishing Expeditions-exploits that capture confidential customer information.
- Necessity Threat/Delay/Denial/Denial of Service (DoS)-used to disrupt normal computer processing, or deny processing entirely.
- Wardrivers-some cities have large concentrations of wireless networks, attackers drive around in cars using their wireless equipped laptop computers to search for open accessible networks, these attackers are called wardrivers.
- Warchalking-when wardrivers find an easily accessible network they mark the building to let other wardrivers know.
- Encryption Program-a program that transfers plaint text (normal text) into cipher text (the unintelligible string of characters).
- Cryptography-the science that studies encryption.
- Encryption Algorithm-the logic behind an encryption program that includes the mathematics used to do the transformation from plaint text to cipher text.
- Hash Coding-is a process that uses a hash algorithm to calculate a number, called a hash value, from a message of any length.
- Asymmetric Encryption or Public Key Encryption-encodes messages by using two mathematically related numeric keys.
- Symmetric Encryption or Private Key Encryption-encodes a message with one of several available algorithms that use a single numeric key, to encode and decode data.
- Pretty Good Privacy (PGP)-one of the most popular technologies used to implement public key encryption today.
- Data Encryption Standard (DES)-is a set of encryption algorithms adopted by the US government for encrypting sensitive or commercial information.
- Triple Data Encryption Standard (Triple DES or 3DES)-a stronger version of the DES used by the US government today. Can’t be cracked even with today’s supercomputers.
- Advanced Encryption Standard (AES)-the US governments National Institute of Standards and Technology (NIST) developed this latest encryption standard designed to keep government information secure.
- Secure Sockets Layer (SSL)-a system developed by Netscape Communications and the Secure Hypertext Transfer Protocol (S-HTTP) developed by CommerceNet are two protocols that provide secure information transfer through the internet.
- Session Key-is a key used by an encryption algorithm to create cipher text from plain text during a single secure session.
- Secure Envelope-encapsulates a message and provides secrecy, integrity, and client/server authentication.
- Integrity Violation-occurs whenever a message is altered while in transit between the sender and receiver.
- Message Digest-an encryption program converts text into a message digest; it is a small integer number that summarizes the encrypted information.
- Digital Signature-an encrypted message digest (message hash value).
- Dictionary Attack Programs-cycle through an electronic dictionary, trying every word in the book as a password.
- Buffer-is an area of memory set aside to hold data read from a file or database.
- Buffer Overflow/Overrun-programs that fill buffers can malfunction and overfill the buffer, spilling the excess data outside the designated buffer memory area.
- Mail Bomb-occurs when hundreds or thousands of people each send a message to a particular address.
- Access Control List (ACL)-is a list or database of files and other resources and the usernames of people who can access the files and other resources.
- Firewall-is software or a hardware and software combination that is installed in a network to control the packet traffic moving through it.
- Trusted-networks within the firewall.
- Untrusted-networks outside the firewall.
- Packet Filter Firewalls-examine all data flowing back and forth between the trusted network (within the firewall) and the Internet.
- Gateway Servers-are firewalls that filter traffic based on the application requested.
- Proxy Server Firewalls-are firewalls that communicate with the Internet on the private network’s behalf.
- Intrusion Detection Systems-are designed to monitor attempts to login to servers and analyze those attempts for patterns that might indicate a cracker’s attack is underway.
Chapter 9 Key Concepts
Chapter 9 - Electronic Commerce Software
· Self Hosting-when companies need to incorporate electronic commerce components; they may opt to run servers in house.
· Shared Hosting-means that the client’s web site is on a server that hosts other web sites simultaneously and is operated by the service provider at its location.
· Dedicated Hosting-the server provider makes a Web server available to the client, but the client does not share the server with other clients of the service provider.
· Collocation Service-the service provider rents a physical space to the client to install its own server hardware.
· Scalable-the best hosting services provide Web server hardware and software combinations that are scalable; which means they can be adapted to meet changing requirements when their clients grow.
All Electronic Commerce solutions must at least provide (CST):
· A catalogue display
· Shopping cart capabilities
· Transaction processing
· Catalogue-is a listing of goods and services.
· Static Catalogue-is a simple list, written in HTML that appears on a Web page or a series of web pages.
· Dynamic Catalogue-stores the information about times in a database, usually on a separate computer that is accessible to the server that is running the descriptions, and a search tool that allows customers to search for an item and determine its availability.
· Interoperability-is making a company’s information systems work together.
o Middleware-a software program that larger companies use to establish the connections between their electronic commerce software and their existing accounting system.
· Application Program/Software-a program that performs a specific function, such as creating invoices, calculating payroll, or processing payments received from customers.
· Application Server-is a computer that takes the request messages received by the Web server and runs application programs that perform some kind of action based on the contents of the request message.
· Database Manager-is software that stores information in a highly structured way.
· Distributed Information Systems-large information systems that store the same data in many different physical locations; and the databases within those systems are called distributed database systems.
· Web Services-a combination of software tools that let application software in one organization communicate with other applications over a network by using a specific set of standard protocols known by their acronyms.
· Simple Object Access Protocol (SOAP)-is a message passing protocol that defines how to send marked up data from one software application to another across a network.
· Web Services Description Language (WSDL)-the characteristics of the logic units that make up specific web services are described using WSDL.
· Universal Description, Discovery, and Integration (UDDI) Specification-the set of protocols that identify locations of Web services and their associated WSDL descriptions.
· Enterprise Resource Planning (ERP)-these software packages are business systems that integrate all facets of a business, including accounting, logistics, manufacturing, marketing, planning, project management, and treasury functions.
· Data Mining-looking for hidden patterns in data; can help businesses find customers with common interests and discover previously unknown relationships amongst the data.
· Customer Relationship Management (CRM) Software-must obtain data from operations software that conducts activities such as sales automation, customer service centre operations, and marketing campaigns.
· Content Management Software-helps companies control the large amounts of text, graphics, and media files that have become a key part of doing business.
· Knowledge Management (KM) Software-the software that has been developed to meet the goal of managing the knowledge within documents.
o Helps to do 4 main things (C PES):
§ (1) Collect and organize information
§ (2) Share the information amongst users
§ (3) Enhance the ability of users to collaborate
§ (4) Preserve the knowledge gained through the use of information so that future users can benefit from the learning of current users.
· Computer Security-is the protection of assets from unauthorized access, use, alternation, or destruction.
· Physical Security-includes tangible protection devices, such as alarms, guards, fireproof doors, security fences, safes or vaults, and bombproof buildings.
· Logical Security-protection of assets using non-physical means.
· Threat-any act or object that poses a danger to computer assets.
· Countermeasure-is the general name for a procedure, either physical or logical, that recognizes, reduces, or eliminates a threat.
· Eavesdropper-in this context is a person or device that can listen in on a copy Internet transmission.
· Crackers/Hackers-people who write programs or manipulate technologies to obtain unauthorized access to computers and networks. White hat hacker and black hat hacker are the differences between good and bad hackers.
· Secrecy-refers to protecting against unauthorized data disclosure and ensuring the authenticity of the data source.
· Integrity-refers to preventing unauthorized data modification.
· Necessity-refers to preventing data delays or denials.
· Security Policy-is a written statement describing which assets to protect and why they are being protected, who is responsible for that protection, and which behaviours are acceptable and which are not.
· Stateless Connection-each transmission of information is independent; that is, no continuous connections (also called an open session) are maintained between any client and server over the Internet.
· Session Cookies-exist until the web client ends the connection or session.
· Persistent Cookies-remain on the clients computer indefinitely.
· Web Bug-is a tiny graphic that a third party web site places on another site’s web page.
· Active Content-refers to programs that are embedded transparently in web pages and that cause action to occur.
· Applet-a small application program.
· Trojan Horse-is a program hidden inside another program or Web page that masks its true purpose.
· Zombie-is a Trojan horse that secretly takes over another computer for the purpose of launching attacks on other computers.
· Javascript-a scripting language developed by Netscape to enable Web page designers to build active content.
· activeX-an activeX control is an object that contains programs and properties that Web designers place on Web pages to perform particular tasks.
· Plug Ins-are programs that enhance the capabilities of browsers and handle web content that a browser cannot handle.
· Multivector Virus-named this because they can enter a computer system through several different ways (vectors).
· Antivirus Software-detects viruses and worms and either deletes them or isolates them on the client computer so they cannot run.
· Digital Certificate or Digital ID-is an attachment to an email message or program embedded in a Web page that verifies that the sender or Web site is who or what it claims to be.
· Steganography-describes the process of hiding information within another piece of information.
· Self Hosting-when companies need to incorporate electronic commerce components; they may opt to run servers in house.
· Shared Hosting-means that the client’s web site is on a server that hosts other web sites simultaneously and is operated by the service provider at its location.
· Dedicated Hosting-the server provider makes a Web server available to the client, but the client does not share the server with other clients of the service provider.
· Collocation Service-the service provider rents a physical space to the client to install its own server hardware.
· Scalable-the best hosting services provide Web server hardware and software combinations that are scalable; which means they can be adapted to meet changing requirements when their clients grow.
All Electronic Commerce solutions must at least provide (CST):
· A catalogue display
· Shopping cart capabilities
· Transaction processing
· Catalogue-is a listing of goods and services.
· Static Catalogue-is a simple list, written in HTML that appears on a Web page or a series of web pages.
· Dynamic Catalogue-stores the information about times in a database, usually on a separate computer that is accessible to the server that is running the descriptions, and a search tool that allows customers to search for an item and determine its availability.
· Interoperability-is making a company’s information systems work together.
o Middleware-a software program that larger companies use to establish the connections between their electronic commerce software and their existing accounting system.
· Application Program/Software-a program that performs a specific function, such as creating invoices, calculating payroll, or processing payments received from customers.
· Application Server-is a computer that takes the request messages received by the Web server and runs application programs that perform some kind of action based on the contents of the request message.
· Database Manager-is software that stores information in a highly structured way.
· Distributed Information Systems-large information systems that store the same data in many different physical locations; and the databases within those systems are called distributed database systems.
· Web Services-a combination of software tools that let application software in one organization communicate with other applications over a network by using a specific set of standard protocols known by their acronyms.
· Simple Object Access Protocol (SOAP)-is a message passing protocol that defines how to send marked up data from one software application to another across a network.
· Web Services Description Language (WSDL)-the characteristics of the logic units that make up specific web services are described using WSDL.
· Universal Description, Discovery, and Integration (UDDI) Specification-the set of protocols that identify locations of Web services and their associated WSDL descriptions.
· Enterprise Resource Planning (ERP)-these software packages are business systems that integrate all facets of a business, including accounting, logistics, manufacturing, marketing, planning, project management, and treasury functions.
· Data Mining-looking for hidden patterns in data; can help businesses find customers with common interests and discover previously unknown relationships amongst the data.
· Customer Relationship Management (CRM) Software-must obtain data from operations software that conducts activities such as sales automation, customer service centre operations, and marketing campaigns.
· Content Management Software-helps companies control the large amounts of text, graphics, and media files that have become a key part of doing business.
· Knowledge Management (KM) Software-the software that has been developed to meet the goal of managing the knowledge within documents.
o Helps to do 4 main things (C PES):
§ (1) Collect and organize information
§ (2) Share the information amongst users
§ (3) Enhance the ability of users to collaborate
§ (4) Preserve the knowledge gained through the use of information so that future users can benefit from the learning of current users.
· Computer Security-is the protection of assets from unauthorized access, use, alternation, or destruction.
· Physical Security-includes tangible protection devices, such as alarms, guards, fireproof doors, security fences, safes or vaults, and bombproof buildings.
· Logical Security-protection of assets using non-physical means.
· Threat-any act or object that poses a danger to computer assets.
· Countermeasure-is the general name for a procedure, either physical or logical, that recognizes, reduces, or eliminates a threat.
· Eavesdropper-in this context is a person or device that can listen in on a copy Internet transmission.
· Crackers/Hackers-people who write programs or manipulate technologies to obtain unauthorized access to computers and networks. White hat hacker and black hat hacker are the differences between good and bad hackers.
· Secrecy-refers to protecting against unauthorized data disclosure and ensuring the authenticity of the data source.
· Integrity-refers to preventing unauthorized data modification.
· Necessity-refers to preventing data delays or denials.
· Security Policy-is a written statement describing which assets to protect and why they are being protected, who is responsible for that protection, and which behaviours are acceptable and which are not.
· Stateless Connection-each transmission of information is independent; that is, no continuous connections (also called an open session) are maintained between any client and server over the Internet.
· Session Cookies-exist until the web client ends the connection or session.
· Persistent Cookies-remain on the clients computer indefinitely.
· Web Bug-is a tiny graphic that a third party web site places on another site’s web page.
· Active Content-refers to programs that are embedded transparently in web pages and that cause action to occur.
· Applet-a small application program.
· Trojan Horse-is a program hidden inside another program or Web page that masks its true purpose.
· Zombie-is a Trojan horse that secretly takes over another computer for the purpose of launching attacks on other computers.
· Javascript-a scripting language developed by Netscape to enable Web page designers to build active content.
· activeX-an activeX control is an object that contains programs and properties that Web designers place on Web pages to perform particular tasks.
· Plug Ins-are programs that enhance the capabilities of browsers and handle web content that a browser cannot handle.
· Multivector Virus-named this because they can enter a computer system through several different ways (vectors).
· Antivirus Software-detects viruses and worms and either deletes them or isolates them on the client computer so they cannot run.
· Digital Certificate or Digital ID-is an attachment to an email message or program embedded in a Web page that verifies that the sender or Web site is who or what it claims to be.
· Steganography-describes the process of hiding information within another piece of information.
Subscribe to:
Posts (Atom)