Читаем CISSP Practice полностью

A credit card-sized card with embedded integrated circuits that can store, process, and communicate information. It has a built-in microprocessor and memory that is used for identification of individuals or financial transactions. When inserted into a reader, the card transfers data to and from a central computer. A smart card is more secure than a magnetic stripe card and can be programmed to self-destruct if the wrong password is entered too many times. This is a technical and preventive control.

Smart grid computing

Consists of interoperable standards and protocols that facilitate in providing centralized electric power generation, including distributed renewable energy resources and energy storage. Ensuring cyber security of the smart grid is essential because it improves power reliability, quality, and resilience. The goal is to build a safe and secure smart grid that is interoperable, end-to-end. Smart grid computing needs cyber security measures as it uses cyber computing.

Smelting

A physically destructive method of sanitizing media to be changed from a solid to a liquid state generally by the application of heat. Same as melting.

Smurf attack

A hacker sends a request for information to the special broadcast address of a network attached to the Internet. The request sparks a flood of responses from all the nodes on this first network. The answers are then sent to a second network that becomes a victim. If the first network has a larger capacity for sending out responses than the second network is capable of receiving, the second network experiences a DoS problem as its resources become saturated or strained.

Sniffer attack

Software that observes and records network traffic. On a TCP/IP network, sniffers audit information packets. It is a network-monitoring tool, usually running on a PC.

Social engineering

(1) The act of deceiving an individual into revealing sensitive information by associating with the individual to gain confidence and trust. (2) A person’s ability to use personality, knowledge of human nature, and social skills (e.g., theft, trickery, or coercion) to steal passwords, keys, tokens, or telephone toll calls. (3) Subverting information system security by using nontechnical (social) means. (4) The process of attempting to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks. (5) An attack based on deceiving users or administrators at the target site and is typically carried out by an adversary telephoning users or operators and pretending to be an authorized user, to attempt to gain illicit access to systems. (6) A general term for attackers trying to trick people into revealing sensitive information or performing certain actions, such as downloading and executing files that appear to be benign but are actually malicious.

Social engineering for key discovery attacks

It is important for functional users to protect their private cryptographic keys from unauthorized disclosure and from social engineering attacks. The latter attack can occur when users die or leave the company without revealing their passwords to the encrypted data. The attacker can get hold of these passwords using tricky means and access the encrypted data. Examples of other-related social engineering attacks include presenting a self-signed certificate unknown to the user, exploiting vulnerabilities in a Web browser, taking advantage of a cross-site scripting (XSS) vulnerability on a legitimate website, and taking advantage of the certificate approval process to receive a valid certificate and apply it to the attacker’s own site.

SOCKS

(1) An Internet Protocol to allow client applications to form a circuit-level gateway to a network firewall via a proxy service. (2) This protocol supports application-layer firewall traversal. The SOCKS protocol supports both reliable TCP and UDP transport services by creating a shim-layer between the application and the transport layers. The SOCKS protocol includes a negotiation step whereby the server can dictate which authentication mechanism it supports. (3) A networking-proxy protocol that enables full access across the SOCKS server from one host to another without requiring direct IP reachability. (4) The SOCKS server authenticates and authorizes the requests, establishes a proxy connection, and transmits the data. (5) SOCKS are commonly used as a network firewall that enables hosts behind a SOCKS server to gain full access to the Internet, while preventing unauthorized access from the Internet to the internal hosts. SOCKS is an abbreviation for SOCKetServer.

Softlifting

Illegal copying of licensed software for personal use.

Software

The computer programs and possibly associated data dynamically written and modified.

Software assurance