MIS quiz 2 Security

Virus Hoaxes

-Can cause as much damage as a real one -Confirm you have one before you start to do anything

What is a firewall? How does a firewall help with security?

-Firewalls -Combination of hardware and software -Barrier between a private network and external computers or networks -Examine data passing into or out of a private network -It helps by deciding whether or not to allow the transmission

What effect does a denial of service have

-Floods a network or server with service requests -Prevent legitimate users' access to the system -Target Internet servers

Worms

-Independent programs that can spread themselves without having to be attached to a host program -Travels from computer to computer in a network -Does not usually erase data One way to treat a worm is to make sure your operating systems are up to date

Describe four steps you can take to protect your own computer.

-Keep operating system up to date -Keep browsers, other software up to date -Install and update antivirus program -Do not click links in emails from untrusted sources Periodically scan secondary storage

Trojan Program

-Named after the Trojan horse the Greeks used to enter Troy during the Trojan Wars -Contains code intended to disrupt a computer, network, or Web site -Usually hidden inside a popular program One way to treat this is to update/install an anti virus

Describe four physical security measures and how they contribute to overall information security.

-Primarily control access to computers and networks --Cable shielding, Room shielding --Corner bolts --Electronic trackers --Identification (ID) badges --Proximity-release door openers --Uninterruptible power supply (UPS) ---Ensure equipment keeps running -Redundant array of independent disks (RAID)

Describe the resources that a comprehensive security system needs to protect

-Protects an organization's resources -Prevent problems, detect problems, recover -Includes hardware, software, procedures, and personnel that collectively protect information resources

Virus

-Self-propagating program code that's contained in other code and triggered by a specified time or event -In 2008, the number of computer viruses in existence exceeded one million -Difficult to estimate dollar amount of damage -Transmitted through network, email attachments, or code on web sites One way to treat virus is to update and install an anti-virus

How does a virus spread and what can you do to prevent it from doing so?

-Self-propagating program code that's contained in other code and triggered by a specified time or event -In 2008, the number of computer viruses in existence exceeded one million -Difficult to estimate dollar amount of damage -Usually given names I Love You, Michelangelo -Seriousness of viruses varies -Transmitted through network, email attachments, or code on web sites -You can prevent it by antivirus and having a business contingency plan or even by not opening suspicious emails at work

Logic Bombs

-Type of program used to release a virus, worm, or other destructive code -Triggered at a certain time or by an event One way to treat this is to update/install an anti virus

Social Engineering/Phising

-Using "people skills" to trick others into revealing private information -Takes advantage of the human element of security systems -Use the private information to break into servers and networks and steal data -Commonly used social-engineering techniques -"Dumpster diving" and "shoulder surfing" -Phishing -Spear phishing One way to deal with this is to have a firewall

What is s business continuity plan? Why should a company have one?

Outlines procedures for keeping an organization operational in the event of disaster or attack Prepare for disaster Plan steps for resuming normal operations as soon as possible

Backdoor

Program built into a system by its designer or programmer; bypasses system security System users aren't aware a backdoor has been activated One way to deal with this is to periodically scan secondary storage

Explain VPN (virtual private network) and data encryption

Provides a secure "tunnel" through the Internet For transmitting messages and data via a private network Remote users have a secure connection to the organization's network Low cost Slow transmission speeds Data encryption Transforms data, called "plaintext" or "cleartext," into a scrambled form called "ciphertext" Rules for encryption determine how simple or complex the transformation process should be Protocols: Secure Sockets Layer (SSL) Transport Layer Security (TLS)

How can a redundant array of independent disks (RAID) or an uninterruptible power supply (UPS) help with a company's security?

RAID helps keep your system and network running smoothly Uninterrupted power supply helps because it ensures that equipment keeps running now matter what

What is a biometric security measure? Describe four biometric security measures.

Use a physiological element to enhance security measures 1.) Palm Print uses your hand 2.) Finger print uses your finger 3.) Iris recognition uses your eye 4.) Voice recognition uses your voice

What are some examples of international threats

Viruses Worms Trojan programs Logic bombs Backdoors Blended threats (e.g., worm launched by Trojan) Rootkits Denial-of-service attacks Social engineering (includes phishing)

What is the difference between a virus and a worm?

Worms are stand alone software that do not need human help to infect different host

Rootkit (like a backdoor)

allows privileged access to a computer