Chapter 5
Describe the purpose of a CAPTCHA.
A CAPTCHA verifies that user input is from humans and not computer programs.
Describe the damages caused by DoS and DDoS attacks.
A DoS attack is an assault whose purpose is to disrupt computer access to an Internet service such as the web or email. The victim computer network slows down considerably and eventually becomes unresponsive or unavailable, blocking legitimate visitors from accessing the network. A DDoS is when a zombie army is used to attack computers or network. Damages include lost retail sales, lost revenue from advertisers, and delay in time-sensitive information, as well as tarnished reputations.
A(n) _____ allows users to bypass security controls.
A backdoor allows users to bypass security controls.
Define the term, biometric device. List disadvantages of biometric devices.
A biometric device authenticates a person's identity by translating a personal characteristic, such as a fingerprint, into a digital code. Biometric devices do have disadvantages. If you cut your finger, a fingerprint reader might reject you as a legitimate user. Hand geometry readers can transmit germs. If you are nervous, a signature might not match the one on file. If you have a sore throat, a voice recognition system might reject you. Many people are uncomfortable with the thought of using an iris scanner.
Define these terms: botnet, zombie, and bot.
A botnet, or zombie army, is a group of compromised computers or mobile devices connected to a network such as the Internet that are used to attack other networks, usually for nefarious purposes. A zombie is a computer or device whose owner is unaware that it is being controlled remotely. A bot is a program that performs a repetitive task on a network.
Define the terms, digital security risk and cybercrime.
A digital security risk is any event or action that could cause a loss of or damage to computer or mobile device hardware, software, data, information, or processing capability. Cybercrime refers to online or Internet-based illegal acts such as distributing malicious software or identity theft.
Define the terms, firewall and proxy server. List steps to set up a firewall.
A firewall is hardware and/or software that protects a network's resources from intrusion by users on another network such as the Internet. A proxy server is a server outside the organization's network that controls which communications pass in and out of the organization's network. To set up a firewall, first locate and purchase a firewall. Next, follow the instructions to install the program, then run it and make sure it is enabled. Review the settings, and back up and export your list of rules. Make adjustments to your rules to allow or disallow devices, programs, or services, then save and test your settings.
Define the terms, keygen and software piracy. Identify methods to prevent software theft.
A keygen, short for key generator, creates software registration numbers and sometimes activation codes. Software piracy is the unauthorized and illegal duplication of copyrighted software. To prevent software theft, owners should keep original software boxes and media or the online confirmation of purchases in a secure location, and backup files and disks. Companies often escort terminated employees so that they do not sabotage files or the network. Manufacturers use product activation and license agreements to protect against unauthorized installations.
Differentiate among user names, passwords, and passphrases.
A user name, or user ID, is a unique combination of characters that identifies one specific user. A password is a private combination of characters associated with a user name that allows access to computer resources. A pass phrase is a private combination of words, often containing mixed capitalization and punctuations, associated with a user name, that allows access to certain computer resources.
[EB] Name the contributions of AVG, McAfee, and Symantec, with respect to firewalls.
AVG partners with the leading experts in software development, threat detection, threat prevention, and risk analysis to create antivirus products that protect computers in home and business settings and also mobile devices. McAfee software protects more than 150 million mobile devices. McAfee's many security products include cloud security protection for SaaS companies. Symantec has achieved great success with its products, including Norton AntiVirus and Norton Internet Security.
Identify what should an AUP should specify.
An AUP should specify the acceptable use of technology by employees for personal reasons.
Explain how an organization uses access controls and audit trails.
An access control is a security measure that defines who can access a computer, device or network; when they can access it; and what actions they can take while accessing it. An audit trail records in a file both successful and unsuccessful access attempts to a computer, device, or network.
Describe the following license agreement types: end-user, network, and site. [EB] List conditions provided in a license agreement.
An end-user, or single-user license agreement, typically allows the software to be used only on one computer. A network license allows multiple users to access the software on the server simultaneously. A site license permits the software to be installed on multiple computers. A license agreement specifies the number of computers or devices on which the software can be installed, and network distribution permissions or restrictions. They usually do not permit users to make copies, export, rent, or lease the software.
List common types of malware. A(n) _____ is the destructive event malware delivers.
Common types of malware include virus, worm, trojan horse, rootkit, spyware, and adware. A(n) payload is the destructive event malware delivers.
Define the term, digital forensics. Name areas in which digital forensics is used.
Digital forensics, also called cyberforensics, is the discovery, collection, and analysis of evidence found on computers and networks. Digital forensics is used in law enforcement, criminal prosecutions, military intelligence, insurance agencies, and information security departments in the private sector.
Describe how companies use the following recognition or verification systems: face, hand, voice, signature, and iris.
Face recognition systems capture a live face image and compare it to a stored image. Hand geometry systems measure the size and shape of a person's hand. Voice verification systems compare a person's live speech with their stored voice pattern. Signature verification systems recognize the shape of your handwritten signature, as well as the pressure exerted and motion use to write the signature. Iris recognition systems read patterns in the iris of the eye.
Differentiate among hackers, crackers, script kiddies, cyberextortionists, and cyberterrorists. Identify issues with punishing cybercriminals.
Hackers access computers or networks illegally. Crackers also access computers or networks illegally, but have the intent of malicious action. Script kiddies have the same intent as a crackers, but without the technical skills, so they often use prewritten hacking and cracking programs. Cyberextortionists demand payment to stop an attack on an organization's technology infrastructure. A cyberterrorist uses the Internet or a network to destroy or damage computers for political reasons. Cybercrime laws vary between states and countries, making it difficult to reach a consensus as to what is illegal, and whether a crime is a civil or criminal case. Determining who has jurisdiction over a case, and the anonymity of the Internet make it difficult to locate and prosecute cybercriminals.
Give examples of information theft.
Information theft occurs when someone steals personal or confidential information. One is example is if an unethical company executive steals or buys stolen information to learn about a competitor.
Explain how macros can be a security risk.
Macros can be disastrous when hidden in a file and then run without permission.
PIN stands for _____.
PIN stands for Personal Identification Number.
Explain the process of product activation.
Product activation, conducted either online or by phone, is when users provide the software product's identification number to associate the software with the computer or mobile device on which the software is installed.
Define the term, spoofing. List ways to protect against Internet and network attacks.
Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network, such as email and IP spoofing. To protect against Internet and network attacks, use antivirus software, be suspicious of unsolicited email attachments, scan removable media, implement firewalls, and back up regularly.
[EB] Name the security contributions of the FBI's face recognition technology project.
The Federal Bureau of Investigation (FBI) is anticipating locating and apprehending criminals more efficiently when its new face recognition technology project is underway. This Next Generation Identification (NGI) plan uses biometrics to match mug shots in the FBI's database with images taken with public cameras. It also could compare a suspect's image with the FBI's database of public images, which could include distinctive tattoos and scars, and attempt to match iris recognition, DNA analysis, and voice verification.
Explain the two-step verification process.
The two-step verification process requires a mobile phone and a computer. When users sign in to a computer account, they enter a user name and a password. Next, they are prompted to enter another authentication code, with is sent as a text or voice message or via an app on a smartphone.
Give examples of unauthorized use of a computer or network.
Unauthorized access includes: an employee using an organization's computer to send personal email, an employee using the organization's word processing software to track his or her child's soccer league scores, or a perpetrator gaining access to a bank computer and performing an unauthorized transfer.
Identify risks and safety measures when gaming.
When gaming, follow these guidelines: be certain the website or person making a request is legitimate before downloading software or a patch; exercise caution if the game requires ActiveX or JavaScript or requires administration mode; use a firewall; do not share personal information with gamers you meet online.