Computer Network Security (CIS - 344) - Exam 1

List two ways securing server-side web applications is more difficult than securing other types of applications

- Most network security measures ignore the content of HTTP traffic making server-side applications vulnerable. - Many Web application attack perviously unknown vulnerabilities know as zero-day attacks this gives the victims no time to defend against the attacks.

Briefly explain the difference between black hat hackers and white hat hackers.

A black hat hacker is a person who hacks with malicious intent. A white hat hacker's intention is to bring awareness to vulnerabilities within a system and report them to be addressed.

Briefly define the term computer Trojan horse.

A computer trojan horse is a virus that is disguised as a normal piece of software that contains a payload that lays dormant till its triggered then infects the system.

Briefly describe the term computer virus

A computer virus is code added to legitimate software that replicates itself.

Briefly define the term computer worm or network virus

A computer work is a virus that infects a computer technology that is connected over the network. The worm uses the network to travel and infect different systems.

Briefly explain why most email doesn't automatically display images received in the emails.

A phishing email can display an image retrieved from a website that is requested when the user opens the email message. A unique code is used to link the image to the recipient's email address, which then tells the phisher that the email address is active and valid.

Explain how disrupting the steps of a cyberattack is similar to addressing defects in software development. Also, explain how cyberattacks and defects in software are similar.

Cyberattacks work in a chain, the sooner you address and attack, or even a error in a program the less expensive it is to address later on.

Confidentiality - Information should only be accessible by those authorized Integrity - Information shouldn't be compromised or changed without authorization Availability - Information needs to be accessible by those requiring it (systems, or people)

List and briefly explain the three kinds of protection that are needed form the perspective of the information. (HINT: Expant the CIA acronym)

For defenses against cyberattacks, what is the tension between the five areas of layering, limiting, diversity, obscurity, and simplicity?

Simplicity is the tension between all of these because the other areas are just adding in complexity.

Define social engineering and explain its relevance to computer network security.

Social engineering is hacking and gathering information from people. Its related to network security because it can be used to break security systems by gaining information about passwords, usernames or any other sort of data used to gain access.

Briefly explain the relationship between security and convenience. Why does this relationship exist?

The relationship between security and convenience is they are inversely proportional. This relationship exists because once you increase security, you reduce convenience. The opposite is true if you want to increase convenience.