Computer Security Final
True of False: The United States has one comprehensive data protection law?
False
True or False: All firewalls are hardware appliances that sit at the edge of your LAN between your LAN and the Internet (WAN)?
False
True or False: It is important for organizations to eliminate all risk to their information systems.
False
True or False: Network Access Control tools give access to network resources after a user has authenticated and the system determines what resources that user should have access to?
False
True or False: No viruses are able to turn off anti-virus software.
False
True or False: The combination of spam filters and firewalls are able to identify and spot most phishing scams.
False
True or False: The goal of risk management should be to eliminate all risk.
False
What does FERPA stand for?
Family Education Rights Privacy Act
What is FISMA designed to protect?
Federal agency IT systems
What are some sample protocols of the application layer?
Some sample protocols of the TCP/IP application layer is http, pop3, https, smtp, and ssh.
When hackers send this, they will often include an unsubscribe button. When users click on the button, it can then install a worm or virus on your machine.
Spam
What are the four responses to negative risk?
The 4 responses to negative risks are reduce, transfer, accept, and avoid. RTAA Real Talk Always Available
Why does law enforcement have an issue with encryption?
They believe it keeps them from seeing information they need to protect the public
In 2009 Facebook changed their privacy policy without telling anyone? Why was this a big deal?
They broke their promise about keeping information confidential. Private information about users became public overnight and thus people became exposed. They also claimed it was the social norm to protect themselves.
Who is Kevin Mitnick?
The "King" of Social Engineering
In regards to password crackers, what is the difference between a brute-force attack and a dictionary attack?
A brute-force attack gain unauthorized access to a system or recovery of passwords stored as a cryptographic hash on a computer system. A dictionary attack tries shorter and simpler combinations to try to gain access. Brute force is more complex and tries more combinations.
What is the main difference between a business continuity plan and a disaster recovery plan?
A business continuity plan (BCP) gives priorities to the functions an organization needs to keep on going after some threat has appeared, while a disaster recovery plan defines how a business gets back on its feet after a major, natural disaster happens. One helps outline actions a business needs to take to keep on running when anything interrupts its critical business activities or functions, while the other details the steps they need to get to that point.
A ________ is a software tool that captures traffic as it travels across the network.
A protocol analyzer or packet sniffer is a software tool that captures traffic as it travels across the network.
When should you do a risk analysis?
A risk analysis should be performed based on a interval schedule depending on the property, equipment, and audit process.
A ______ is a cybercrime that is targeted at a specific target and is usually coordinated by a skilled team of people.
A spearphising is a cybercrime that is targeted at a specific target and is usually coordinated by a skilled team of people.
In 2-3 sentences describe how companies like Google and Facebook think of you as their product, not their customers.
Companies and Google and Facebook use us as data producers and sells us to advertisers. Google holds onto us with free incentives but then uses our data to lure advertisers into buying our data and selling us their own products. Google makes money off the advertisers.
What 4 security requirements/functions does encryption satisfy?
Confidentiality, Authentication, Integrity, Non-repudiation
What makes cookies vulnerable to attackers?
Cookies are simply text files on a computer to help track user's history. It helps web sites to remember you when you come back and modify the content they present you. Because these are just text files they do not do any immediate harm. However, if the site stores inappropriate content such as username, password, or credit card info it could be exposed to other programs that you don't want to have access to them.
What can an attacker do when a DNS server is vulnerable?
DNS vulnerabilities can result in web site traffic for a legitimate site being redirected to a fake site pretending to be the original site.
What does FERPA stand for?
FERPA is the family education rights and privacy act, which protects the privacy of student education records.
Is it possible to pilfer sensitive data through EEG headsets?
True
Multi-robot systems to act in unison via collective behavior can be described as what kind of capabilities?
"Swarm" capabilities
What is the average cost of a data breach for an enterprise?
$551,000
What are Issac Asimov's three laws of robotics?
1. A robot may not injure a human being, or, through inaction, allow a human being to come to harm. 2. A robot must obey the orders given it by human beings except where such orders would conflict with the First Law. 3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.
When was the first virus written?
1971
What is the purpose of a checksum?
A checksum is a one-way calculation of information that yields a result that is usually much smaller than the original message. It is difficult to duplicate.
Besides destroying the media what is one other way to effectively destroy the data?
A degausser creates a magnetic field that erases data from magnetic storage media. Once data go through a degausser, the data cannot be recovered.
How did the blueprints of the Marine One helicopter end up on an Iranian P2P website?
A employee downloaded a software to listen to free music and accidently put the program in the wrong folder. The confidential folder, which had the blueprints, was then accessible by everyone who was linked to that P2P server.
What is the role of a firewall?
A firewall controls the flow of traffic by preventing unauthorized network traffic from entering or leaving a particular portion of the network.
What is the website shodan.io used for?
A google for hacking information and other cybersecurity information
A hidden access method to a software program is called a __________.
A hidden access method to a software program is called a backdoor.
What is a logic bomb?
A logic bomb is a piece malware that executes based on a certain condition. It can be time-based (these are called time bombs) or event-based. Many logic bombs start with an organizational insider. For example, a disgruntled employee may create a program or a piece of code that is designed to start deleting company files if he is ever terminated. Or the code may execute under other types of conditions. Logic bombs can be very hard to detect.
Who is Rezwan Ferdaus?
A terrorist who was going to execute a terrorist drone attack on US soil (Pentagon and US Capitol)
A tool that records everything a user types into their system is called a ___________?
A tool that records everything a user types into their system is called a keystroke logger.
What is a system infector?
A virus that usually infects system start up processes. It allows the virus to take control before the computer can finish loading the protective measures like anti-virus.
What is a vulnerability as it related to computer security?
A vulnerability is a weakness within the computer systems ecosystem that can be exploited so that other users can be granted unprivileged access to it through domains such as user domain or workstation domain.
Describe the difference between a black hat hacker and a white hat hacker.
A white hat hacker is authorized to hack while the other is not.
Who was Henrietta Lacks?
A woman whose tumor outlived her life and her cells have been used in research projects for a lot of other diseases
How is a worm different than a virus?
A worm is a self-contained program that does not need another application to survive.
What are the four responses to negative risk?
Accept, Assign (transfer), Mitigate, Avoid
Explain role-based access control
Access to services is determined by the position a user holds in the organization
What is the difference between an IP address and a MAC address?
An IP address is an address that is bound to the network device so this means devices connected to the network shares the same IP. Mac addresses refers to the hardware and thus the network card unique to each machine.
What is an Advanced Persistent Threat?
An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization
What is the purpose of an audit?
An audit checks whether the security controls work as expected, and to build customer confidence
What is an organizations risk tolerance?
An organization's risk tolerance is the willingness or acceptance of the organization to accept or avoid risk.
In 1-2 sentences explain why the Android OS is more vulnerable than iOS.
Android OS is more vulnerable than iOS because Android OS is open source. This means that it lets users have more freedom but it has less security in place. Its application have less control and security built into them due to the open source and customization available. iOS doesn't suffer from open source dilemmas because it is closed.
Why is Android OS more vulnerable to attacks than iOS?
Android is open source + little regulation
What motivates a hacktivist?
Anything from the movement they are behind to a figure they dislike usually politically motivated
Name the 7 layer of the OSI Model
Application, Presentation, Session, Transport, Network, Data Link, and Physical
Name the four layers of TCP/IP
Application, Transport, Internet, Network Access
How many new pieces of malware are released every day?
Around 1 million
What is the difference between authentication and authorization?
Authentication asks the question "is this person who they say they are" and Authorization answers the question "what does this person have access too?"
Name the 3 tenets of information security?
Availability, Confidentiality, and Integrity. Confidentiality is keeping the info secure. Availability is making it available as much as possible for the users. Integrity is making sure others cannot manipulate the data.
What is the difference between a Business Continuity Plan and a Disaster Recovery Plan?
BCP assumes infrastructure is still in place whereas disaster recovery does not
Some attackers use software programs that can be installed on the victim's computer that will open an entry point letting them in. The user has to launch the program to install it though, so attackers will often use social engineering to get them to install it. Once these programs are activated they will often open a port and listen for commands from the attacker to be executed on the victim's machine.
Backdoor
Why are most SCADA systems vulnerable to attack?
Because they are old and not designed with security in mind or engineered to be connected to the internet
This is what you call a group of infected computers controlled by a single controller.
Botnet (short for robotic controlled networks. Botnets can be used for all types of attacks including denial of service attacks, spam attacks, and to distribute malware. In 2007 a botnet called Storm became the second most powerful supercomputer in the world.
In this scenario attackers can take advantage of poorly designed application code. Basically, it is possible in some cases for the attacker to send too much data to an application which opens the door for command line instructions to be sent to the computer.
Buffer overflow
What is change control management?
Change control management develops a planned approach to controlling change by involving all affected departments. The objective is to maximize the benefits of all people involved in the change and minimize the risk of failure.
These attacks happen when web application don't properly handle incoming http requests. When vulnerable, websites can be prompted to executing certain scripts sent by clients and causing undesirable effects.
Cross site scripting (XSS)
What type of virus is able to target multiple operating systems?
Cross-platform viruses
What is the science of cracking ciphers called?
Cryptoanalysis
What does cyborg stand for?
Cybernetic organism
The best way to protect yourself against workstations with vulnerable operating systems is what?
Define a workstation operating system vulnerability window policy and standard and perform frequent vulnerability assessment scans as part of ongoing security operations.
Name two different types of password crackers.
Dictionary and brute force attack
This type of password cracker attack is particularly effective when the victim is using a weak password such as a regular word
Dictionary attack. Password crackers try to guess a user's password to gain access to a system. These can use both brute force attacks and dictionary attacks. Brute force attacks literally try every combination of characters until it find the correct password. Dictionary attacks on the other hand use only actual words or variants of words to try to guess the password. Dictionary attacks are particularly effective when the user has chosen a weak password.
What is the difference between a DoS and a DDoS attack?
DoS attack uses a single computer where a DDoS attack uses a group of computers to coordinate an attack.
Once inside your system, a good hacker will do what to try to cover his/her tracks and avoid detection?
Erase any traces of them being there and not set off any alarms.
Who in a company is responsible for information systems security?
Everyone
Name two other ways humans can unwittingly counter data security measures put in place.
Examples include: Leaving a workstation unattended Losing a device with sensitive data Putting an infected USB drive in a drive
Name the basic building blocks a CISO and his/her security group can use when developing a security program
Functional policies, standards, procedures, baselines, guidelines
Who else is investing into UAVs / Drones except the military?
Google & Facebook
Describe why it is concerning that Google changes search results based on who is making the request.
Google tailoring search results compromises the integrity of one's search and thus one is not getting the best results of what you are looking for. In addition, because Google has so much information about users, it can change results to what it thinks you want to gain more clicks and data from the user itself. If Google wants a user to think a certain way also, it can customize search results to change the user's beliefs.
What are some sample protocols of the TCP Application Layer?
HTTP, SMTP, POP3
Why do some spammers send an "unsubscribe" link to a set of email addresses?
Hackers use the link to determine whether an email address is valid and thus a target to spam even further
PCI DSS is an international standard for _______?
Handling transactions involving payment cards
What does it mean to harden your system?
Hardening your system means to change hardware and software configurations to make computers and devices as secure as possible.
Why use a hash or put another way hash functions do what?
Hashing functions are useful to protect data from unauthorized changes.
Who is Bertold Meyer?
He was equipped with Touch Bionics i-limb hand, one of the first bionic man, could be hacked because of Bluetooth attached to his limb
What information does HIPPA protect?
Health-related information
What sort of environmental factors (not including disasters) are computer and network equipment especially vulnerable to?
Heat and humidity
What is the application layer?
High-level APIs, including resource sharing, remote file access
What are honeypots?
Honeypots are sacrificial hosts and services deployed at the edges of a network to act as bait for potential hacking attacks.
What is the difference between a computer's IP address and its MAC address?
IP address is used to connect to a network and can change. A MAC address is for the hardware, on the NIC card, doesn't change.
This is when an attacker presents a phony network address on the IP packets to make their computer appear as an authorized computer on the network.
IP spoofing is when an attacker presents a phony network address on the IP packets to make their computer appear as an authorized computer on the victim's network. This can be used to gain access to protected internal resources.
What is the difference between an Intrusion Detection System (IDS) and an Intrusion Protection System (IPS)?
IPS does the same thing as IDS but an IPS can block IP data streams identified as malicious while an IDS cannot do the same.
How are IT systems affected by Sarbanes Oxley Act?
IT systems now have have different controls to safeguard them since the controls have to be reviewed for SOX compliance in order to protect the many variations of financial information they hold.
What are the four parts of access control?
Identification, Authentication, Authorization, Accountability
What are the four components of access control?
Identification, authentication, authorization, accountability
For an individual what is one possible consequence of a security breach where confidential information is compromised?
Identity theft / credit card theft
Describe a physical vulnerability that can be exploited
If you use a credit card or a door access card, attackers can set up phony card readers on ATM's and other locations to read the mag stripe data on your card.
For a country what is one possible consequence of a security breach where confidential information is compromised?
Information pertaining to the protection of its people could be compromised
ISO 17799 and its successor ISO 27002 provide organizations with best practices recommendations for...?
Information security management
What is the definition for Information Systems Security, as described in the book?
Information systems security is the collection of activities that protect the information system and the data stored in it.
What are the four ways harm can be effected on your computer system?
Interception, interruption, modification, and fabrication
What is the purpose of the Federal Information Security Management Act?
It called for the federal government to better their information security and change their approach to it as well.
What can happen if an organization does not comply with FERPA rules?
It could not receive federal funds.
When does it NOT make sense to implement a control or counter measure?
It does not make sense to implement a control or countermeasure if the asset one is trying to protect costs more than the control or countermeasure that one is trying to implement; if the asset is worth more than the protection, it is not worth it.
Using an RSA hardware token is an example of Authentication by _________?
It is Authentication by Ownership.
What does NIST stand for?
It is National Institute of Standards and Technology.
What is a rainbow table?
It is a table that stores hashed version of passwords precomputed from dictionary words. It is used to find words in hashed form.
What does ACL stand for as related to computer security?
It is access control list.
What is cryptoware?
It is essentially ransomware - hackers encrypt data and people have to pay to get their data back
Why is media disposal important?
It is important to ensure that no data leak out of an organization on discarded media. Media-disposal requirements prevent attackers from getting their hands on files, memory, and other protected data.
How is a passphrase different than a password?
It is longer and generally harder to guess, so it's considered more secure. It usually contains more than one word also.
This type of access control is based on the jobs the user is assigned?
It is role-based access control.
Looking at table 12-1 on page 404 in your book, what is the title of the NIST Special Publication 800-83 Rev. 1?
It is the Guide to Malware Incident Prevention and Handling for Desktops and Laptops.
What is ISO an acronym for?
It is the International Organization of Standardization.
What is an organization's risk tolerance?
It is the amount of risk they are willing to except
Of the formal methods of access control, which one has the owner of the resource deciding who gets in?
It is the discretionary access control.
What does ISO mean?
It is the greek word for "equal" and was chosen as the name for a set of standards created by several different countries in several languages
What is the degausser method and what is it used for?
It is the process of running digital media through a magnetic field for the purpose of removing any data stored on that media
In one sentence describe how the introduction of the Internet dramatically impacted computer security.
It now made information easily accessible to everyone including criminals with tools such as the Dark Web so everyone is prone to danger.
In one sentence, describe what a vulnerability scanner does?
It probes a system for vulnerabilities and categorizes threats
What does the Gramm-Leach-Bliley Act (GLBA) protect?
It protects consumer financial information within financial institutions to mitigate data breaches and identity theft
What kind of information does Sarbanes-Oxley (SOX) protect?
It protects corporate financial information.
What kind of information does HIPAA protect?
It protects health related information like health or insurance.
What is the main goal of SOX?
It protects investors from financial fraud.
What kind of information does FERPA protect?
It protects student educational information and records.
What does the Children's Internet Protection Act require schools and libraries to do?
It requires schools and libraries to filter offensive web content so that children cannot access it.
How does an event-based synchronization system work for authentication?
It uses a counter, which is the input value, and the user presses a button to generate a one-time password. He or she then enters this password with his or her PIN at the workstation to gain access.
Which does SSL use - symmetric or asymmetric keys?
It uses asymmetric keys.
Which standards organization came up with the OSI reference model?
It was the International Organization of Standardization.
According to the video, if you were to read all of the agreements presented to you how long would it take?
It would be either 180 hours out of every year or one whole month.
The Caesar cipher is an example of what type of cipher?
It's an example of substitution cipher.
What is a zero-day vulnerability?
It's an old computer vulnerability that has not been addressed yet by developers and security staff so malicious software can still enter computers through that same gate way till it has been patched.
What is the job of the presentation layer?
Job is to configure the data: encryption, compression, translation
What is not a valid strategy for dealing with risk?
Justify
Name one of the two SSO Processes talked about in the book?
Kerberos is a computer network authentication protocol that allows nodes communicating over a nonsecure network to provide their identity to one another in a secure manner. Its design is aimed primarily at a client/server model, and it provides mutual authentication - the user and the server each verify the other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.
In class we mentioned a famous hacker who was considered the "king" of social engineering. Who is this person?
Kevin Mitnick
This tool used by attackers is usually a software application that records what the user is typing.
Keystroke Loggers: This is usually a software application but it can also be a hardware device. These tools can be installed on a computer and will record every character the user types into the keyboard. It logs this information to a log file that can later be sent to and reviewed by the attacker.
What is it called when one records every aspect of their lives, thoughts, and experiences via self tracking tools?
Life logging
What does LAN stand for and describe it.
Local area network; interconnected network of computers within a limited space
What are the two different types of DOS attacks where one uses software flaws to crash or hinder a remote server and the other overwhelms the remote server with huge amounts of traffic?
Logic and flooding attacks
Explain what multi-factor authentication is
MFA requires the user to prove their identity by using multiple types of factors including 1) something you know 2) something you have and 3) something you are
What words combine to form the work malware?
Malicious and software
What is the session layer?
Managing communication sessions, i.e. continuous exchange of information in the form of multiple back-and-forth transmissions between two nodes
In 2-3 sentences, describe one vulnerability associated with the TCP/IP protocols.
Many of the protocols are open-sourced which makes me more vulnerable to things like man-in-the-middle attacks or session hijacking
Describe one vulnerability associated with the TCP/IP protocols.
Many of the protocols are open-sourced which makes them more vulnerable to things like man-in-the-middle attacks or session hijacking.
In 2-3 sentences describe how the Moore's Law and the lilypad example described in Future Crimes relate to computer security.
Moore's law describes how technology expands at a rate that is unimaginable by humans because of how simply expansive it grows and how quickly it grows. The lilypad example showcases how things can grow exponentially and if one does not stop its progress quick enough it could smother entire environments. The two concepts relate in that computer security dilemmas are growing exponentially fast and one should be monitoring the progress and solving them as fast as possible before they grow out of hand.
What do you call a virus that can act like both a system infector and a file infector?
Multipartite virus
Name three reoccurring themes in computer security
Need to have a defined security policy, user education is critical, firewalls are the front line of defense
The OSI model describes what?
Network protocol stack and a set of rules to describe how data is communicated over a network. Also describes network devices.
According to the book, when a hacker has targeted a system, what is their success rate for penetrating the system?
Once a hacker has targeted a system, their success rate is 75% for penetrating the system successfully.
What did the Iranians who hacked into the Bowman Avenue Dam do once they were inside the system?
Once they were into the system, all they did was to read and access files, including usernames and passwords, six times.
Name 3 techniques that can be used to combat social engineering efforts?
One can ensure that employees are educated on the basics of a secure environment, develop a security policy and computer use policy, and require the use of identification for all personnel.
Wireshark is a type of what?
Packet sniffer
A brute force attack is a type of what?
Password cracker
What does PCI DSS stand for?
Payment card industry data security standard
What is phishing?
Phishing attempts to trick victims into giving up private information like usernames, passwords, credit card information, etc. They do this by sending the user an email or instant message that appears to come from a trusted institution like a bank or credit card company. The visible url will look authentic but when the user clicks on it it will instead send them to a site controlled by the hacker. Attackers will send these messages to millions of users because even if only a small percentage of them are fooled into giving up their information it can be very lucrative.
Name a clue you can look for to identify a phishing scam.
Phishing scams substitute similar-looking characters for the real characters in the URL.
Plaintext + _____ goes into an algorithm to create the ciphertext?
Plaintext + one or more keys goes into an algorithm to create a ciphertext.
In the sad case of Millie Dowler, a 13 year old girl who was abducted in England, who was was logging into her voicemail after her disappearance?
Press company News of the World tried to get more information by logging into her voicemail. The company gave the family false hope due to the logins.
When a hacker wants to break into a target system, what is usually their first step?
Probing and gathering information.
What are the phases of an attack?
Probing, gaining access, maintaining access, covering you tracks
______ risk analysis uses relative risk probability and risk impact to determine risk responses.
Qualitative risk analysis uses relative risk probability and risk impact to determine risk responses.
What is Identity Access Management?
Refers to the processes and tools used to ensure that the right people have the right access to the right resources at the right time
When should managers go through the process of risk management?
Regularly, usually a cyclical basis
What is the data link layer?
Reliable transmission of data frames between two nodes connected by a physical layer
What is the transport layer?
Reliable transmission of data segments between points on a network, including segmentation, acknowledgement and multiplexing
In this type of attack, attackers can listen and capture packets on a network they can use these much like a DVR and playback the packets sent from one machine to another. This can bring a system down or have other undesired consequences.
Replay attack
Risk = ______ x _______
Risk = likelihood x impact
Name 3 of the 12 major sections of ISO 27002
Risk assessment, security policy, organization of information, asset management, compliances
Who created the first worm and what was it called?
Robert Morris did in 1988 and it was called the Morris Worm.
These replace existing components of code often in the operating system making them almost invisible to malware protection systems. They give the intruder administrative rights on the system and can be used to open backdoors.
Rootkits: Rootkits are designed to be hidden from detection. Because they allow intruders to have root level access, they can be used to open backdoors. There are root kits available for all major operating systems including Windows, Linux and other Unix OS's.
A(n) __________ is a formal contract between your organization and an outside firm that details the specific services the firm will provide.
SLA (Service Level Agreement)
Heartbleed is an example of what type of vulnerability.
SSL vulnerability
What is the order of priorities in the case of a disaster?
Safety and well-being of people, continuity of critical business functions and operations, continuity of IT infrastructure components within the seven domains of IT infrastructure
Explain how Sally would send an encrypted message to Bob using asymmetric keys
Sally would use Bob's public key to encrypt the message then Bob would use his private key to decrypt the message
ISO 17799 and its successor ISO 27002 provide organizations with best-practice recommendations on ___________?
Security standards for the organization
What is SQL Injection?
Similar to buffer overflow, these attacks can happen when input data from an application is not properly handled. Basically, in these scenarios attackers insert certain SQL commands into an input field on a form. These commands are read and executed by the database. They can result in exposure of sensitive data, modify data, and/or crash the database behind the application.
What did Samy Kamkar invent?
SkyJack, and it hijacked other drones in the air
What are some examples of personally identifiable information (PII)?
Some examples are Social Security numbers and names.
What is the difference between spearphishing and phishing?
Spearphishing is a variation of phishing. These attacks are targeted for a specific user. Usually these people will have an exceptionally high level of access or a large amount of resources the attackers are looking to steal. To execute these targeted attacks, hackers will research their victim looking on social media and other data sources. They will then craft a targeted email that appears to come from a trusted source (like a friend or a colleague) and will include information that is targeted directly for the victim.
This type of malware threatens the confidentiality of data on a computer. It monitors user activity and gathers information about the user. This data may be used simply for advertising but it can also monitor usernames, passwords, and credit card numbers. They are usually downloaded as part of some freeware application.
Spyware
What is the process of managing risk in 4 steps?
Step 1: Identify and analyze exposures, Step 2: Develop a strategy for dealing with those risks, Step 3: Implement your risk mgmt techniques, Step 4: Continuously monitor the situation.
What is the network layer?
Structuring and managing a multi-node network, including addressing, routing and traffic control
What are the three main types of viruses?
System infectors, file infectors, data/macro infectors
What does the Carrier IQ software that is installed on all mobile devices do?
The Carrier IQ software tracks the keystrokes of the phone of the user and records this data for the carrier themselves. Nobody knows what the information stored is used for.
What was the first worm?
The Morris worm
In Future Crimes, Marc Goodman describes an example of someone who filled out an OKCupid profile to see what they did with the data. What was so disconcerting about what he found out.
The OKCupid profile was just another way of getting people to input their personal data into a form and sell the information to the government and other buyers for a high price. The data was gladly sold to data brokers from OKCupid whom was seeking a high profit.
Who hacked the Associated Press and tweet that there has been an explosion at the White House and that Barack Obama had been injured?
The SEA (Syrian Electronic Army)
In Future Crimes, the book talks about The Silk Road. What was that?
The Silk Road is a criminal marketplace online in the Dark Web. They sell illegal goods.
What was the Stuxnet worm designed to do?
The Stuxnet virus was designed to find the firmware used to run the centrifuges at the Natanz facility and take control of those devices spinning them so fast that they broke.
What is the TCP 3-way handshake?
The TCP 3-way handshake is used to establish a connection between the client and server. It is initiated by the client and acknowledged by the server and then acknowledged again by the client.
The Internet came from a military initiative called DARPA. What was the purpose of this initiative?
The U.S. Department of State came up with the internet to keep computers in contact in the case of a nuclear attack
What is the best way to prevent a DoS/DDoS attack?
The best defense is to detect attacks as early as possible and take action to block the incoming traffic before it renders your network unusable.
What is the best way to mitigate the risk of losing complete access to your data center?
The best way to mitigate the risk of losing complete access to your data center is by having another backup of the data stored on an off site and offline location. This way the data can be accessed regardless of connectivity and it is always accessible regardless of the situation.
What is the best way to protect data in transit?
The best way to protect data in transit is to encrypt it.
In 2012 why did Google change their privacy policy allowing them to combine the databases of all their services?
The combination of the databases allow Google to build more comprehensive profiles for their users who are using all their services and then Google can sell the accounts for more money.
How do viruses spread from host to host?
The copy themselves onto other machines they come in contact with. They can be spread on a flash drive, over the network, or by any other means that computers share files.
Why is it important which countries the physical servers of cloud storage companies like Google and Microsoft are located?
The countries' environments are important to maintain the servers themselves and the data confidentiality policy of some countries may force some companies to change the way they handle and treat data confidentiality.
Who is responsible for classifying data?
The data owner is responsible.
Describe how the erosion of privacy and the advances in surveillance technology maps to the lily pad example described in the book.
The erosion of privacy and the advances in surveillance technology maps to the lily pad because both topics grow at an exponential rate. Before we know it, the two topics will grow faster than we can control or comprehend it.
What was the first Trojan and when was it released?
The first known Trojan was called Animal and it was released in 1974. All it did was replicate itself inside the directory structure of the machine. Today's trojans can open back doors, steal sensitive info and many other things.
What are the four layer of TCP/IP and how do they map to the OSI model?
The four layers of TCP/IP protocol architecture are application layer, host-to-host transport layer, internet layer, and the network interface layer. TCP/IP maps to the OSI model in terms of transporting information through networks but the TCP/IP protocol has less layers than the OSI model. TCP/IP is an older and more established approach but the OSI model will serve as guidelines for the future. AHIN All Houses Include Networks
According to video, what are the four ways harm can be effected to computer system?
The four ways harm can be effected to computer system is through interception, interruption, modification, and fabrication. MIIF Many Injuries Include Feet
Where did the internet come from?
The internet came from a military initiative called DARPA to provide redundant capabilities for computer systems during a nuclear attack
Describe the difference between a man-in-the-middle attack and browser hijacking?
The man-in-the-middle pretends to be on both sides of the party to gain information from both sides. Browser hijacking includes redirecting the user to another site than the one he or she is trying to get to attempt to get their private information. Man-in-the-middle pretends to be a person while browser pretends to be a legit site.
In the web address, http:/bc.edu/8080, tell me what the number 8080 refers to.
The port number
The W3C was founded to address the lack of standards around _________?
The primary language of the Web and its other issues
What is the purpose of "separation of duties"?
The purpose of the separation of duties is to deter users from planning and organizing conspiracies against their company.
What are the 7 layers of the OSI model?
The seven layers of the open system interconnection is the physical layer, the data link layer, the network layer, the transport layer, the session layer, the presentation layer, and the application layer. PDNTSPA Parents do not tolerate stupid pre adults
In Future Crimes, why did the teenage hacker attack Matt Honan?
The teenage hacker attacked Matt Honan because he liked Honan's twitter handle "@Mat".
What are the 10 major sections of the ISO 17799 standard?
The ten major sections are security policy, security organization, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, system development and maintenance, business continuity management, and compliance.
Where does the term malware come from?
The term comes from combining the two words "malicious" and "software" together.
Describe the three tenets of a good Information Systems Security model?
The three tenets of a good information systems security model is confidentiality, integrity, and availability. Confidentiality allows authorized users to view information, integrity allows authorized users to change information, and availability allows information to be accessible by authorized users when they request it.
In the satirical Onion article they talked about the CIA's newest tool/weapon for gathering intelligence about people. It's funny because it is not too far from the truth. What was this tool?
The tool was Facebook.
For a company what is one possible consequence of a security breach where confidential information is compromised?
The trust from their users can be compromised.
Why is the use of cookies somewhat controversial?
The use of cookies is controversial because they allow a web server to transmit files to a person's computer for storage on that person's hard drive.
Which of the 7 domain is the weakest link?
The weakest link in the 7 domains is the user domain due to the human aspect for it like lack of user awareness or security policy violations.
What are the four supporting mechanisms of an IT Security Policy?
They are standards, procedures, baselines, and guidelines.
What is a macro infector?
These are viruses that infect office program macro files. Macros are basically recordings of user actions designed to make repetitive actions more efficient. It is possible for viruses to infect these files though and insert their own instructions.
What do data brokers like Acxiom and Datalogix do?
These data brokers are responsible for data surveillance with information from internet service providers and other online service providers and analyze all the collected data.
What is one reason why most SCADA (supervisor control and data) systems are particularly vulnerable to attack?
These systems are meant to oversee but not designed to protect themselves security-wise when accessed to the internet.
What is the purpose of certificate authorities?
They act as a trusted third party to vouch for the validity and ownership of public keys/certificates
What do Polymorphic, stealth, slow viruses and retro viruses have in common?
They all attempt to avoid detection by attacking a host's countermeasures like anti-virus software.
What is a ethical or white hat hacker?
They are an information systems security professional who has authorization to identify vulnerabilities and perform penetration testing; they are also known as white-hat hackers.
What 4 requirements does encryption/cryptography satisfy?
They are confidentiality, integrity, authentication, and nonrepudiation.
What are the four parts of access control?
They are identification, authentication, authorization, and accountability.
What are four of the most common social engineering attacks?
They are intimidation, name-dropping, appeals for help, and phising.
What are the 7 common steps used in the Software Development Life Cycle?
They are requirements specification,design, construction, integration, testing and debugging, installation, and maintenance.
Why are standards important?
They can be used to guarantee compatibility between products. They provide a template for companies to use so they don't have to reinvent the wheel. They help customers evaluate an organization's efforts towards securing data
Name three operations spyware can do on your machine?
They can conduct denial of service, track my personal information, or track my keystrokes.
Why are most free apps not free?
They gather information as you use them and the app sells the data to third parties
Why do companies like Google and Microsoft practically give away data storage capabilities in the cloud?
They give away data storage to aggregate more data from its users. With more storage, users are able to use the service more and to store more of their data. The company can then use the data to sell to the highest bidder.
Why do IT security professionals need to understand how these laws?
They help professionals understand the impact of these laws and guidelines to follow from an IT security perspective.
What do vulnerability scanners like Nessus do?
They help security administrators evaluate a large number of vulnerabilities on an IP host device to report problems to resolve. They also categorize threats.
Why do security professionals need to be aware of these laws
They need to know how the laws impact their organization and what they must do from an IT perspective to be compliant
In Future Crimes, how are criminals and others able to pay for these illegal goods and services anonymously online?
They pay for goods and services through Bitcoin or other anonymous blockchain currencies.
What do Privileged Account Management (PAM) tools do?
They provide added security for superuser accounts (ex administrative accounts) that have elevated privileges on certain computers
Why is it not a good idea to have a programmer/developer be able to move his code to a production environment?
They should have their code go through a code review in the change control process before it is uploaded. Pushing code to production without it being checked could harm the system or users by being not well-written, unstable, unsecured, etc.
Organizations should take into account these three criteria when classifying data:
They should take value, sensitivity, and criticality into account.
What is one reason why most SCADA systems are particularly vulnerable to attack?
They weren't built with security in mind or to be on the internet
Explain a man-in-the-middle attack
This is where an attacker intercepts messages sent between two machines. For example, if an attacker can get the user to believe they are connecting to a particular website (e.g. walmart.com) by having them go a similar-sounding web site (e.g. walmart.org) the attacker can act as a proxy between the user and the real walmart.com and intercept the traffic being sent including usernames and passwords.
What are 3 advantages of using SSO?
Three advantages of using SSO is it's an efficient logon process, it can provide for strong passwords, and it provides continuous, clear reauthentication.
What are the three concerns around using biometrics for authentication?
Three concerns are physical characteristics might change, response time may be too slow, and the required devices can be expensive.
What are three examples of how the workplace may be monitoring their employees?
Three examples are opening mail or email, using automated software to check email, and checking phone logs or recording phone calls.
Name 3 threats to access controls.
Three threats are gaining physical access, eavesdropping by observation, and bypassing security.
What is the main purpose of data classification and who is responsible for it?
To identify what data is considered sensitive and requires protection. The data owners are responsible
What was the group Aum Shinrikyo resposible for?
Tokyo subway attack in 1995 with bioweapons
What does TOR do?
Tor changes your "position" or hide where you are actually using the computer and any person information as well
What is the physical layer?
Transmission and reception of raw bit streams over a physical medium
What is the largest class of malware?
Trojans
What are trojans?
Trojans are software that is disguised as a useful program but actually contains malicious code. The outward appearance of the code tricks users into running the program. Once it is running the program can execute commands to the host computer with the implicit authorization of the user.
True or False - No cipher is unbreakable?
True
True or False: According to the Ted Koppel video we watched, the Russian and Chinese have already access the United States power grid
True
True or False: Any computer system can be hacked.
True
True or False: Information systems security is a collection of activities that protect the information system and the data stored on it.
True
True or False: Risk management is central to information security?
True
True or False: the dark web is larger than the clear web.
True
Something you know, something you have, and something you are
What are the 3 factors of identification?
Name two threats/vulnerabilities that are related to the User Domain?
Two threats / vulnerabilities are unauthorized access and lack of user awareness.
Who hacked the UAV's that Homeland Securities deployed to protect the border?
UT Austin students
What are the 7 domains of computer security?
User Domain, Workstation Domain, LAN Domain, LAN-to-WAN domain, WAN domain, Remote Access domain, Systems/Application domain
What are the 7 domains of the typical IT infrastructure?
User, Workstation, LAN, WAN, LAN/WAN, System App / Storage, Remote Access
Which wireless encryption protocol is more secure: WEP, WPA, or WPA2?
WPA2
What are wearable-computing devices called?
Wearables
When these are are not properly patched it can lead to web page defacement or worse. It can then be used to pass along malware.
Web servers - When they are not properly patched web servers can lead to web page defacement or worse. It can then be used to pass along malware.
Social engineering is the art of getting authorized people to carry out the actions for unauthorized people. It is often very successful and that is due to the fact that most people want to be helpful, especially if the person making the request appears to be valid.
What is social engineering?
When does it not make sense to implement a control or countermeasure?
When it costs more than the worth of the asset its protecting
What does WAN stand for and describe it.
Wide area network; a wide network of interconnected computers over a large geographical area
If an organization is not PCI compliant what can happen?
Without PCI compliancy, an organization could lose its power to process payment cards.
How are worms different than viruses?
Worms are self-contained programs that replicate themselves and send to other computers, usually using your address book. They differ from viruses in that they do not need a host program to exist. They are standalone programs.
Besides requiring encryption, what are two other things you can do to protect your wireless network?
You can use disable service set identifier broadcasting and implementing MAC address filtering.
What is a Business Continuity Plan (BCP)?
a written plan for a structured response to any events that result in an interruption to critical business activities or functions
What is the best way to mitigate the risk of malware?
back up your data regularly
What are the four most common social engineering attacks?
intimidation, name dropping, phishing, appeal for help
What does the OSI model describe?
it describes the network protocol stack and a set fo rules to describe how data is communicated over a network and network devices
What is Moore's Law
it means that the number of transistors in a circuit double every 18 months or so
What are the two types of access control?
physical and logical
What is a zero-day vulnerability?
previously unknown vulnerability in a computer application that the security staff have not had time to address or not discovered
What are two types of hijacking attacks besides the man-in-the-middle hijacking account?
session hijacking and browser hijacking. Hijacking is where an attacker takes control of a session between two machines and pretends to be one of them.
What are the four supporting mechanisms of an IT security policy?
standards, procedures, baselines, and guidelines
An audit checks the controls of the company for what 3 things?
that they are appropriate, installed correctly, and address their purpose
What is information system security?
the collection of activities that protect the information system and the data securely in it
True or False: A virus is a type of malware executable program that attaches itself to another program on your computer.
true
What three things should organizations take into account when classifying data?
value, sensitivity, criticality