CISS 120 Chapter 1
What is spyware?
A spyware program sends information from the infected computer to the person who initiated the spyware program on your computer. This information could be confidential financial data, passwords, PINs—just about any data stored on your computer. You need to make sure your users understand that this information collection is possible, and that spyware programs can register each keystroke entered. It's that simple. This type of technology not only exists, but is prevalent. It can be used to record and send everything a user enters to an unknown person located halfway around the world.
Why is "attach" a key word when talking about viruses?
A virus does not stand on its own. It can't replicate itself or operate without the presence of a host program. A virus attaches itself to a host program, just as the flu attaches itself to a host organism.
___________ is defined as securing a stand-alone computer that's not part of a network infrastructure.
Computer security
A ____ attack prevents legitimate users from accessing network resources.
DoS
Malware programs cannot be detected by antivirus programs.
False
IDS stands for ____.
Intrusion Detection System
__________ is malicious software, such as a virus,worm, or Trojan program, introduced to a network for just that reason.
Malware
PKI stands for ____.
Public Key Infrastructure
Antivirus software compares ____________________ of known viruses against the files on the computer; if there's a match, the software warns you that the program or file is infected.
SIGNATURES Correct Answer: signatures programming code
____ is a remote control program.
Symantec pcAnywhere
What is the difference between spyware and adware?
The difference between spyware and adware is a fine line. Both programs can be installed without the user being aware of their presence. Adware, however, sometimes displays a banner that notifies the user of its presence. Adware's main purpose is to determine a user's purchasing habits so that Web browsers can display advertisements tailored to that user. The biggest problem with adware is that it slows down the computer it's running on.
Describe an example of a macro virus.
The most infamous macro virus is Melissa, which appeared in 1999. The virus was initiated after a user opened an infected document; the virus then sent an e-mail message to the first 50 entries it located in the infected computer's address book.
What is the most important recommendation that should be made to a client to help prevent viruses from being introduced into corporate networks?
To help prevent viruses from being introduced into corporate networks, the most important recommendation you should make to a client is to update virus signature files as soon as they're available from the vendor. Most antivirus software does this automatically or prompts the user to do so. An organization can't depend on employee vigilance to protect its systems, so centralizing all antivirus software updates from a corporate server is prudent.
Software keyloggers behave like ____ and are loaded on a computer.
Trojan programs
The most effective approach to protect a network from malware being introduced is to conduct structured training of all employees and management.
True
In a ____ attack, a programmer finds a vulnerability in poorly written code that doesn't check for a defined amount of memory space use.
buffer overflow
Malware programs cannot be detected by antivirus programs.
buffer overflow
A(n) ____________________ is a virus encoded as a macro in programs that support a macro programming language, such as Visual Basic for Applications (VBA).
macro virus
A ____ is created after an attack and usually hides itself within the OS tools, so it's almost impossible to detect.
rootkit
Trojan Programs can install a backdoor or ____ on a computer.
rootkit
To represent 0 to 63 characters you need only ____ bits
six
A ____ can replicate itself, usually through an executable program attached to an e-mail.
virus
What is a DDoS attack?
A distributed denial-of-service (DDoS) attack is launched against a host from multiple servers or workstations. In a DDoS attack, a network could be flooded with literally billions of packets; typically, each participant in the attack contributes only a few of the total number of packets. If one server bombards an attacked server with hundreds or even thousands of packets, available network bandwidth could drop to the point that legitimate users notice a performance degradation or loss of speed. Now imagine 1000 servers or even 10,000 servers involved, with each server sending several thousand IP packets to the attacked server. There you have it: a DDoS attack. Keep in mind that participants in the attack often aren't aware their computers are taking part in the attack. They, too, have been attacked by the culprit. In fact, in one DDoS attack, a company was flooded with IP packets from thousands of Internet routers and Web servers belonging to Yahoo.com.
What types of ports do successful Trojan programs commonly use?
A good software or hardware firewall would most likely identify traffic that's using unfamiliar ports, but Trojan programs that use common ports, such as TCP port 80 (HTTP) or UDP port 53 (DNS), are more difficult to detect. The programmer who wrote Backdoor.Slackbot.B controlled a computer by using Internet Relay Chat (IRC), which is on port 6667
