Thursday, August 11, 2011

Quiz 9 Computer Security and Safety, Ethics and Privacy.

1. Define the term, computer security risks, and briefly describe the types 
of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy, 
unethical employee, cyberextortionist, and cyberterrorist. 

Computer security is a branch of computer technology known as Information Security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. 

Cybercrime Perpetrators

Hacker refers to a computer programmer who is able to create usable computer programs where none previously existed. 

Cracker is a variation of hacker , with the analogy equal to a safe cracker. Some individuals use the term cracker in an attempt to differentiate from the honorable computer programmer definition of hacker.

Script kiddy is an individual who executes computer scripts and programs written by others. Their motive is to hack a computer by using someone else’s software. Examples include password decryption programs and automated access utilities. 

Corporate Spy - have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information. 

Unethical employee - break into their employers' computer for a variety of reasons. Some simply want to exploit security weakness.


Cyberextortionist - is someone who uses e-mail as a vehicle for extortion. These perpetrator s send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization s network - if they are not paid of a sum of money.

Cyber-terrorist - a programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-terrorism.

2. Describe various types of Internet and network attacks (computer viruses, 
worms, Trojan horses, rootkits, botnets, denial of service attacks, back 
doors, and spoofing), and identify ways to safeguard against these attacks, 
including firewalls, intrusion detection software, and honeypots. 

Computer viruses - is a computer program that can copy itself and infect a computer

Worms - is a self-replicating malware computer program which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention

Trojan horses - is a destructive program that masquerades an application; the software initially appears to perform a desirable function for the user prior to installation and/or execution, but steals information or harms the system.
Rootkit - a software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications.
Botnets - is a grouped of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks usually for nefarious purposes
denial of service attacks-is an assault whose purpose is to disrupt computer access to an Internet services such as the Web or e-mail.
Backdoors - a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected.
Spoofing - the process of deception by which an individual or system alters its identity or creates additional identities, thereby causing another person or system to act incorrectly.
To take precautions against this malware: 

1. Do not start a computer with removable media in the drives or ports.
2. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.
3. Disable macros in documents that are not from a trusted source.
4. Install an antivirus program and a personal firewall.
5. Stay informed about any new virus alert or virus hoax.
6. To defend against a botnet, a denial of service attack, improper use of a back door, and spoofing, users can install a firewall, install intrusion detection software, and set up a honeypot.
3. Discuss techniques to prevent unauthorized computer access and use.

Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or illegal activities. Organizations can take measures such as implementing a written acceptable use policy (AUP), a firewall, intrusion detection software, an access control, and an audit trail. Access controls include a user name and password or passphrase, a CAPTCHA, a possessed object, and a biometric device.

4. Identify safeguards against hardware theft and vandalism.

Hardware theft is the act of stealing computer equipment. Hardware vandalism is the act of defacing or destroying computer equipment. The best preventive measures against hardware theft and vandalism are common sense and a constant awareness of the risk. Physical devices and practical security measures, such as locked doors and windows, can help protect equipment. Passwords, possessed objects, and biometrics can reduce the risk of theft or render a computer useless if it is stolen.

Most companies attempt to prevent information theft by implementing the user identification and authentication controls. These controls are best suited for protecting information on computers located on an organization's premises. Information transmitted over networks offers a higher degree of risk because unscrupulous users can intercept it during transmission. To protect information on the internet and networks, companies and individuals use a variety of encryption techniques. 



5. Explain the ways software manufacturers protect against software piracy. 

Software piracy is the unauthorized and illegal duplication of copyrighted software. To protect themselves from software piracy, manufacturers issue a license agreement and require product activation.

6. Discuss how encryption works, and explain why it is necessary 


Encryption is the process of converting readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. That is, you can store it or send it in an e - mail message. Encryption prevents information theft and unauthorized access by converting readable data into unreadable characters. To read the data, a recipient must decrypt, or decipher, it into a readable form. An encryption algorithm, or cypher, converts readable plaintext into unreadable cipher text. Encryption is used to protect information on the Internet and networks.

7. Discuss the types of devices available that protect computers from 
system failure.


Safeguards Against System Failure


To protect against electrical power variations, use a surge protector. A surge protectoruses special electrical components to provide a stable current flow to the computer and other electric equipment. For additional electrical protection, some users connect an uninterruptible power supply to the computer. An uninterruptible power supply (UPS)is a device that contains surge protection circuits and one or more batteries that can provide power during a loss of power. As another measure of protection, some companies use duplicate components or computers as a safeguard against system failure.



8. Explain the options available for backing up computer resources.


To prevent against data loss caused by a system failure or hardware/software/information theft, computer users should back up files regularly. Abackup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed. Thus, to backup a file means to a make a copy of it. In the case of a system failure or the discovery of corrupted files, you restore the files by copying the backed up files to their original location on the computer.  


9. Identify risks and safeguards associated with wireless communications.


Some safeguards that improve the security of wireless networks includes reconfiguring the wireless access point and ensuring equipment uses one or more wireless security standards such as Wi - Fi Protected Access and 802.11i. 

A wireless access point (WAP) should be configured so that it does not broadest a network name. The WAP also can be programmed so that only certain devices can access it
Wi-Fi Protected Access (WPA) is a security standard that improves on older security standards by authenticating network users and providing more advanced encryption techniques.
- An 802.11i  network, sometimes called WPA2, the most recent network security standard, conforms to the government's security standards and uses more sophisticated encryption techniques than WPA.



10. Discuss ways to prevent health-related disorders and injuries due to 
computer use.


repetitive strain injury (RSI) is an injury or disorder of the muscles, nerves, tendons, ligaments, and joints. Computer-related RSI's include tendonitis and carpal tunnel syndrome. Tendonitis is inflammation of a tendon due to some repeated motion or stress on that tendon. Carpal Tunnel Syndrome (CTS) is inflammation of the nerve that connects the forearm to the palm of the wrist. You can take many precautions to prevent these types of injuries. Take frequent breaks during the computer session to exercise your hands and arms. To prevent injury due to typing, place a wrist rest between the keyboard and the edge of your desk. To prevent injury while using a mouse, place the mouse at least six inches from the edge of the desk. In this position, your wrist is flat on the desk. Finally, minimize the number of times you switch between the mouse and the keyboard, and avoid using the heel of your hand as a pivot point while typing or using the mouse.


Another type of health related  condition due to computer usage is computer vision syndrome (CVS). You have CVS if you have sore, tired, burning, itching, or dry eyes; blurred or double vision; distance blurred vision after prolonged staring at a display device; headache or sore neck; difficulty shifting focus between a display device and documents; difficulty focusing on the screen image; color fringes or after-image when you look away from the display device; and increased sensitivity to light. 



11. Recognize issues related to information accuracy, intellectual property 
rights, codes of conduct, and green computing. 

Computer ethics govern the use of computers and information systems. Issues in computer ethics include the responsibility for information accuracy and the intellectual property rights to which creators are entitled for their works. An IT (information technology) code of conduct helps determine whether a specific computer action is ethical or unethical. Green computing reduces the electricity and environmental waste while using a computer.
 
12. Discuss issues surrounding information privacy, including electronic 
profiles, cookies, spyware and adware, spam, phishing, privacy laws, social 
engineering, employee monitoring, and content filtering. 

Information privacy is the right of individuals and companies to deny or restrict the collection and use of information about them. Issues surrounding information privacy include the following.
An electronic profile combines data about an individual's Web use with data from public sources, which then is sold.
cookie is a file that a Web server stores on a computer to collect data about the user.
Spyware is a program placed on a computer that secretly collects information about the user.
Adware is a program that displays an online advertisement in a banner or pop-up window.
Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once.
Phishing is a scam in which a perpetrator attempts to obtain personal or financial information.
The concern about privacy has led to the enactment of many federal and state laws regarding the disclosure of data. As related to the use of computers, social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others. Employee monitoring uses computers to observe, record, and review an employee's computer use. Content filtering restricts access to certain materials on the Web.

Monday, August 1, 2011

Quiz 8

1.Define the term, database, and explain how a database interacts with data and information.
        .A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model relevant aspects of reality (for example, the availability of rooms in hotels), in a way that supports processes requiring this information (for example, finding a hotel with vacancies). The term "database" refers both to the way its users view it, and to the logical and physical materialization of its data, content, in files, computer memory, and computer data storage. This definition is very general, and is independent of the technology used. However, not every collection of data is a database; the term database implies that the data is managed to some level of quality (measured in terms of accuracy, availability, usability, and resilience) and this in turn often implies the use of a general-purpose Database management system (DBMS). A general-purpose DBMS is typically a complex software system that meets many usage requirements, and the databases that it maintains are often large and complex. The term database is correctly applied to the data and data structures, and not to the DBMS which is a software system used to manage the data. The structure of a database is generally too complex to be handled without its DBMS, and any attempt to do otherwise is very likely to result in database corruption. DBMSs are packaged as computer software products: well-known and highly utilized products include the Oracle DBMS, Access and SQL Server from Microsoft, DB2 from IBM and the Open source DBMS MySQL. Each such DBMS product currently supports many thousands of databases all over the world. The stored data in a database is not generally portable across different DBMS, but can inter-operate to some degree (while each DBMS type controls a database of its own database type) using standards like SQL and ODBC.
2.Describe file maintenance techniques (adding records, modifying records,deleting records) and validation techniques.
         . File maintenance refers to the procedures that keep data current. File maintenance procedures include adding records to correct inaccurate data or to update old data with new data, and deleting records when they no longer are needed,modifying records, serial records often need to be modified because serial publications exhibit changes that affect their bibliographic elements. Correspondingly, record modifications have consistently represented over one-half of the transactions on the CONSER database in recent years. These activities run the gamut from those that significantly increase the scope of a bibliographic record to more minor modifications that are added for specific needs.
         . Validation is the process of comparing data with a set of rules or values to find out if the data is correct. Many programs perform a validity check that analyzes data, either as you enter it or after you enter it, to help ensure that it is correct. Types of validity checks include an alphabetic check, a numeric check, a range check, a consistency check, a completeness check, and a check digit.
3. Discuss the terms character, field, record, and file:
          .In computer and machine-based telecommunications terminology, a character is a unit of information that roughly corresponds to a grapheme, grapheme-like unit, or symbol, such as in an alphabet or syllabary in the written form of a natural language.
         .field,is an open-source software project initiated by OpenEnded Group, for the creation of their digital artworks. It is an environment for writing code to rapidly and experimentally assemble and explore algorithmic systems. It is visual, it is hybrid, it is code-based. We think that it has something to offer a diverse range of programmers and artists.
        .record,an item or collection of data.
        .file,is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished. Computer files can be considered as the modern counterpart of paper documents which traditionally are kept in offices' and libraries' files, and this is the source of the term.
4.Discuss the functions common to most database management systems:data dictionary, file retrieval and maintenance, data security, and backup and recovery.
Tingnan ang buong laki ng larawan   :.data dictionaryor metadata repository, as defined in the IBM Dictionary of Computing, is a "centralized repository of information about data such as meaning, relationships to other data, origin, usage, and format." The term "may have one of several closely related meanings pertaining to databases and database management systems (DBMS):
      .file retrieval and maintenance:
Tingnan ang buong laki ng larawan
Procedure that keeps computer files current by applying all necessary transactions (adjustments) against the file. A file maintenance procedure must be performed prior to generating any output, such as labels, reports, or list rental selections, from the file. Transactions include changes of address, addition and deletion of records, application of payments to credit orders, and so forth. In on-line systems, file maintenance is performed continuously. In batch systems, it is scheduled according to the frequency with which output must be generated.
     Backup - is the copy of the database.A log is a listing of activities that change the contents of the database. 


Recovery Utility - uses the logs and/or backups to restore the database.


5. Differentiate between a file processing approach and the database
approach.

File processing approach - each department or area within an organization has its own set of data files.Two major weaknesses of file processing systems are redundant data and isolated data.



Database approach- many programs and users share the data in a database. The database approach reduces data redundancy, improves data integrity, shares data, permits easier access, and reduces development time.A database, however, can be more complex than a file processing system, requiring special training and more computer memory, storage, and processing power. Data in a database also can be more vulnerable than data in file processing system.


6. Describe characteristics of relational, object-oriented, and
multidimensional databases
.


Relational database-stores data in tables that consists of rows and columns. Each row has a primary key and each column has a unique name.

Object-oriented database (OODB) - stores data in objects;often use an object query language to manipulate and retrieve data.

Multidimensional database-stores data in dimensions;allows users to access and analyze any view of the database data and no standard query language exists.


7. Explain how to access Web databases.
Web database links to a form on a Web page. To access data in a Web database, you fill on the form or enter search text on a Web page. A Web database usually resides on a database server, which is a computer that store and provides access to a database.

 
8. Define the term, computer security risks, and briefly describe the types
of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy,
unethical employee, cyberextortionist, and cyberterrorist.

Computer security is a branch of computer technology known as Information Security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users.

Cybercrime Perpetrators

Hacker refers to a computer programmer who is able to create usable computer programs where none previously existed. 


Cracker is a variation of hacker , with the analogy equal to a safe cracker. Some individuals use the term cracker in an attempt to differentiate from the honorable computer programmer definition of hacker.


Script kiddy is an individual who executes computer scripts and programs written by others. Their motive is to hack a computer by using someone else’s software. Examples include password decryption programs and automated access utilities.


Corporate Spy - have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information.


Unethical employee - break into their employers' computer for a variety of reasons. Some simply want to exploit security weakness.
Cyberextortionist - is someone who uses e-mail as a vehicle for extortion. These perpetrator s send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization s network - if they are not paid of a sum of money.

Cyber-terrorist - a programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-terrorism.


 9. Identify database design guidelines and discuss the responsibilities of
database analysts and administrators.


Database Analysts and Database Administrators are responsible for managing and coordinating all database activities.

Database Analysts (DA) - focuses on the meaning and usage of data. The DA decides on the placement of fields, defines the relationships among data, and identifies user's access privilege.

Database Administrators (DBA) requires a more technical inside view of the data. The DBA creates and maintains the data dictionary, manages data security, monitors database performance, and checks backup and recovery procedures. 

10. Discuss techniques to prevent unauthorized computer access and use

Operating system and software patches and updates
There is no such thing as perfect software, often a software program may have several issues and could potentially have security vulnerabilities that can leave your computer open to attacks that compromise your computer and your data.
Software patches, updates, and drivers are made available, often for free, to consumers to help keep a software program and operating systems running properly and secure. If the program you're using does not have any method of checking for updates on its own it is up to you to verify the program is up-to-date. Often this can be done by visiting the web site of the developer who created the program. A listing of third-party companies and links to each of their pages can be found on our third-party support page.
  • How to update a Microsoft Windows computer.
Passwords
Make sure a password has been set on computer. Default passwords such as password, root, admin or no password will allow easy access to your computer or your Internet account.Change passwords often. It is recommended at least once every few months.
  1. Create a BIOS password.
  2. When creating a password, add numbers or other characters to the password to make it more difficult to guess; for example: 1mypassword23!.
  3. Do not use sticky notes around your computer to write down passwords. Instead use a password manager.
  • Complete information and links to information about computer passwords.
Get a hardware or software firewall
We highly recommend all computer users have a firewall solution. There are two ways a firewall can protect your computer and network.
  1. Hardware firewall - A hardware firewall is a hardware device that is connected to your network. Often many home users who have a home network use their network router as a firewall solution.
  2. Software firewall - A software firewall is a software program that you install on your computer that helps protect that computer from unauthorized incoming and outgoing data. Below is a listing of a few of the more widely used software firewall programs.
Agnitum Outpost Firewall
BlackICE PC Protection
Kerio Personal Firewall
Sygate Firewall
Tiny software Tiny Personal Firewall
Network Associates
Zone Labs Zone Alarm
Note: A software firewall is only going to protect the computer that has the firewall installed on it.
In addition to the above listed firewall software programs many of the antivirus scanners released today also include their own version of a firewall program. If you have an antivirus scanner that also has a firewall program you do not need to worry about getting one of the above programs or another third-party firewall program.
  • How to enable or disable the Microsoft Windows firewall.
Trojans, viruses, spyware, and other malware
Software Trojans, viruses, spyware, and other malware can not only damage or destroy your computer data Internet or even log all your keystrokes to capture sensitive data such as passwords and credit card information. but is also capable of monitoring your computer to learn more about your viewing habits on the
To help protect your computer from these threats we suggest installing a virus protection program as well as a spyware protection program.
  • What are the current available antivirus programs?
  • My web browser has been hijacked.
Know how to handle e-mails
Today, e-mail is one of the most popular features on the Internet. Being able to identify threats sent through e-mail can help keep your computer and your personal information safe. Below are some of the most common threats you may encounter while using e-mail.
  • Attachments - Never open or run e-mail attachments. Viruses, spyware, and other malware are commonly distributed through e-mails that have attachments. For example, an e-mail may want you to open an attachment of a funny video, when it's actually a virus.
  • Phishing - Phishing or an e-mail phish is an e-mail that appears to be from an official company (such as your bank) indicating you need to log onto the site to check your account settings. However, the e-mails are actually sites setup to steal confidential information such as your passwords, credit card information, social security information, etc. See the phishing definition for additional information about this term as well as examples of these e-mails.
Alternative browser
Before the release of Microsoft Windows XP SP2 and Internet Explorer 7.0, Microsoft Internet Explorer was notorious for security and spyware related issues. Although it has improved since then we still highly recommend considering an alternative browser such as Mozilla Firefox.
Run system scans to check for vulnerabilities
There are several sites on the Internet that allow users to check their computers for potential threats or issues their network or computer may have that can allow users unauthorized access to their computer. Below are a listing of recommend sites to try:

Gibson Research Corporation - The Gibson Research Corporation, or GRC, is a great location to learn about network security as well as well as test your computer or network for vulnerabilities.
Hacker Wacker - Another great site with computer security related information, help, and programs to help test your computer and network.