Thursday, August 11, 2011

Quiz 9 Computer Security and Safety, Ethics and Privacy.

1. Define the term, computer security risks, and briefly describe the types 
of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy, 
unethical employee, cyberextortionist, and cyberterrorist. 

Computer security is a branch of computer technology known as Information Security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. 

Cybercrime Perpetrators

Hacker refers to a computer programmer who is able to create usable computer programs where none previously existed. 

Cracker is a variation of hacker , with the analogy equal to a safe cracker. Some individuals use the term cracker in an attempt to differentiate from the honorable computer programmer definition of hacker.

Script kiddy is an individual who executes computer scripts and programs written by others. Their motive is to hack a computer by using someone else’s software. Examples include password decryption programs and automated access utilities. 

Corporate Spy - have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information. 

Unethical employee - break into their employers' computer for a variety of reasons. Some simply want to exploit security weakness.


Cyberextortionist - is someone who uses e-mail as a vehicle for extortion. These perpetrator s send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization s network - if they are not paid of a sum of money.

Cyber-terrorist - a programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-terrorism.

2. Describe various types of Internet and network attacks (computer viruses, 
worms, Trojan horses, rootkits, botnets, denial of service attacks, back 
doors, and spoofing), and identify ways to safeguard against these attacks, 
including firewalls, intrusion detection software, and honeypots. 

Computer viruses - is a computer program that can copy itself and infect a computer

Worms - is a self-replicating malware computer program which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention

Trojan horses - is a destructive program that masquerades an application; the software initially appears to perform a desirable function for the user prior to installation and/or execution, but steals information or harms the system.
Rootkit - a software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications.
Botnets - is a grouped of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks usually for nefarious purposes
denial of service attacks-is an assault whose purpose is to disrupt computer access to an Internet services such as the Web or e-mail.
Backdoors - a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected.
Spoofing - the process of deception by which an individual or system alters its identity or creates additional identities, thereby causing another person or system to act incorrectly.
To take precautions against this malware: 

1. Do not start a computer with removable media in the drives or ports.
2. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.
3. Disable macros in documents that are not from a trusted source.
4. Install an antivirus program and a personal firewall.
5. Stay informed about any new virus alert or virus hoax.
6. To defend against a botnet, a denial of service attack, improper use of a back door, and spoofing, users can install a firewall, install intrusion detection software, and set up a honeypot.
3. Discuss techniques to prevent unauthorized computer access and use.

Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or illegal activities. Organizations can take measures such as implementing a written acceptable use policy (AUP), a firewall, intrusion detection software, an access control, and an audit trail. Access controls include a user name and password or passphrase, a CAPTCHA, a possessed object, and a biometric device.

4. Identify safeguards against hardware theft and vandalism.

Hardware theft is the act of stealing computer equipment. Hardware vandalism is the act of defacing or destroying computer equipment. The best preventive measures against hardware theft and vandalism are common sense and a constant awareness of the risk. Physical devices and practical security measures, such as locked doors and windows, can help protect equipment. Passwords, possessed objects, and biometrics can reduce the risk of theft or render a computer useless if it is stolen.

Most companies attempt to prevent information theft by implementing the user identification and authentication controls. These controls are best suited for protecting information on computers located on an organization's premises. Information transmitted over networks offers a higher degree of risk because unscrupulous users can intercept it during transmission. To protect information on the internet and networks, companies and individuals use a variety of encryption techniques. 



5. Explain the ways software manufacturers protect against software piracy. 

Software piracy is the unauthorized and illegal duplication of copyrighted software. To protect themselves from software piracy, manufacturers issue a license agreement and require product activation.

6. Discuss how encryption works, and explain why it is necessary 


Encryption is the process of converting readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. That is, you can store it or send it in an e - mail message. Encryption prevents information theft and unauthorized access by converting readable data into unreadable characters. To read the data, a recipient must decrypt, or decipher, it into a readable form. An encryption algorithm, or cypher, converts readable plaintext into unreadable cipher text. Encryption is used to protect information on the Internet and networks.

7. Discuss the types of devices available that protect computers from 
system failure.


Safeguards Against System Failure


To protect against electrical power variations, use a surge protector. A surge protectoruses special electrical components to provide a stable current flow to the computer and other electric equipment. For additional electrical protection, some users connect an uninterruptible power supply to the computer. An uninterruptible power supply (UPS)is a device that contains surge protection circuits and one or more batteries that can provide power during a loss of power. As another measure of protection, some companies use duplicate components or computers as a safeguard against system failure.



8. Explain the options available for backing up computer resources.


To prevent against data loss caused by a system failure or hardware/software/information theft, computer users should back up files regularly. Abackup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed. Thus, to backup a file means to a make a copy of it. In the case of a system failure or the discovery of corrupted files, you restore the files by copying the backed up files to their original location on the computer.  


9. Identify risks and safeguards associated with wireless communications.


Some safeguards that improve the security of wireless networks includes reconfiguring the wireless access point and ensuring equipment uses one or more wireless security standards such as Wi - Fi Protected Access and 802.11i. 

A wireless access point (WAP) should be configured so that it does not broadest a network name. The WAP also can be programmed so that only certain devices can access it
Wi-Fi Protected Access (WPA) is a security standard that improves on older security standards by authenticating network users and providing more advanced encryption techniques.
- An 802.11i  network, sometimes called WPA2, the most recent network security standard, conforms to the government's security standards and uses more sophisticated encryption techniques than WPA.



10. Discuss ways to prevent health-related disorders and injuries due to 
computer use.


repetitive strain injury (RSI) is an injury or disorder of the muscles, nerves, tendons, ligaments, and joints. Computer-related RSI's include tendonitis and carpal tunnel syndrome. Tendonitis is inflammation of a tendon due to some repeated motion or stress on that tendon. Carpal Tunnel Syndrome (CTS) is inflammation of the nerve that connects the forearm to the palm of the wrist. You can take many precautions to prevent these types of injuries. Take frequent breaks during the computer session to exercise your hands and arms. To prevent injury due to typing, place a wrist rest between the keyboard and the edge of your desk. To prevent injury while using a mouse, place the mouse at least six inches from the edge of the desk. In this position, your wrist is flat on the desk. Finally, minimize the number of times you switch between the mouse and the keyboard, and avoid using the heel of your hand as a pivot point while typing or using the mouse.


Another type of health related  condition due to computer usage is computer vision syndrome (CVS). You have CVS if you have sore, tired, burning, itching, or dry eyes; blurred or double vision; distance blurred vision after prolonged staring at a display device; headache or sore neck; difficulty shifting focus between a display device and documents; difficulty focusing on the screen image; color fringes or after-image when you look away from the display device; and increased sensitivity to light. 



11. Recognize issues related to information accuracy, intellectual property 
rights, codes of conduct, and green computing. 

Computer ethics govern the use of computers and information systems. Issues in computer ethics include the responsibility for information accuracy and the intellectual property rights to which creators are entitled for their works. An IT (information technology) code of conduct helps determine whether a specific computer action is ethical or unethical. Green computing reduces the electricity and environmental waste while using a computer.
 
12. Discuss issues surrounding information privacy, including electronic 
profiles, cookies, spyware and adware, spam, phishing, privacy laws, social 
engineering, employee monitoring, and content filtering. 

Information privacy is the right of individuals and companies to deny or restrict the collection and use of information about them. Issues surrounding information privacy include the following.
An electronic profile combines data about an individual's Web use with data from public sources, which then is sold.
cookie is a file that a Web server stores on a computer to collect data about the user.
Spyware is a program placed on a computer that secretly collects information about the user.
Adware is a program that displays an online advertisement in a banner or pop-up window.
Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once.
Phishing is a scam in which a perpetrator attempts to obtain personal or financial information.
The concern about privacy has led to the enactment of many federal and state laws regarding the disclosure of data. As related to the use of computers, social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others. Employee monitoring uses computers to observe, record, and review an employee's computer use. Content filtering restricts access to certain materials on the Web.

No comments:

Post a Comment