Tuesday, August 9, 2011

Quiz No. 9

Answers:

1. Define the term, computer security risks, and briefly describe the types 
of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy, 
unethical employee, cyberextortionist, and cyberterrorist. 



Computer security is a branch of computer technology known as Information Security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. 
Cybercrime Perpetrators

Hacker refers to a computer programmer who is able to create usable computer programs where none previously existed. 

Cracker is a variation of hacker , with the analogy equal to a safe cracker. Some individuals use the term cracker in an attempt to differentiate from the honorable computer programmer definition of hacker.

Script kiddy is an individual who executes computer scripts and programs written by others. Their motive is to hack a computer by using someone else’s software. Examples include password decryption programs and automated access utilities. 


Corporate Spy - have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information.

Unethical employee - break into their employers' computer for a variety of reasons. Some simply want to exploit security weakness.
Cyberextortionist - is someone who uses e-mail as a vehicle for extortion. These perpetrator s send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization s network - if they are not paid of a sum of money.

Cyber-terrorist - a programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-terrorism



2. Describe various types of Internet and network attacks (computer viruses, 
worms, Trojan horses, rootkits, botnets, denial of service attacks, back 
doors, and spoofing), and identify ways to safeguard against these attacks, 
including firewalls, intrusion detection software, and honeypots. 



A computer virus is a potentially damaging program that affects, or infects, a computer negatively by altering the way the computer works without the user's knowledge or permission. 
A worm is a program that copies itself repeatedly, using up resources and possibly shutting down the computer or network.
A Trojan horse is a program that hides within or looks like a legitimate program. 
A root kit is a program that hides in a computer and allows someone from a remote location to take full control of the computer. 
To take precautions against this malware:
1. Do not start a computer with removable media in the drives or ports. 
2. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.
3. Disable macros in documents that are not from a trusted source. 
4. Install an antivirus program and a personal firewall. 
5. Stay informed about any new virus alert or virus hoax. 
6. To defend against a botnet, a denial of service attack, improper use of a back door, and spoofing, users can install a firewall, install intrusion detection software, and set up a honeypot.


3. Discuss techniques to prevent unauthorized computer access and use 


Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or illegal activities. Organizations can take measures such as implementing a written acceptable use policy (AUP), a firewall, intrusion detection software, an access control, and an audit trail. Access controls include a user name and password or passphrase, a CAPTCHA, a possessed object, and a biometric device.

4. Identify safeguards against hardware theft and vandalism 

Hardware theft is the act of stealing computer equipment. Hardware vandalism is the act of defacing or destroying computer equipment. The best preventive measures against hardware theft and vandalism are common sense and a constant awareness of the risk. Physical devices and practical security measures, such as locked doors and windows, can help protect equipment. Passwords, possessed objects, and biometrics can reduce the risk of theft or render a computer useless if it is stolen.


5. Explain the ways software manufacturers protect against software piracy. 


Software piracy is the unauthorized and illegal duplication of copyrighted software. To protect themselves from software piracy, manufacturers issue a license agreement and require product activation.


6. Discuss how encryption works, and explain why it is necessary 


Encryption prevents information theft and unauthorized access by converting readable data into unreadable characters. To read the data, a recipient must decrypt, or decipher, it into a readable form. An encryption algorithm, or cypher, converts readable plaintext into unreadable cipher text. Encryption is used to protect information on the Internet and networks.


7. Discuss the types of devices available that protect computers from 
system failure 
A system failure is the prolonged malfunction of a computer. A common cause of system failure is an electrical power variation such as noise, an undervoltage, or an overvoltage. A surge protector, also called a surge suppressor, uses special electrical components to smooth out minor noise, provide a stable current flow, and keep an overvoltage from reaching the computer and other electronic equipment. An uninterruptible power supply (UPS) contains surge protection circuits and one or more batteries that can provide power during a temporary loss of power.


8. Explain the options available for backing up computer resources. 


A backup is a duplicate of a file, program, or disk that can be used to restore the file if the original is lost, damaged, or destroyed. Users can opt for a full backup or a selective backup. Some users implement a three-generation backup policy that preserves three copies of important files: the grandparent, the parent, and the child. Others use RAID or continuous backup. Most operating systems and backup devices include a backup program.


9. Identify risks and safeguards associated with wireless communications. 

Wireless access poses additional security risks. Intruders connect to other wireless networks to gain free Internet access or an organization's confidential data. Some individuals intercept and monitor communications as they transmit. Others connect to a network through an unsecured wireless access point (WAP), sometimes using the techniques of war driving or war flying. Some safeguards include firewalls, reconfiguring the WAP, and ensuring equipment uses a wireless security standard, such as Wi-Fi Protected Access (WPA) and 802.11i.


10. Discuss ways to prevent health-related disorders and injuries due to 
computer use. 

A computer-related repetitive strain injury (RSI) can include tendonitis and carpal tunnel syndrome (CTS). Another health-related condition is eyestrain associated with computer vision syndrome (CVS). To prevent health-related disorders, take frequent breaks, use precautionary exercises and techniques, and use ergonomics when planning the workplace. Computer addiction occurs when the computer consumes someone's entire social life.

11. Recognize issues related to information accuracy, intellectual property 
rights, codes of conduct, and green computing. 



Computer ethics govern the use of computers and information systems. Issues in computer ethics include the responsibility for information accuracy and the intellectual property rights to which creators are entitled for their works. An IT (information technology) code of conduct helps determine whether a specific computer action is ethical or unethical. Green computing reduces the electricity and environmental waste while using a computer.

12. Discuss issues surrounding information privacy, including electronic 
profiles, cookies, spyware and adware, spam, phishing, privacy laws, social 
engineering, employee monitoring, and content filtering.
 

Information privacy is the right of individuals and companies to deny or restrict the collection and use of information about them. Issues surrounding information privacy include the following. 
An electronic profile combines data about an individual's Web use with data from public sources, which then is sold. 
A cookie is a file that a Web server stores on a computer to collect data about the user. 
Spyware is a program placed on a computer that secretly collects information about the user.
Adware is a program that displays an online advertisement in a banner or pop-up window. 
Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once. 
Phishing is a scam in which a perpetrator attempts to obtain personal or financial information. 
The concern about privacy has led to the enactment of many federal and state laws regarding the disclosure of data. As related to the use of computers, social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others. Employee monitoring uses computers to observe, record, and review an employee's computer use. Content filtering restricts access to certain materials on the Web. 

Monday, August 8, 2011

Quiz No. 9

Answers:


1. Define the term, computer security risks, and briefly describe the types
of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy,
unethical employee, cyberextortionist, and cyberterrorist. 


Computer security is a branch of computer technology known as Information Security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. 
Cybercrime Perpetrators

Hacker refers to a computer programmer who is able to create usable computer programs where none previously existed. 

Cracker is a variation of hacker , with the analogy equal to a safe cracker. Some individuals use the term cracker in an attempt to differentiate from the honorable computer programmer definition of hacker.

Script kiddy is an individual who executes computer scripts and programs written by others. Their motive is to hack a computer by using someone else’s software. Examples include password decryption programs and automated access utilities. 


Corporate Spy - have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information.

Unethical employee - break into their employers' computer for a variety of reasons. Some simply want to exploit security weakness.
Cyberextortionist - is someone who uses e-mail as a vehicle for extortion. These perpetrator s send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization s network - if they are not paid of a sum of money.

Cyber-terrorist - a programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-terrorism



2. Describe various types of Internet and network attacks (computer viruses,
worms, Trojan horses, rootkits, botnets, denial of service attacks, back
doors, and spoofing), and identify ways to safeguard against these attacks,
including firewalls, intrusion detection software, and honeypots. 



A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability.
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention.
Trojan horse, or Trojan, is a destructive program that masquerades as an application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but (perhaps in addition to the expected function) steals information or harms the system. Unlike viruses or worms, Trojan horses do not replicate themselves, but they can be just as destructive.

3. Discuss techniques to prevent unauthorized computer access and use
Operating system and software patches and updates
There is no such thing as perfect software, often a software program may have several issues and could potentially have security vulnerabilities that can leave your computer open to attacks that compromise your computer and your data.
Software patches, updates, and drivers are made available, often for free, to consumers to help keep a software program and operating systems running properly and secure. If the program you're using does not have any method of checking for updates on its own it is up to you to verify the program is up-to-date. Often this can be done by visiting the web site of the developer who created the program. A listing of third-party companies and links to each of their pages can be found on our third-party support page.
  • How to update a Microsoft Windows computer.
Passwords
Make sure a password has been set on computer. Default passwords such as password, root, admin or no password will allow easy access to your computer or your Internet account.
  1. Change passwords often. It is recommended at least once every few months.
  2. Create a BIOS password.
  3. When creating a password, add numbers or other characters to the password to make it more difficult to guess; for example: 1mypassword23!.
  4. Do not use sticky notes around your computer to write down passwords. Instead use a password manager.
  5.  


Quiz No. 8

Answers:

1. Define the term, database, and explain how a database interacts with data
and information.

A database is an organized collection of data for one or more purposes, usually in digital form.
Data is collection of unprocessed items text, numbers, images,video and audio.
Information is a processed data,organized, meaningful and useful.

2. Describe file maintenance techniques (adding records, modifying records,deleting records) and validation techniques.

File Maintenance  refers to the procedures that keep data current.
Adding Records users add new records to a file when they obtain new data Disc
Modifying Records users modify a record to correct inaccurate data or update old data
Deleting Records When a record no longer is needed, a user deletes it from a file
Validation Techniques compares data with a set of rules or values to find out if the data is correct  



·                     Alphabetic/Numeric check
·                     Range check
·                     Consistency check
·                     Completeness check
·                     Check digit
·                     Other checks


3. Discuss the terms character, field, record, and file



ØField is a combination of one or more characters. It. It is the smallest unit of data user accesses
 Record is a group of related fields.
File is a collection of related records
§

4. Discuss the functions common to most database management systems:
data dictionary, file retrieval and maintenance, data security, and backup
and recovery.

Data dictionary contains data about each file in a database and each field within the files.
Backup - is the copy of the database.A log is a listing of activities that change the contents of the database. 
Recovery Utility - uses the logs and/or backups to restore the database.

5. Differentiate between a file processing approach and the database
approach.
File processing approach each department or area within organization has its own set of files.
Database approach- many programs and users share the data in a database. The database approach reduces data redundancy, improves data integrity, shares data, permits easier access, and reduces development time.A database, however, can be more complex than a file processing system, requiring special training and more computer memory, storage, and processing power. Data in a database also can be more vulnerable than data in file processing system.


6. Describe characteristics of relational, object-oriented, and
multidimensional databases.
    An object-oriented database (OODB) stores data in objects
•Object-oriented databases often use Object Query Language (OQL) to manipulate and retrieve data.

    A relational database stores data in tables that consist of rows and columns
        –Each rowhas a primary key
        –Each columnhas a unique name
        •A relationshipis a link

    A multidimensional database can store data in more than two dimensions of data
        –Can consolidate data much faster than a relational database


7. Explain how to access Web databases.
Web database  database you can access through web by filing in a form in a web page.

A Web database links to a form on a Web page. To access data in a Web database, you fill on the form or enter search text on a Web page. A Web database usually resides on a database server, which is a computer that store and provides access to a database.
 
8. Define the term, computer security risks, and briefly describe the types
of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy,
unethical employee, cyberextortionist, and cyberterrorist.


Computer security is a branch of computer technology known as Information Security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. 
Cybercrime Perpetrators

Hacker refers to a computer programmer who is able to create usable computer programs where none previously existed. 

Cracker is a variation of hacker , with the analogy equal to a safe cracker. Some individuals use the term cracker in an attempt to differentiate from the honorable computer programmer definition of hacker.

Script kiddy is an individual who executes computer scripts and programs written by others. Their motive is to hack a computer by using someone else’s software. Examples include password decryption programs and automated access utilities.

Corporate Spy - have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information.

Unethical employee - break into their employers' computer for a variety of reasons. Some simply want to exploit security weakness.
Cyberextortionist - is someone who uses e-mail as a vehicle for extortion. These perpetrator s send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization s network - if they are not paid of a sum of money.

Cyber-terrorist - a programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-terrorism


9. Identify database design guidelines and discuss the responsibilities of
database analysts and administrators.

10. Discuss techniques to prevent unauthorized computer access and use
Operating system and software patches and updates
There is no such thing as perfect software, often a software program may have several issues and could potentially have security vulnerabilities that can leave your computer open to attacks that compromise your computer and your data.
Software patches, updates, and drivers are made available, often for free, to consumers to help keep a software program and operating systems running properly and secure. If the program you're using does not have any method of checking for updates on its own it is up to you to verify the program is up-to-date. Often this can be done by visiting the web site of the developer who created the program. A listing of third-party companies and links to each of their pages can be found on our third-party support page.
·                     How to update a Microsoft Windows computer.
Passwords
Make sure a password has been set on computer. Default passwords such as password, root, admin or no password will allow easy access to your computer or your Internet account.
1.            Change passwords often. It is recommended at least once every few months.
2.            Create a BIOS password.
3.            When creating a password, add numbers or other characters to the password to make it more difficult to guess; for example: 1mypassword23!.
4.            Do not use sticky notes around your computer to write down passwords. Instead use a password manager.
·                     Complete information and links to information about computer passwords.
Get a hardware or software firewall
We highly recommend all computer users have a firewall solution. There are two ways a firewall can protect your computer and network.
1.            Hardware firewall - A hardware firewall is a hardware device that is connected to your network. Often many home users who have a home network use their network router as a firewall solution.
2.            Software firewall - A software firewall is a software program that you install on your computer that helps protect that computer from unauthorized incoming and outgoing data. Below is a listing of a few of the more widely used software firewall programs.
Agnitum Outpost Firewall
BlackICE PC Protection
Kerio Personal Firewall
Sygate Firewall
Tiny software Tiny Personal Firewall
Network Associates
Zone Labs Zone Alarm
Note: A software firewall is only going to protect the computer that has the firewall installed on it.
In addition to the above listed firewall software programs many of the antivirus scanners released today also include their own version of a firewall program. If you have an antivirus scanner that also has a firewall program you do not need to worry about getting one of the above programs or another third-party firewall program.
·                     How to enable or disable the Microsoft Windows firewall.
Trojans, viruses, spyware, and other malware
Software Trojans, viruses, spyware, and other malware can not only damage or destroy your computer data Internet or even log all your keystrokes to capture sensitive data such as passwords and credit card information. but is also capable of monitoring your computer to learn more about your viewing habits on the
To help protect your computer from these threats we suggest installing a virus protection program as well as a spyware protection program.
·                     What are the current available antivirus programs?
·                     My web browser has been hijacked.
Know how to handle e-mails
Today, e-mail is one of the most popular features on the Internet. Being able to identify threats sent through e-mail can help keep your computer and your personal information safe. Below are some of the most common threats you may encounter while using e-mail.
·                     Attachments - Never open or run e-mail attachments. Viruses, spyware, and other malware are commonly distributed through e-mails that have attachments. For example, an e-mail may want you to open an attachment of a funny video, when it's actually a virus.
·                     Phishing - Phishing or an e-mail phish is an e-mail that appears to be from an official company (such as your bank) indicating you need to log onto the site to check your account settings. However, the e-mails are actually sites setup to steal confidential information such as your passwords, credit card information, social security information, etc. See the phishing definition for additional information about this term as well as examples of these e-mails.
Alternative browser
Before the release of Microsoft Windows XP SP2 and Internet Explorer 7.0, Microsoft Internet Explorer was notorious for security and spyware related issues. Although it has improved since then we still highly recommend considering an alternative browser such as Mozilla Firefox.
Run system scans to check for vulnerabilities
There are several sites on the Internet that allow users to check their computers for potential threats or issues their network or computer may have that can allow users unauthorized access to their computer. Below are a listing of recommend sites to try:



Gibson Research Corporation - The Gibson Research Corporation, or GRC, is a great location to learn about network security as well as well as test your computer or network for vulnerabilities.


Hacker Wacker - Another great site with computer security related information, help, and programs to help test your computer and network.