Chapter 19

Question 1

Which of the following factors is thought to have been at work during the Target security breach?

Notifications from security software were ignored.

Answer 1

Target’s security software could have automatically deleted detected malware, but this function was turned off, Malicious code was disguised by using the name of a legitimate software product, The database for credit card transactions wasn’t sufficiently isolated from other parts of the system; Security software notification went off shortly after unauthorized software began collecting data inside Target’s network, but Target ignored the warning. While the area where credit card transactions are processed is supposed to be walled off from other areas of the Target network, hackers found holes and eventually nestled their code in a sweet spot for grabbing customer data, disguising the code with the label “BladeLogic” the name of a legitimate data center management product. The firm’s security software has an option to automatically delete malware as it’s detected but Target’s security team had turned that function off.

Question 2

Although the attack on Target was one of the largest credit card breaches in U.S. business history, the software that executed the attack was not considered to be especially sophisticated. (T/F)

Answer 2

True; The malware used to breach Target was described by one security expert as “absolutely unsophisticated and uninteresting.”

Question 3

Which of the following is a valid observation regarding information security?

Answer 3

Information security isn’t just a technology problem; Information security isn’t just a technology problem; a host of personnel and procedural factors can create and amplify a firm’s vulnerability.

Question 4

_____ are hordes of surreptitiously infiltrated computers linked and controlled remotely, and are also known as zombie networks.

Answer 4

Botnets; Botnets of zombie computers are networks of infiltrated and compromised machines controlled by a central command and are used for all sorts of nefarious activities.

Question 5

An attack in which a firm’s computer systems are flooded with thousands of seemingly legitimate requests, the sheer volume of which will slow or shut down the site, is known as:

Answer 5

distributed denial of service; DDoS (distributed denial of service) attacks involve effectively shutting down websites by overwhelming them with a crushing load of seemingly legitimate requests sent simultaneously by thousands of machines

Question 6

_____ refer to protesters seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage.

Answer 6

Hacktivists; Hacktivists are protesters seeking to make a political point by leveraging technology tools, often through system infiltration, defacement, or damage. They target firms, Web sites, or even users as a protest measure.

Question 7

Stuxnet showed that with computers at the heart of so many systems, it’s now possible to destroy critical infrastructure without firing a shot.

Answer 7

True; Stuxnet showed that with computers at the heart of so many systems, it’s now possible to destroy critical infrastructure without firing a shot.

Stuxnet is an act of cyberwarfare which is suspected to have been launched by either U.S. or Israeli intelligence (or both).

Stuxnet infiltrated Iranian nuclear facilities and reprogramed the industrial control software operating hundreds of uranium-enriching centrifuges.

Question 8

Edward Snowden is:

Answer 8

a U.S. government contractor thought whistle-blower by many, who released (in violation of U.S. law) secret documents exposing state-run surveillance networks; Former CIA employee and NSA contractor, Edward Snowden, gathered over 1.7 million digital documents from U.S., British, and Australian agencies and began leaking them to the press. The Snowden disclosures revealed that several U.S. government agencies, including the NSA and FBI, had data-monitoring efforts far more pervasive than many realized.

Question 9

Why have U.S. technology firms complained that U.S. government surveillance techniques put them at a disadvantage relative to foreign firms?

Answer 9

U.S. firms complain that the actions of surveillance agencies have put them at a disadvantage by damaging their reputation; U.S. technology firms have complained that the actions of surveillance agencies have put them at a disadvantage, with customers looking for alternatives free of the tarnished perception of having (complicity or unwittingly) provided private information to authorities.

Question 10

A white hat hacker looks for weaknesses in security mechanisms, with a view to help plug the holes that might be exploited by cyber-criminals. (T/F)

Answer 10

True; White hats are the good guys who probe for weaknesses, but don’t exploit them. Instead, they share their knowledge in hopes that the holes they’ve found will be plugged and security will be improved. Many firms hire consultants to conduct “white hat” hacking expeditions on their own assets as part of their auditing and security process. “Black hats” are the bad guys.

Question 11

Con games that trick employees into revealing information or performing other tasks that compromise a firm are known as _____ in security circles.

Answer 11

social engineering; Con games that trick employees into revealing information or performing other tasks that compromise a firm are known as social engineering in security circles.

Question 12

Cons executed through technology and that often try to leverage the reputation of a trusted firm or friend to trick the victim into performing an action or revealing information constitute:

Answer 12

phishing; Phishing refers to cons executed through technology. Many have masqueraded as a security alert from a bank or e-commerce site, a message from an employer, or even a notice from the government. Sophisticated con artists will lift logos, mimic standard layouts, and copy official language from legitimate websites or prior e-mails.

Question 13

The term _____________ refers to forging or disguising the origin or identity.

Answer 13

spoof; Spoofed is a term used in security to refer to forging or disguising the origin or identity. It’s possible that the e-mail address has been spoofed (faked) or that it was sent via a colleague’s compromised account.

Question 14

Two-factor or multi-factor authentication systems can slow consumers down, leading to consumer annoyance and dissatisfaction. (T/F)

Answer 14

True; For most consumer applications, slowing down users with a two-factor or multi-factor authentication system would be an impractical mandate.

Question 15

The phrase __________________ refers to security schemes that automatically send one-time use representations of a credit card which can be received and processed by banking and transaction firms at the time of payment. They are used in Apple Pay and Android Pay.

Answer 15

tokenization; A scheme called tokenization sends one-time use representations of a credit card over the Internet. While these tokens will buy your stuff, if stolen then can’t be reused by bad guys.

Question 16

Exploits that attempt to infiltrate a computer system by masquerading as something that they are not are called:

Answer 16

trojans; Trojans are exploits that, like the mythical Trojan Horse, try to sneak in by masquerading as something they’re not. The payload is released when the user is duped into downloading and installing the malware cargo, oftentimes via phishing exploits.

Question 17

The key difference between viruses and worms is that:

Answer 17

worms do not need an executable to spread, unlike viruses; Viruses infect other software and files and require an executable (running program) to spread, attaching to other executables. Worms exploit security vulnerability to automatically spread, but do not need an executable.

Question 18

Keyloggers spyware can be either software-based or hardware-based. (T/F)

Answer 18

True; Keylogger is a type of spyware that records user keystrokes. Keyloggers can be either software-based or hardware-based, such as a recording “dongle” that is plugged in between a keyboard and a PC.

Question 19

_______________ is an example of an exploit in which hackers target security vulnerabilities caused by software developers not validating user input.

Answer 19

SQL injection technique; Some exploits, like the SQL injection technique, directly target poorly designed and programmed websites, zeroing in on a sloppy programming practice where software developers don’t validate user input.

Question 20

One way to enhance security against malware on smartphones is to modify the phone to work off network. (T/F)

Answer 20

False; Most smartphones have layers of security to block the spread of malware, so hackers typically hunt for the weakest victims. Easy marks include “jail-broken” iPhones, devices with warranty-voiding modifications in which security restrictions are overridden to allow phones to be used off-network, and for the installation of unsanctioned applications.

Question 21

VPN software should only be used on an organization’s internal network. Never use VPN software on a public wireless network, as this could give hackers an entryway from your computer into your organization’s secure network (T/F)

Answer 21

False; Public wireless connections pose significant security threats. The use of VPN (virtual private network) software can reduce threats by making Internet transmissions unreadable if they are intercepted. VPN networks use encryption to scramble data, making it difficult for hackers to access.

Question 22

One of the physical threats hackers use, sifting through trash searching for valuable data, is called__________________.

Answer 22

dumpster diving; Anything valuable that reaches the trash in a recoverable state is also a potential security breach. Hackers and spies sometimes practice dumpster diving, sifting through trash in an effort to uncover valuable data or insights that can be stolen or used to launch a security attack.

Question 23

Public key encryption is considered far weaker than private key encryption, so most websites avoid using public key systems. (T/F)

Answer 23

False; Most websites that deal with financial transactions (e.g., banks, online stores) secure transmissions using a method called public key encryption. The system works with two keys-a public key and a private key. The public key can “lock” or encrypt data, but it can’t unlock it: that can only be performed by the private key. So a website that wants you to transmit secure information will send you a public key-you use this to lock the data, and no one that intercepts that transmission can break in unless they’ve got the private key. If the website does its job, it will keep the private key out of reach of all potentially prying eyes.

Question 24

The encryption math behind OpenSSL is so solid and would require such an extensive amount of computing power to execute a brute-force attack, that OpenSSL had (as of the writing of the textbook) never been compromised. (T/F)

Answer 24

False; While encryption math is quite strong, that does not mean that all software using this math can’t have other bugs that create vulnerabilities. The Heartbleed bug, a weakness in the OpenSSL security software, may have created a vulnerability in software used by two-thirds of Web sites and which is embedded into all sorts of Internet-connected products.

Question 25

_____ are attacks that are so new that they haven’t been clearly identified, and so they haven’t made it into security screening systems.

Answer 25

Zero-day exploits; Zero-day exploits are attacks that are so new that they haven’t been clearly identified, and so they haven’t made it into security screening systems.

Question 26

Which of the following is a precaution a user can take against hacking?

Answer 26

Stay Update,
Stay Vigilant, Stay armed, Surf smart; Surf smart. Think before you click—question links, enclosures, download requests, and the integrity of websites that you visit. Stay vigilant. Social engineering con artists and rogue insiders are out there. An appropriate level of questioning applies not only to computer use, but also to personal interactions, be it in person, on the phone, or electronically. Stay updated. Turn on software update features for your operating system and any application you use (browsers, applications, plug-ins, and applets), and manually check for updates when needed. Stay armed. Install a full suite of security software.

Question 27

Students are discouraged from using over-the-Internet backup services since these are known sources for security vulnerability. (T/F)

Answer 27

False; The most likely threat to your data doesn’t come from hackers; it comes from hardware failure. Yet most users still don’t regularly back up their systems. Internet backup services can provide off-site storage and access if disaster strikes.

Question 28

The ______________ framework represents a series of standards for best practices in implementing, maintaining and improving organizational security.

Answer 28

ISO 27000; There are several frameworks, but perhaps the best known of these efforts comes from the International Organization for Standards (ISO), and is broadly referred to as ISO27k or the ISO 27000 series. According to ISO.org, this evolving set of standards provides “a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System.”

Question 29

A best practice for information security is to stay with mandated security regulations requirements. (T/F)

Answer 29

False; Companies should approach information security as a part of their “collective corporate responsibility‚Ķregardless of whether regulation requires them to do so.”

Question 30

A security tool that is deployed by firms as a phony target to lure or distract attackers and gain information about them is known as a:

Answer 30

honeypot; Some firms deploy honeypots‚Äîbogus offerings meant to distract attackers. If attackers take the honeypot bait, firms may gain an opportunity to recognize the hacker’s exploits, identify the IP address of intrusion, and take action to block further attacks and alert authorities.

Question 31

Programs that use _____ are highly restrictive, permitting communication only with pre-approved entities.

Answer 31

whitelists; Whitelists are highly restrictive security tools that permit communication only with approved entities like specific IP addresses, products, and Internet domains in an approved manner.

Question 32

Malware _____ are a sort of electronic fingerprint often used to recognize malicious code.

Answer 32

signatures; The malware signature is a sort of electronic fingerprint often used to recognize malicious code. Recent malware has become polymorphic, meaning different versions are created and deployed in a way that their signature is slightly altered.