Chapter 2

Question 1

Name and explain 5 threats to information security:

Answer 1

1- Human Error: acts performed without malicious intent

2- Espionage or Trespass: Access of protected information by unauthorized individuals.

3- Forces of Nature.

4- Social Engineering: using social skills to convince people to reveal valuable information to the attacker.

5- Software Attacks.

Question 2

Name 5 Espionage/Trespass methods:

Answer 2

1- Shoulder surfing.
2- Expert hackers.
3- Unskilled hackers.
4- Cracker: removes software protection designed to prevent unauthorized duplication.
5- Phreaker: hacks the public telephone system.

Question 3

What are some Social engineering tricks?

Answer 3

1- Advance-fee scam
2- Phishing attack

Question 4

Name and explain 6 methods of Software Attacks:

Answer 4

1- Computer virus: software that self-replicates and attaches to other files/programs (Can execute secretly).

2- Trojan Horses: a non-replicating program that appears legitimate. After gaining the trust, it secretly performs malicious and illicit activities when executed. (hard to detect!).

3- DoS: An attacker sends many connection or information requests to a target to overload the system.

4- DDoS: Same as a “Dos”, but is launched from many different devices in different locations, making it hard to track.

5- IP spoofing: gaining unauthorized access by assuming a trusted IP address.

6- Worm: a self-replicating program that automatically executes itself.

7- Ransomware: encrypting a user’s data and demanding a ransom to decrypt it.