CHAPTER 3: AUDITING OPERATING SYSTEMS AND NETWORKS Flashcards

1
Q

The _________ is the computer’s control program. It allows users and their applications to share and access common computer resources, such as processors, main memory, databases, and printers.

A

operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

________ involves policies, procedures, and controls that determine who
can access the operating system, which resources (files, programs, printers) they can use, and what actions they can take.

A

Operating system security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A formal ________ is the operating system’s first line of defense against unauthorized access. When the user initiates the process, he or she is presented with a dialog box requesting the user’s ID and password. The system compares the ID and password to a database of valid users.

A

Log-on procedure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

If the log-on attempt is successful, the operating system creates an _________ that contains key information about the user, including user ID, password, user group, and privileges granted to the user. The information here is used to approve all actions the user attempts during the session

A

access token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An ______ is assigned to each IT resource (computer directory, data file, program, or printer), which controls access to the resources. These lists contain information that defines the access privileges for all valid users of the resource. When a user attempts to access a resource, the system compares his or her ID and privileges contained in the access token with those contained in the access control list. If there is a match, the user is granted access

A

access control list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Resource owners in this setting may be granted___________, which allow them to grant access privileges to other users.

A

discretionary access privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

________ include hardware failures that cause the operating system to crash.

A

Accidental threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

__________ may cause whole segments of memory to be dumped to
disks and printers, resulting in the unintentional disclosure of confidential information.

A

Accidental system failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

_________ to the operating system are most commonly attempts to illegally access data or violate user privacy for financial gain. However, a growing threat is destructive programs from which there is no apparent gain.

A

Intentional threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Systems administrators and systems programmers require unlimited access to the operating system to perform maintenance and to recover from system failures. Such individuals may use this authority to access users’ programs and data files.

A

Privileged personnel who abuse their authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Looking through memory for sensitive information (e.g., in printer queue)

A

Browsing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Pretend to be authorized user by getting ID and passwords

A

Masquerading

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The most common method to get your password is for someone to look over your shoulder! Make sure your password is a combination of upper/lower case letters, numbers, special characters.

A

Shoulder surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Virus must attach to another program, worms are self-contained

A

Virus & Worms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Management should ensure that individuals are not granted privileges that
are incompatible with their assigned duties.

Privileges determine which directories, files, applications, and other resources an individual or group may access. They also determine the types of actions that can be taken.

A

Controlling Access Privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A________ is a secret code the user enters to gain access to systems, applications, data files, or a network server.

A

password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The most common forms of contra-security behavior include:

A
  • Forgetting passwords and being locked out of the system.
  • Failing to change passwords on a frequent basis.
  • The Post-it syndrome, whereby passwords are written down and displayed for others to see.
  • Simplistic passwords that a computer criminal easily anticipates.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The most common method of password control is the __________. The user defines the password to the system once and then reuses it to gain future access.

A

reusable password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

An alternative to the standard reusable password is the___________

A

one-time password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Under this approach, the user’s password changes continuously. This technology employs a credit card–sized smart card that contains a microprocessor programmed with an algorithm that generates, and electronically displays, a new and unique password every 60 seconds. The card works in conjunction with special authentication software located on a mainframe or network server computer.

A

One-time passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

_____ are logs that record activity at the system, application, and user level

A

System audit trails

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

_______ involves recording both the user’s keystrokes and the system’s responses.

A

Keystroke monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

_________summarizes key activities related to system resources.

A

Event monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A ________ can also be used to report changes in system performance that may indicate infestation by a virus or worm.

A

real-time audit trail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

_________posed by dishonest employees who have the technical knowledge and position to perpetrate frauds

A

intranet risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

________ that threaten both consumers and business entities.

A

Internet risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

______consist of small LANs and large WANs that may contain thousands of individual nodes.

> > > are used to connect employees within a single building, between
buildings on the same physical campus, and between geographically dispersed locations.
Typical activities include e-mail routing, transaction processing between business units, and linking to the outside Internet.

A

Intranets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

The unauthorized interception of this information by a node on the network is called_________

A

sniffing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

_______ is a form of masquerading to gain unauthorized access to a Web server and/ or to perpetrate an unlawful act without revealing one’s identity. To accomplish this, a perpetrator modifies the IP address of the originating computer to disguise his or her identity.

A

IP spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A________ is an assault on a Web server to prevent it from servicing its legitimate users. Although such attacks can be aimed at any type of Web site, they are particularly devastating to business entities that are prevented from receiving and processing business transactions from their customers.

A

denial of service attacks (Dos)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

When a user establishes a connection on the Internet through
TCP/IP , a three-way handshake takes place.

is accomplished by not sending the final acknowledgment to the server’s SYN-ACK response, which causes the server to keep signaling for acknowledgement until the server times out.

A

SYN Flood Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

______is used to test the state of network congestion and determine whether a particular host computer is connected and available on the network.

A

Ping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A _______involves three parties: the perpetrator, the intermediary,
and the victim.

The perpetrator of this attack uses a program to create a ping message packet that contains the forged IP address of the victim’s computer (IP spoofing) rather than that of the actual source computer.

A

smurf attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

The perpetrator of a _________attack may employ a virtual

army of so-called zombie or bot (robot) computers to launch the attack.

A

Distributed Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

______ is a popular interactive service on the Internet that lets thousands of people from around the world engage in real-time communications via their computers.

A

Internet Relay Chat (IRC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

The collections of compromised computers are known as ____

A

botnets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A_____ is a system that enforces access control between two networks.

A

firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

________ provide efficient but low-security access control. This type of firewall consists of a screening router that examines the source and destination addresses that are attached to incoming message packets.

A

Network-level firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

__________provide a higher level of customizable network security, but they add overhead to connectivity. These systems are configured to run security applications called proxies that permit routine services such as e-mail to pass through the firewall, but can perform sophisticated functions such as user authentication for specific tasks.

A

Application-level firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

_________ uses a variety of analytical and statistical techniques to evaluate the contents of message packets. It searches the individual packets for protocol noncompliance and employs predefined criteria to decide if a packet can proceed to its destination.

A

Deep Packet Inspection (DPI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

is the conversion of data into a secret code for storage in databases and
transmission over networks. The sender uses an encryption algorithm to convert the original message (called cleartext) into a coded equivalent (called ciphertext).

A

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

The _______is a mathematical value that the sender selects.

A

key

43
Q

The _______ is the procedure of shifting each letter in the cleartext message the number of positions that the key value indicates.

A

algorithm

44
Q

What are the two commonly used methods of encryption?

A

private key

public key

45
Q

________________is a 128-bit encryption technique that has become a U.S. government standard for private key encryption.

  • Its algorithm uses a single key known to both the sender and the receiver of the message. To encode a message, the sender provides the encryption algorithm with the key, which is used to produce a ciphertext message.
  • The message enters the communication channel and is transmitted to the receiver’s location, where it is stored. The receiver decodes the message with a decryption program that uses the same key the sender employs.
A

Advance encryption standard (AES)

46
Q

_________encryption provides considerably improved security over most single encryption techniques

A

Triple-DES

47
Q

This is a form of Triple DES which uses three different keys to encrypt the message three times.

A

EEE3

48
Q

This is a form of Triple DES which uses one key to to encrypt the message

A

EDE3

49
Q

__________ uses two different keys: one for encoding messages and the other for decoding them.
-Each recipient has a private key that is kept secret and a public key that is published.

  • The sender of a message uses the receiver’s public key to encrypt the message.
  • The receiver then uses his or her private key to decode the message. Users never need to share their private keys to decrypt messages, thus reducing the likelihood that they fall into the hands of a criminal.
A

Public key encryption

50
Q

___________ is a highly secure public key cryptography method. This method is, however, computationally intensive and much slower than standard DES encryption.

A

RSA (Rivest-Shamir-Adleman)

51
Q

Sometimes, both DES and RSA are used together in what is called a_______________.

Procedure:

The actual message is encrypted using DES to provide the fastest decoding. The DES private key needed to decrypt the message is encrypted using RSA and transmitted along with the message. The receiver first decodes the DES key, which is then used to decode the message.

A

digital envelope

52
Q

A ____________is electronic authentication that cannot be forged.

A

digital signature

53
Q

The_________is a mathematical value calculated from the text content of the message.

A

digest

54
Q

A _________is used in conjunction with a public key encryption system to authenticate the sender of a message. The process for certification varies depending on the level of certification desired. It involves establishing one’s identity with formal documents, such as a driver’s license, notarization, and fingerprints, and proving one’s ownership of the public key.

A

digital certificate

55
Q

________________is a sequence number used to detect missing messages

A

Message sequence numbering

56
Q

Listing of all incoming and outgoing messages to detect the efforts of hackers.

A

Message transaction log

57
Q
  • Random control messages are sent from the sender to ensure messages are received
  • Using this, a control message from the sender and a response from the receiver are sent at periodic, synchronized intervals. The timing of the messages should follow a random pattern that will be difficult for the intruder to determine and circumvent
A

request-response technique

58
Q
  • The receiver calls the sender back at a pre-authorized phone number before transmission is completed.
  • This restricts access to authorized terminals or telephone numbers and prevents an intruder masquerading as a legitimate user.
A

Call-back devices

59
Q

____________are data errors from communications noise.

–> The most common problem in data communication

A

Line errors

60
Q

__________ is made up of random signals that can interfere with the message signal when they reach a certain level

A

Noise

61
Q

The ____________ involves the receiver of the message returning the message to the sender. The sender compares the returned message with a stored copy of the original. If there is a discrepancy between the returned message and the original, suggesting a transmission error, the message is retransmitted.

A

echo check

62
Q

___________uses computer-to-computer communications, standard format for messaging between two dissimilar systems. Exchange of computer-processible business info in standard format.

A

Electronic data interchange (EDI)

63
Q

_______________ is used to restrict employees who are sharing the same computers to specific directories, programs, and data files. Under this approach, different passwords are used to access different functions.

A

Multilevel password control

64
Q

include hardware failures and errors in user applications

A

Accidental threats

65
Q

is destructive programs with no apparent gain, which come from three sources:

o Privileged personnel who abuse their authority.
o Individuals who browse the operating system to identify and exploit security flaws.
o Individuals who insert viruses or other destructive programs into the operating system,
either intentionally or unintentionally

A

Growing threat

66
Q

involves recording user’s keystrokes and the system’s response

A

Keystroke monitoring

67
Q

summarizes key activities related to system resources

A

Event monitoring

68
Q

can be used to:
o detect unauthorized access,
o reconstruct events and
o promote personal accountability

A

Audit trails

69
Q

are subject to risks from equipment failure which can cause corruption or
loss.

A

Network topologies

70
Q

may be to punish an organization for a grievance or may be done for
financial gain.

A

Motivation

71
Q

examines source and destination addresses attached to incoming
message packets but does not explicitly authenticate outside users.

A

Screening router

72
Q

extra bit is added onto each byte of data similar to check digits

A

Parity check

73
Q

Messages divided into small packets where each packet of the message may take a
different routes.

A

Packet switching

74
Q

is a private network within a public network

A

Virtual private network (VPN)

75
Q

is a password controlled network for private users

A

Extranet

76
Q

is an Internet facility that links users locally and globally

A

World Wide Web (WWW)

77
Q

Format for E-mail addresses:

A

USERNAME@DOMAIN NAME

78
Q

Defines the path to a facility or file on the Web.

Subdirectories can be several levels deep.

A

URL address

79
Q

Every computer node and host attached to the Internet must have a unique ___________.

A

Internet Protocol (IP) address

80
Q

Rules and standards governing design of hardware and software that permit network users to
communicate and share data.

A

Protocols

81
Q

permits communication between Internet sites.

A

Transfer Control Protocol/Internet Protocol (TCP/IP)

82
Q

used to transfer files across the Internet.

A

File Transfer Protocol (FTP)

83
Q

transmits e-mail messages

A

Simple Network Mail Protocol (SNMP)

84
Q

are encryption schemes.

A

Secure Sockets Layer (SSL) and Secure Electronic Transmission (SET)

85
Q

used to connect to Usenet groups on the Internet

A

Network News Transfer Protocol

86
Q

is the document format used to produce Web pages.

A

HTML

87
Q

is the physical arrangement of network components

A

A network topology

88
Q

can cover several miles and connect hundreds of users

A

Local area networks (LANs)

89
Q

Networks that exceed geographic limitations of LANs are

A

wide area networks (WANs)

90
Q
  • A network of IPUs with a large central computer (the host).
    Host computer has direct connections to smaller computers, typically desktop or laptop PCs.
    -
    Popular for mainframe computing.
    -
    All communications must go through the host computer, except for local computing
A

Star Topology

91
Q

A host computer is connected to several levels of subordinate smaller computers in a master-slave
relationship

A

Hierarchical Topology

92
Q

All nodes in this configuration are of equal status (peers).
-
Responsibility for managing communications is distributed among the nodes.
-
Common resources that are shared by all nodes can be centralized and managed by a file server
that is also a node.

A

Ring Topology

93
Q

Configuration distributes the processing between the user’s (client’s) computer and the central file
server.
-
Both types of computers are part of the network, but each is assigned functions that it best
performs.
-
This approach reduces data communications traffic, thus reducing queues and increasing response
time.

A

Client-Server Topology

94
Q

Purpose is to:
Establish communications sessions.
Manage the flow of data across the network.
Detect and resolve data collisions between nodes.
Detect line failure of signal degeneration errors

A

Network Control

95
Q

most popular technique for establishing a communication session in WANs

A

Polling

96
Q

involves transmitting special signal around the network. Only the node processing
the token is allowed to transmit data.

A

Token passing

97
Q

A random access technique that detects collisions when they occur

A

Carrier Sensing

98
Q

is a program that attaches itself to a legitimate program to penetrate the operating system
and destroy programs, files and the operating system itself.

A

Virus

99
Q

is used interchangeably with virus.

A

Worm

100
Q

is a destructive program triggered by some predetermined event or date

A

Logic bomb

101
Q

is a software program that allows unauthorized access to a system

A

Back Door (trap door)

102
Q

program purpose is to capture IDs and passwords.

A

Trojan horse

103
Q

the most popular LAN topology. one or more servers centrally control communications and file transfers between workstations.

A

Bus Topology

104
Q

passwords are written down and displayed for others to see

A

Post-it syndrome