Chapter 4 Network and Internet Security

Question 1

what is unauthorized access?

Answer 1

Gaining access to a computer, network, file or other resource without permission

Question 2

What is unauthorized use?

Answer 2

Using a computer resource for unapproved activities

Question 3

What is hacking?

Answer 3

Using a computer to break into another computer system

Question 4

What are codes of conduct?

Answer 4

Codes that address prohibited activities such as playing games, installing personal software, violating copyright laws, causing harm to computers or the network and snooping in other peoples files.

Question 5

What is the Heartland Payment systems data breach

Answer 5

in 2009, the theft of consumer data such as theft of credit card numbers occurred from the epsilon mass email marketing company and more than 77 million sony playstation network accounts.

Question 6

What is the National electric sector cyber security organization?

Answer 6

An organization created by President Obama for cybersecurity

Question 7

What is war driving?

Answer 7

Driving around an area with a Wi-Fi enabled computer or mobile device to find a Wi-Fi network to access and use without authorization

Question 8

Wi-Fi piggybacking

Answer 8

Accessing an unsecured Wi-Fi network from your current location without authorization

Question 9

What is the Payment Card Industry Data Security Standard

Answer 9

PCI DSS
Requires companies to limit the credit card data stored on company servers and to encrypt the data that is allowed to be stored.

Question 10

Access control Systems

Answer 10

used to control access to facilities, computer networks, company databases, web site accounts etc.
Egs are identification systems
and authentication systems
and identity management systems

Question 11

What is a possessed knowledge access system?

Answer 11

An access control system that uses information only the individual should know to identify that individual

Question 12

What is a password?

Answer 12

A secret combination of characters used to gain access to a computer, computer network or other resource.

Question 13

What is two-factor authentication systems

Answer 13

Using two different methods to authenticate a user

Question 14

What is possessed object access system?

Answer 14

An access control system that uses physical object and individual has in his or her possession to identify that individual.
Egs: RFID encoded badges, magnetic a cards or USB security keys

Question 15

What is a biometric access system?

Answer 15

An access control system that uses one unique physical characteristic of an individual such as a fingerprint face or voice to authenticate that individual

Question 16

What is WEP and WPA and WPA2?

Answer 16

WEP: is Wired Equivalent privacy which is now considered insecure and has been replaced by
WPA: Wi-Fi protected access.
WPA2 is more protected than WPA.
Most Wi-Fi hardware today is shipped with the security features turned off and most people never enable them which leaves the networks unsecured

Question 17

Why should we use a network key or a passphrase when setting up a WiFi network?

Answer 17

To make sure the WiFi network is secured

Question 18

What is a SSID?

Answer 18

The name of the WiFi network.

Question 19

What is a firewall?

Answer 19

A collection of hardware and or software intended to protect a computer or computer network from unauthorized access

Question 20

How does a firewall work?

Answer 20

It closes off all external communications port addresses which are the electronic connections that allow a computer to communicate with other computers to unauthorized computer programs.

Question 21

What is an intrusion prevention system?

Answer 21

A system related to a firewall which is used by businesses that instead of blocking unauthorized traffic it continuously monitors traffic to detect possible attacks as they are occurring then blocks them.

Question 22

What are secure web pages?

Answer 22

Web pages that use encryption so that sensitive data such as credit card numbers are protected.

Question 23

What are the most commonly used security protocols used with secure webpages?

Answer 23

SSL: Secure sockets layer
EV SSL: Extended Validation Secure Sockets Layer
Note: the URL’s will begging with https. rather than just http.

Question 24

What is self encrypting and where is it used?

Answer 24

Many computers and storage devices esp. those that are used for portable computers automatically encrypt all information

Question 25

What is private key encryption?

Answer 25

a type of encryption that uses a single key to encrypt and decrypt the file or message

Question 26

What is a public key encryption

Answer 26

A type of encryption that uses key pairs to encrypt and decrypt the file or message

Question 27

What are a Virtual Private networks?

Answer 27

A private, secure path over the internet that provides authorized users a secure means of accessing a private network via the internet.

Question 28

What are some public hotspot precautions to take to protect your information?
Name approx. 10

Answer 28

1. Turn off automatic connections and pay at ten to the list of available hotspots to make sure you connect to a legitimate spot.
2. use a personal firewall to control the traffic going to and from your computer
3. Use a virtual private network to secure all activity
4. only enter passwords, credit card numbers, and other data on secure web pages using VPN
5. if you’re not using a VPN, encrypt all sensitive files before transferring or emailing them.
6. Avoid online shopping if you are not using a VPN
7. Turn off file sharing so others can’t access the files on your hard drive
8. Turn off blue tooth and Wi-Fi when you are not using them
9. Disable ad hoc capabilities to prevent another computer from connecting to your computer without using and access point
10. use antivirus software and make sure your operating system and browser are up to date

Question 29

What is an evil twin?

Answer 29

is a fake Wi-Fi hotspot set up by a thief to masquerade as a legitimate Wi-Fi hotspot

Question 30

What is computer sabotage?

Answer 30

acts of malicious destruction to a computer or computer resource is another common crime today

Question 31

What is a Bot?

Answer 31

a computer that is controlled by a hacker or other computer criminal

Question 32

What is a Botnet?

Answer 32

A group of bots that are controlled by one individual

Question 33

What is Malware

Answer 33

Any type of malicious software

Question 34

What is a computer virus?

Answer 34

A software program installed without the users knowledge and designed to alter the way a computer operates or to cause harm to the computer

Question 35

What is a computer worm?

Answer 35

A malicious program designed to spread rapidly to a large number of computers by sending copies of itself to other computers

Question 36

What is a Trojan horse?

Answer 36

A malicious program that masquerades as something else.

Question 37

What is Mobile malware?

Answer 37

malware that affects mobile phones, portable digital media, printers and other devices.
Some are designed to crash that euphonies operating system and can be infected via bluetooth by just being in range

Question 38

What is Denial of Service Attack? (DoS Attack)

Answer 38

An act of sabotage that attempts to flood a network server or a Web server with so much activity that is unable to function.

Question 39

What is DDoS attacks?

Answer 39

Distributed denial of service attacks
This is where attacks are performed by botnets created by hackers and the computers in the bonnet participate in the attacks without the owners knowledge.

Question 40

What is security software?

Answer 40

software that is installed to protect the computer against a variety of threats

Question 41

What is antivirus software?

Answer 41

Software used to detect and eliminate computer viruses and other types of malware

Question 42

What are 8 virus prevention strategies?

Answer 42

1. use antivirus
2. Limit sharing of USB flash drives and other removable storage devices
3. only download from reputable sites
4. only open email attachments from people you know.
5. for any downloaded file you are unsure of, upload it to a website such as VirusTotal.com that test files for viruses before you open them
6. Keep email preview window closed
7. regularly download latest security patches
8. avoid downloading from P2P sites.

Question 43

What is a dot con?

Answer 43

a fraud or dcm carried out through the internet

Question 44

What is data theft or information theft?

Answer 44

is the theft of data or information located on or being sent from a computer
can be done by actually stealing the computer or it can take place over the internet by gaining unauthorized access to the computer

Question 45

What is salami shaving?

Answer 45

Money that is stolen via a computer. Company insiders steal money by altering company programs to transfer small amounts of money for example a few cents worth of bank account interest form a ver large number of transactions to an account controlled by thief.

Question 46

What is identity theft?

Answer 46

occurs when someone obtains enough information about a person to be able to masquerade as that person usually to buy products.

Question 47

What is skimming?

Answer 47

Skimming involves stealing credit cards or debit card numbers by using an illegal device attached to credit cardreader or an ATM mating that reads and stores the card numbers

Question 48

What is social engineering?

Answer 48

this involves pretending typically via a phone or email to be a bank officer, potential employer or other trusted individual in order to get the potential victim to supply personal information

Question 49

What is phishing?

Answer 49

the use of a spoofed email messages to gain credit card numbers and other personal data to be used for fraudulent purposes (e.g. mail that appears to have come from paypal or a bank etc)

Question 50

What is spear phishing?

Answer 50

a personalized phishing scheme targeted at and individual.

Question 51

What is pharming?

Answer 51

the use of spoofed domain names to obtain personal information in order to use that information in fraudulent activities

Question 52

What is online auction fraud?

Answer 52

When an item is “purchased” through and online auction is never delivered after payment or the item is not specified by the seller

Question 53

What are some characteristics of phishing emails? Name 7

Answer 53

1. Tries to scare you into responding by sounding urgent including warnings that acct will be cancelled etc
2. Asks you to provide personal info
3. Contains links that do not go where they are supposed to go.
4. Uses legit logos of companies
5. Appears to come from a known organization
6. Appears to be text and text and images but is actually a single image and has been created to avoid being caught in a spam filter
7. Contains spelling or grammatical errors

Question 54

What are some tips for avoiding id theft? Name 9.

Answer 54

1. Protect your SIN
2. Be careful with mail…shred documents
3. Keep security of computers upto date
4. Be cautious never click on a link in an email message or respond to a too good to be true offer
5. Use strong passwords
6. Verify sources before sharing info. Never respond to phone or email requests for sensitive information
7. Be vigilant while on the go…keep wallet, phone etc secure
8. Watch bills and monitor credit cards… React immediately if you suspect fraud
9. Use security software that warns you if you may be accessing a phishing site

Question 55

What is a digital certificate?

Answer 55

A group of electronic data that can be used to verify the id of a person or organization; includes a key pair that can be used for encryption and digital signatures

Question 56

What is a digital signature?

Answer 56

A unique digital code that can be attached to a file or an email to verify the identity of the sender and guarantee the file or message hasn’t been changed since it was signed

Question 57

What is cyberbullying?

Answer 57

Children or teenagers bullying other children or teens on the internet

Question 58

What is cyberstalking?

Answer 58

Repeated threats or harassing behaviour between adults carried out via email or another internet communication method

Question 59

What is the Identity Theft Penalty Enhancement Act?

Answer 59

Created in 2004.
Adds extra years to prison sentences for criminals who use ID theft to commit other crimes, including credit card fraud and terrorism

Question 60

What is the CAN-SPAM Act?

Answer 60

Created in 2003.

Implements regulations for unsolicited email messages

Question 61

What is the Fair and Accurate Credit Transactions Act (FACTA)?

Answer 61

Amends the fair credit reporting act (fcra) to require, among other things, that the three nationwide consumer reporting agencies (Equifax, Experian, and TransUnion) provides consumers, upon request a copy of their credit report once a year

Question 62

What is the Protect Act?

Answer 62

Includes provisions to prohibit virtual child pornography

Question 63

What is the Health Insurance Portability and Accountability Act (HIPAA)

Answer 63

Created in 2003

Includes a security rule that sets minimum security standards to protect health information stored electronically

Question 64

What is the Homeland Security Act?

Answer 64

Created in 2002.
Includes provisions to combat cyberterrorism include ins protecting ISPs against lawsuits from customers for revealing private information to law enforcement agencies

Question 65

What is the Serbanese-Oxley Act?

Answer 65

Created in 2002.

Requires archiving a variety of electronic records and protecting the integrity of corporate financial data

Question 66

What is the USA Patriot Act?

Answer 66

Created 2001

Grants federal authority expanded surveillance and gathering power.

Question 67

What is the Identity Theft and Assumption Deterrence Act of 1998?

Answer 67

Makes it a federal crime to knowingly use someone else’s Identity such as name , credit card numbers etc to commit a crime

Question 68

What is the No Electronic Theft (NET) Act?

Answer 68

Created in 1997.

Expands computer piracy laws to include distribution of copyrighted material over the internet.

Question 69

What is the National Information Infrastructure Protection Act?

Answer 69

Created in 1996
Amends the computer fraud and abuse act of 1984 to punish info theft crossing state lines and to crack down on network trespassing

Question 70

What is the Computer Fraud and Abuse Act of 1984

Answer 70

Makes it a crime to break into computers owned by the federal government. This act has been regularly amended over the years as technology has changed