Chapter 6 - CS3 - Info System Security

Question 1

Briefly define each of the three members of the information security triad.

Answer 1

1. Confidentiality - only authorized users can access
2. Integrity - information can be trusted, unaltered
3. Availability - authorized users can access & modify info in an appropriate timeframe

Question 2

What does the term authentication mean?

Answer 2

The process of ensuring that a person is who they claim to be

Question 3

What is role-based access control? What is an access control list?

Answer 3

RBAC = assigning roles w/ preset permissions to users
ACL = assigning permissions to users

Question 4

What is pretexting?

Answer 4

Pretexting occurs when an attacker calls a helpdesk or security administrator and pretends to be a particular authorized user having trouble logging in. Then, by providing some personal information about the authorized user, the attacker convinces the security person to reset the password and tell him what it is.

Question 5

What is a firewall?

Answer 5

Hardware or software (or both) that filters packets as they enter based on set of rules; protects network’s resources from intrusion

Question 6

What is multi-factor authentication?

Answer 6

Using more than one method of authentication - something you know, something you have, & something you are

Question 7

What are biometrics?

Answer 7

Using physical characteristics (eye-scan, fingerprint) to authenticate

Question 8

What is the purpose of encryption? What are the two types of keys?

Answer 8

To keep transmitted data secret so that only those with a key can read it
Symmetric key - both parties share key, both can encode & decode
Public key - one party has public key (to encrypt); you need private key to decrypt

Question 9

Cyber-extortionist

Answer 9

Person who demands payment in order to prevent or stop attacks on an organization’s network, website or computer systems

Question 10

Script kiddies (skiddie)

Answer 10

An unskilled individual who uses scripts or programs developed by others to attack computer systems and networks

Question 11

Malware

Answer 11

Malicious software

Programs that act without a user’s knowledge and deliberately alter the operations of computers and mobile devices

Question 12

Computer virus

Answer 12

Program that attaches itself to a file, reproduces & spreads to other files
Key characteristic: will “lurk” for days or months quietly replicating itself

Question 13

Worm

Answer 13

Sub-class of virus 
Can spread w/o human help

Question 14

Trojan horse

Answer 14

NOT a virus, DO NOT replicate themselves

Destructive program, looks like genuine application

Question 15

Botnet

Answer 15

Group of compromised computers connected to a network

Question 16

Back door

Answer 16

A program or set of instructions in a program that allow users to bypass security controls

Question 17

Spoofing

Answer 17

A technique intruders use to make their network or Internet transmission appear legitimate

Question 18

License Agreement

Answer 18

The right to use software

Question 19

Secure site

Answer 19

A website that uses encryption techniques to secure its data

Question 20

Cookie

Answer 20

A small text file that a web server stores on your computer (to recognize you & keep track of your preferences)

Question 21

Spyware

Answer 21

A program placed on a computer or mobile device without the user’s knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online

Question 22

Adware

Answer 22

A program that displays an online advertisement in a banner or pop-up window