Operating Systems and Networks Flashcards
Give three operating systems used by companies worldwide
Windows
Mac
Linux
Operating Systems
Computer’s control program
OS Fundamental Control Objectives
The OS must protect
- itself from users
- users from other users
- users from themselves
- itself from itself
- itself from the environment
OS Security Components
Log-on procedures
Access token
Access control list
Discretionary access privilege
Threats to OS Integrity
Privileged personnel who abuse authority
Individuals who browse the OS to identify and exploit security flaws
Individuals who insert computer viruses or other destructive programs into the OS
What are the four OS Controls?
Access privileges
Password control
Virus control
Audit trail control
Name four typical password problems
The password is
- Forgotten
- Not changed frequently
- Simple and easy to guess
- Displayed where others can see them (Post-It Syndrome)
Backdoor
A software program that allows access into an operating system without going through normal log-on procedures
Types of malicious and destructive programs
Trojan Horse
Virus
Worm
Logic bomb
What are the two types of audit logs
Keystroke monitoring
Event monitoring
What are the three ways that audit trails support audit objectives
Detecting unauthorized access
Reconstructing events
Encourages personal accountability
Computer network
Collection of computers and devices connected via communication devices and transmission media
Intranet
A local or restricted communications network
Internet
A global system of interconnected computer networks
Extranet
A part of the intranet available on the internet
What are the business risks associated with e-commerce?
IP Spoofing
Denial of Service (DOS) Attack
Equipment Failure
What are the three network components
Communication lines
Hardware components Software
Network Paradox
Networks exist to provide user access to shared resources, yet the
most important objective is to control such access
Methods to avoid data collision
Polling
Token passing
Carrier sensing
Four ways to control risks from subversive threats
Firewalls
Deep packet inspection
Encryption
Message control techniques
What are the two general types of firewalls
Application level
Network level
What are the benefits of Electronic Data Interchange (EDI)?
Data Keying (or Encoding) Error reduction Reduction of paper Postage Automated procedures Inventory reduction
EDI Controls
Transaction authorization and validation
Access control
EDI audit trail