Security & Privacy (EXAM #2)

Question 1

Information Security

Answer 1

the degree a system and its data are resistant to and protected from harm from a specific threat.

Question 2

Security breach

Answer 2

any incident that causes harm or unauthorized access to systems or their data

-direct monetary damages, negative impact on firm’s market value and reputation, or lead to government penalties

Question 3

Reasons of being a victim in security breach:

Answer 3

1. have an identity
2. know other people
3. have access to computing resources (laptop, etc)

Question 4

Types of identity theft:

Answer 4

• Financial Identity Theft
• Medical Identity Theft
• Criminal Identity Theft
• Child Identity Theft

Question 5

identity theft

Answer 5

the unauthorized use of a person’s private information for gain

Question 6

Financial Identity Theft

Answer 6

stealing another person’s credit card or bank account number. This may also include using one’s identity (social security number, address, name, etc.) to apply for a credit card or loan that may impact credit ratings or cause unmerited financial obligations.

Question 7

Medical Identity Theft

Answer 7

stealing another person’s personal information to obtain medical care, buy drugs, or submit fake billings to an insurance company. Aside from its financial consequences, it could be life threatening if wrong information is inserted into one’s medical records and wrong medical actions are taken based on these records.

Question 8

Criminal Identity Theft

Answer 8

giving another person’s name, date of birth, driver’s license number, etc., to a law enforcement officer during an investigation or upon arrest. This may result in false criminal records, fines, or other illegal actions.

Question 9

Child Identity Theft

Answer 9

stealing a minor’s social security number for personal gain. This type of fraud can go undetected for years, and it may not be discovered until a child’s later years (when applying for a driver’s license, a bank account, etc.).

Question 10

Know other people

Answer 10

-attackers try to exploit other people’s social networks to steal from or harm their friends, work colleagues, and acquaintances.

• EX: attackers may break into a person’s email or social networking accounts to send messages to their friends and people in their contact list.
• appears to come from a trusted source, but are direct contacts to a fraudulent website, spread malware (malicious software such as a viruses), advertise unwanted products, send spam mail, or solicit friends for sensitive information.

Question 11

Access to computing resources

Answer 11

• anyone who owns a computer may be vulnerable to a security breach
• people can use unsecured computer resources to perform a variety of illegal activities (downloading illegal software, gambling, hosting illegal materials, or visiting bad sites)
• can install malware on victim’s computer that can be used to attack other people or organizations. EX: attacker can spread virus to millions of computers and turn them into zombies or bots. Using the army of infected computers, the attacker can attack an organization or government
• risk of experiencing hardware failure that may result in loss of information (personal files, pictures, music)

Question 12

zombies/bots

Answer 12

computer that can be controlled by a third party after being infected

Question 13

Who causes security threats?

Answer 13

• hackers
• malicious insider threats
• non-malicious threats

Question 14

Hacker

Answer 14

-people who try to attack an organization from the outside

-variety of motivations:
+for the challenge or curiosity
+receive monetary compensation for breaking into a computer system, stealing or destroying info

Question 15

Hactivists

Answer 15

• hackers who are activists
• promote political ends through breaking into computers or networks. They may deface a website (changing the appearance or content of a website) that is contrary to their opinion or make confidential information public to accomplish their political objective.

Question 16

Cyberterrorists

Answer 16

refer to hackers who use the internet to accomplish terrorist acts. Cyberterrorist acts may include disrupting or destroying an organization’s or nation’s infrastructure, such as disrupting a nation’s power supply or communication lines.

Question 17

Cyberwarfare

Answer 17

refers to nations or groups that conduct espionage or sabotage of another nation’s or organization’s information and infrastructure through hacking techniques

Question 18

White-hat hackers

Answer 18

hackers hired by organizations to break into their systems to expose vulnerabilities so the organizations can fix them

Question 19

malicious insider threats

Answer 19

• A legitimate and trusted members of an organization who compromise security
• adversary who operates as a trusted member of an organization to intentionally harm it

-EX: purposely install malware on a system, steal or expose sensitive information, sabotage systems, delete information, steal hardware, or perform financial fraud

Question 20

non-malicious threats

Answer 20

• users who put their organization at risk by not complying with the suggested security policy because of ignorance or non-malicious negligence
• EX: create weak passwords, not updating antivirus programs, not locking computers or office doors, visiting websites infected with malware, and disclosing sensitive information in emails or conversations

Question 21

computer crime

Answer 21

a crime that targets a computer, or using a computer to commit theft

Question 22

Internet crime

Answer 22

crime that specifically involved the internet, such as soliciting information to commit identity theft

Question 23

CIA Triad

Answer 23

-security threats and countermeasures

1. Confidentially
2. Availability
3. Integrity

Question 24

Confidentially

Answer 24

Restricting access to information and resources to those who are authorized to use it

EX: online bank account is protected with a username and password to ensure that only the owner can access it

• ensuring that people who have access to that information don’t disclose that information to other unauthorized people
• enforced through a two step process: authentication & authorization

Question 25

authentication

Answer 25

• refers to who you are
• accomplished through:
  a. something you know
  b. something you have
  c. something you are

Question 26

something-you-know

Answer 26

• include a username, password, or other information that you must retrieve from memory to enter in a login screen
• this is the most common form of authentication

Question 27

something-you-have

Answer 27

• entails using an object (which you can carry with you) to authenticate
• EX: keys, smart card

Question 28

smart card

Answer 28

-pocket-sized card that you can put in a slot on your computer or laptop and when you put this in the card slot on your computer it automatically authenticates and gives you access to the information and resources you are authorized to use

Question 29

dual-factor authentication

Answer 29

often something you have is used together with something you know to authenticate

EX: some organizations with sensitive information, you must enter your username and password along with a code that is on a token

Question 30

token

Answer 30

• small device that you can carry with you which display a code every 30-60 seconds
• the codes are synchronized with the system that will authenticate you
• if the code matches, you will be given access to the system assuming your password is correct to

Question 31

something-you-are

Answer 31

using the physiological characteristics of a person to authenticate. For example, fingerprint scanners can be used to perform authentication. To gain access to a system, your fingerprint must match the fingerprint signature located on the authentication server. Other examples include:
Handprint readers
Retinal (eye) scanners
Vocalic (voice) characteristics
Keystroke timing

Once a person is authenticated (verified to be a legitimate user), a secure system should only allow that user to access the information and resources they are authorized to access.

Question 32

Authorization

Answer 32

is the process of specifying access rights to users—i.e., specifying what users can and cannot access.

For example, a sales person should be able to access information about clients and products. However, a sales person should probably not be able to access information about other employees’ salaries.

Question 33

Social Engineering �(one of the techniques used to access information)

Answer 33

Deceiving users with authorized access to disclose information

EX:
-trusted work colleague might say his account is locked and ask you to login using your credentials, or neighbor might ask for wifi password (with borrowed credentials, these people may access confidential information and may even perform illegal activities)

Asking users about sensitive information
Deceiving users to share credentials
Can be in person or over email—e.g., Phishing

Question 34

Phishing (most common form of social engineering)

Answer 34

• fradulent technique for obtaining one’s private information through an email
• typically asks you to provide personal information (usernames, passwords, credit card numbers, government ids, etc)
• or click on a link that will lead to a website that asks for personal information or that is infected with malware

EX: hackers pretending to be an IT department might ask you to click on a link to a fake login page to get your username & password
-or say you’ve won a large amount of money and ask for your bank account number to transfer your funds

Question 35

spear phishing

Answer 35

personalized phishing messages:

• look very personable
• use actual name
• reference (CC) people you know
• appear to come from someone you know

Question 36

Protect yourself (phishing)

Answer 36

• NEVER give out sensitive information in an email
• be cautious on clicking links in an email, check where it is really going
• be cautious clicking on attachments (can install malware on your computer or record your personal information), install an antivirus software that will scan the attachment before it is opened
• enable a spam folder in your email, spam filters tag characteristics of phishing emails and tag messages from known phishers

Question 37

Network Sniffing

Answer 37

Intercepting packages on a wireless or wired network and viewing the contents of these packages

-when you send information over the internet (such as email, website request, instant messages, payment information, etc) it is divided into segments (known as packages) and sent across the network

Question 38

Encryption (one way to protect your data from being readable to third parties)

Answer 38

• process of encoding a messages (or information) in such a way that third parties cannot easily understand it
• most encryption algorithms require a public key and to decrypt a message the receiver must have a private key

-can encrypt data on hard drive to protect confidentiality (if comp stolen)

Question 39

public key

Answer 39

publicly available key or code that tells the algorithm how to encrypt the data

Question 40

private key

Answer 40

key (not normally shared with others) that tells the algorithm how to decrypt the data

Question 41

Protect yourself (network sniffing)

Answer 41

• only sharing information with websites that have an URL preceded with https
• only using wireless networks that are secure (require password or login)
• making sure your personal wireless network is secured with a password
• being hesitant sharing your wireless network password with anyone (could allow them to perform illegal activities or introduce malware on your network)

Question 42

Password Guessing

Answer 42

• another type of attack to compromise confidentiality
• if you reuse passwords, can steal it from one site and use it for others
• can be performed by gathering personal information about an individual
• dictionary attack

Question 43

Creating strong passwords

Answer 43

-through passphrase

Question 44

passphrase

Answer 44

-sequence of words or other text that compose an easily rememberable but secure password

Question 45

Protect yourself (passwords)

Answer 45

• create passphrases
• avoid reusing passwords for important sites
• avoid names of family members, pets, sports teams, etc
• use characters, special characters, and numbers in your password
• if system administrator, allow only a specific number of guesses before locking a system

Question 46

Lost or Stolen Hardware

Answer 46

-phones, laptops, flashdrives, etc

EX: company’s customer info on a flashdrive, and it falls out of pocket at a restaurant, the info may be accessed and used by anyone who picks up the drive

EX: lose a phone with no passcode on it they have access to apps, or other information on the phone including bank apps, email, notes, purchasing accounts (iTunes, etc)

Question 47

Protect yourself (lost & stolen hardware)

Answer 47

• avoid putting any sensitive information on portable devices
• encrypt data on portable devices
• password protect laptops, phones, jump drives, or other portable devices

Question 48

Availability

Answer 48

Ensuring that authorized users are able to access information and resources when they need it

-To create value, information must be available when users need it

EX: not able to login into comp because your account is locked (called downtime)

Question 49

downtime

Answer 49

a period of time when a system is unavailable

-caused by: attacks, non-malicious & naturally occurring causes

Question 50

User-Initiated Errors

Answer 50

-mistyped or forgotten credentials (also threaten availability)

Question 51

Hardware failures

Answer 51

• also threaten availability
• lifespan of 3-5 years
• refers to a malfunction such that you can’t access your stored information with a normal computer

Question 52

redundancy

Answer 52

-refers to having important information in more than once place and having backup systems just in case the primary systems become nonfunctional (primary safeguard against hardware failure)

Question 53

choosing backup strategy (redundancy)

Answer 53

-decide where to back up files:
+external hard drive & copying files to that drive periodically (most operating systems have a utility built in that will automatically create backups to an external drive)
+back up data online (allow you to automatically back up files to secure online server every time you connect to the internet)

-version control, what data to back up (entire vs. selected), how to secure (encryption vs. physical vs. online)

Question 54

Malware

Answer 54

A malicious program that may occupy the resources of your computer so that it is slow or nonresponsive, cause damage to your computer, take control of your computer, or even steal information from your compute

3 types of malicious programs:

• virus
• worm
• trojan horse

Question 55

virus

Answer 55

refers to a malicious program that attaches itself to another program or file. It spreads from one computer to another as users share programs or files with each other.

Question 56

worm

Answer 56

is similar to a virus (refers to a malicious program that attaches itself to another program or file) except that it can spread from computer to computer by itself (without requiring users to share the virus).

Question 57

Trojan horse

Answer 57

is a malicious program that is disguised to be a legitimate, useful program. However, when you open the Trojan horse, it may consume the resources of your computer, cause damage to your computer (e.g., delete files), steal information, or create a backdoor that allows someone to take control of your computer. Trojan horses do not self-replicate or infect files like worms or viruses respectively do

Question 58

ways to get malware:

Answer 58

• phishing
• visiting infected website on your own
• shady websites (websites that contain illegal content)
• sharing flash drives, sharing files, and etc
• some can self-replicate (worms) across a network
• connecting to someone’s non-secure wireless router that is infected
• if you have no virus protection

Question 59

Protect yourself (malware)

Answer 59

• always have updated antivirus protection software
• do not click on unknown attachments in email
• do not visit shady websites, or click on unknown links in email
• be hesitant putting other people’s flash drives in your comp

Question 60

Denial-of-Service Attack

Answer 60

A distributed denial-of-service attack: a coordinated effort to flood a system (e.g., a website) with traffic – such as having millions of comps trying to request a webpage at once to bring down the system and make it unavailable to users

Question 61

firewall

Answer 61

-one way to combat against Denial-of-Service Attack
-hardware and/or software that guards a private network by analyzing the information leaving and entering the network and then blocks unauthorized or suspicious content

Question 62

Integrity

Answer 62

Protecting data from unauthorized modification or deletion

-unauthorized change to data may occur from someone accidentally deleting or modifying data despite having good intentions
EX: breach of data occurs if well-minded employee accidentally deletes historical sales database or conducted by someone malicious - hacker intercepting message and changing or deleting its contents

Question 63

file permissions

Answer 63

-refer to the rules that specify what can and cannot be done to a file
EX: read only program

-on a larger scale, organizations can specify who can access and modify resources using group policies (policies that specify what users and computers can do). once a group policy is set at the organizational level, all computers on the organization’s network will then enforce it

Question 64

version control

Answer 64

• management to change files
• if an unauthorized modification or deletion does occur, it is important to have the ability to restore the previous version of the data

Question 65

checksums

Answer 65

• to help ensure that data was not modified during transmission (when transferring data across the internet, packets can become corrupted or even intercepted and changed before reaching the destination.
• checksums utilize cryptography (encryption) to create a unique signature of a file & its contents, the signature is referred to as “hash”
• person can create a hash of a file, transmit the file, compute another hash of the file at the destination and compare the two hashes to ensure nothing has changed

Question 66

defense in depth

Answer 66

having multiple layers of security

Question 67

onion model

Answer 67

• one way to conceptualize the defense in depth
• compares security to an onion
• in the middle of the onion is the sensitive data or data you want to protect, but the core is protected by several layers of security

EX: sensitive data/resources (center), encryption, permissions, firewalls/IPS/packet inspection, physical security