Session 17

Question 1

Information Security Challenges

Answer 1

client user (unauthorized access, errors)- communication line (tapping, sniffing, message alteration, theft & fraud, radiation)- corporate servers (hacking viruses & worms, theft and fraud, vandalism, denial of service attacks) - corporate systems to database

Question 2

the system triangle

Answer 2

security- functionality- ease of use

Question 3

CIA Framework

Answer 3

Confidentiality- the improper disclosure of information
Integrity- the improper modification of data
Availability- the unauthorized denial of service to data

Question 4

what is DOS attack

Answer 4

DOS define: denial of service & attacking the availability aspect of the system
Types of DOS Attacks: technical attacks, non-technical attacks

Question 5

Identity Theft: Phishing

Answer 5

sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers

Question 6

Identity Theft: Spoofing

Answer 6

is an attack in which one person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage.

Question 7

Managing passwords

Answer 7

main use of password: authentication/identification
(security threats: all passwords are crackable)
securing passwords: hashing (no one expect the user can ever see the password)

Question 8

Encryption & Decryption

Answer 8

scrambling & unscrambling
Advantage of digital vs. analog signals (more secure, more flexible)
Encryption key vs decryption Key
(public/private key structure: public key shared - encrypting info.
private key- kept secret- decrypting info

Question 9

Public & Private Keys

Answer 9

Sender- encrypt with public key- scrambled message- decrypt with private key- recipient