Session 25 (Security and Online Privacy)

Question 1

risk vs vulnerability vs exposure?

Answer 1

risk: likelihood that threat will occur
vulnerability: likelihood that threat will harm the system
exposure: (potential harm if threat breaks the controls and comprises the resources)

Question 2

what are the components of internet security (CIA)?

Answer 2

Confidentiality: The information is secret. No
one can read that information without your
permission.

 Integrity: The information remains unaltered.
No one can change that information without
your knowledge.

 Availability: The information is available
upon your request. When you need it, that
information must be available

Question 3

what are the two things we need to ensure confidentiality?

Answer 3

1. we need to make sure that our data
   cannot be read by anyone except the
   intended recipient.
    We do this through Cryptography.
2. we need to make sure that the
   intended recipient is really the one who says
   he is.
    We do this though Access Control.

Question 4

what is Caesar’s cipher?

Answer 4

The most basic substitution cipher
 Encryption given a key K: each letter in the
plaintext P is replaced with the K’th letter
following corresponding number (shift right)
 Decryption given K: shift left

Question 5

Symmetric vs Asymmetric cryptography?

Answer 5

Symmetric
 Easy to use
 Faster
 Key management is hard
(especially when number
of users is high)
 Need key distribution
 Cannot provide digital
signature

Asymmetric
 More complicated
 Much slower
 Simpler Key
management system
 No need for Key
distribution
 Can provide digital
signature

Question 6

what are the three components to control access?

Answer 6

1. Authentication: to confirm that you are who
   you say you are.
2. Authorization: to make sure that you can read
   what you are able to read.
3. Accounting: to keep track of what you do.

Question 7

what is the simplest authentication method?

Answer 7

password

Question 8

what’s a way to add additional security?

Answer 8

multi-factor authentication (something you know, have, are)

Question 9

what are the two main access control systems?

Answer 9

1. physical

2. digital (Firewall, Intrusion Prevention System)

Question 10

what is malware?

Answer 10

any software with malicious intent against your

computer

Question 11

what can malware do?

Answer 11

– disrupt computer operation
– gain access to private systems
– steal personal information
– or even display advertisements

Question 12

examples of types of malware

Answer 12

• Virus
• Worm
• Trojan Horses
• Ransomware
• Spyware
• Adware
• Scareware

Question 13

describe phishing

Answer 13

– Lure victim via Email / URL Link
– To a fake website that look absolutely similar to
the original
– Trick user to enter personal details and/or
password

Question 14

describe spear-phishing

Answer 14

– Phishing that intend to use against specific person
– More sophisticated and customized
– More promising to the victim

Question 15

what is denial of service?

Answer 15

Attack that makes a machine or network
resource unavailable to the users.
 Called Distributed Denial-of-Service (DDoS) if
the attacks occur from multiple sources

Question 16

what are some threats to privacy?

Answer 16

- Data aggregators, profiling, and digital
dossiers
- Electronic Surveillance
- Personal Information in Databases
- Information on Internet

Question 17

what are 4 ethical issues to do with online privacy?

Answer 17

Privacy Issues
– Is personal information kept private?

 Accuracy Issues
– Who is responsible for information being accurate
and complete? Accountability.

 Property Issues
– Who owns the information and intellectual
property rights?

 Accessibility Issues
– Who can access, store and process the
information?