Unit 3 - Chapter 8

Question 1

Authentication

Answer 1

The process of verifying that you really are the person who has the right to access this computer, whether it is your local machine or the Web server.

Question 2

Hash function

Answer 2

The hash function takes the password the user originally chooses, chops it up, and stirs it around according to a given formula.

Question 3

password-cracking software

Answer 3

For a given-user ID, will first try all words in its built-in dictionary encrypting each with the well-known hash function and comparing the result with the password file.

Question 4

Social engineering

Answer 4

is the process of using people to get the information you want.

Question 5

Authorization

Answer 5

governs what an authenticated user is allowed to do.

Question 6

System administrator or superuser

Answer 6

has access to everything, and is the person who sets up the authorization privileges for all other users.

Question 7

Virus

Answer 7

A virus is a computer program that, like a biological virus, infects a host computer and then spreads. It embed itself within another program or file. When that program or file is activated, the virus copies itself and attacks other files on the system. The results may be as simple as taunting pop-up messages, but could also include erratic behaviour or drastic slowdown of the computer, corrupted deleted files, loss of data, or system crashes.

Question 8

Worm

Answer 8

A worm is very similar to a virus, but it can send copies of itself to other nodes on a computer network without having to be carried by an infected host file. It is a self-replicating piece of software that can travel from node to node without any human intervention.

Question 9

Trojan Horse

Answer 9

A trojan horse ( in the software world) is a computer program that does some harmless little job but also unbeknownst to the user, contains code to perform the same kinds of malicious attacks as viruses and worms - corrupt or delete files, capture the user’s address book to send out spam e-mail.

Question 10

keystroke logger

Answer 10

captures the user’s passwords and credit card numbers ( and sends them to someone else) or even put the computer under someone else’s remote control at some point in the future.

Question 11

Denial of service ( DOS) attack

Answer 11

is typically directed at business or government website. The attack automatically directs browsers, usually on many machines, to a single URL, at roughly the same time. The result causes so much network traffic to the targeted site that it is effectively shut down to legitimate users.

Question 12

zombie army or botnet

Answer 12

A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service attacks, steal data, send spam, and allow the attacker to access the device and its connection

Question 13

Phishing

Answer 13

is a practice used to illegally obtain sensitive information such as credit card numbers, account numbers and passwords.

Question 14

Antivirus softwares

Answer 14

Such software can detect worms, viruses, and trojan horses by distinctive “ signatures” those programs carry. It cleans your machine of infected files. Most antivirus software come with a feature for automatic updates.

Question 15

Firewall software

Answer 15

guards the access points to your computer blocking communications to or from sites you don’t permit.

Question 16

Antispyware

Answer 16

routinely scans your computer for any “ spyware” programs that may have infected your machine - programs that capture information on what Websites you have visited and what passwords and credit card numbers you have used.

Question 17

Security patches

Answer 17

install these patches or updates to your operating system as all operating systems are vulnerable.

Question 18

Criptography

Answer 18

is the science of “ secret writing”

Question 19

Encryption

Answer 19

is the process of using an algorithm to convert information into a representation that cannot be understood or utilized by anyone without the appropriate decryption algorithm;

Question 20

Decryption

Answer 20

is the reverse of encryption, using an algorithm that converts the ciphertext back into plain text.

Question 21

Symmetric encryption algorithm

Answer 21

requires the use of a secret key known to both the sender and the receiver.

Question 22

Asymmetric encryption algorithm

Answer 22

also called a public key encryption algorithm, the key for encryption and the key for decryption are quite different although related.

Question 23

Caesar cipher

Answer 23

also called a shift cipher, involves shifting each character in the message to another character some fixed distance farther along in the alphabet.

Question 24

Stream cipher

Answer 24

it encodes one character at a time.

Question 25

block cipher

Answer 25

a group or block of plaintext letters gets encoded into a block of ciphertext, but not by substituting one character at a time for each letter.

Question 26

DES ( Data Encryption Standard)

Answer 26

is an encryption algorithm developed by IBM in the 1970s for the US NAtional Bureau of Standards ( now called the US NAtional Institute of Standards and Technology, or NIST). It is certified as an international standards by the International Organization for Standardization ( ISO) the same organizations that certifies the MP3 digital audio format.

Question 27

Steganography

Answer 27

is the practice of hiding the very existence of a message

Question 28

AES ( Advanced Encryption Standards)

Answer 28

uses successive rounds of computations that mix up the data and the key. The ley length can be 128,192, or even, 256 buts and the algorithm appears to be very efficient.

Question 29

prime number

Answer 29

an integer greater than 1 that can only be written as the product of itself and 1

Question 30

SSL ( Secure Sockets Layer)

Answer 30

is a series of protocols developed by Netscape Communications

Question 31

TLS ( Transport Layer Security ) protocol

Answer 31

first defined in 1999, is based on SSL and is nearly identical to SSL. TLS has a few technical security improvements over SSL, but the major difference is that TSL is nonproprietary and is a standard supported by the Internet Engineering Task Force ( IETF).

Question 32

Handshake

Answer 32

the exchange of setup information between the client and server, preparatory to exchanging real data.

Question 33

Embedded computers

Answer 33

computational devices such as chips, processors, or computers that are embedded within another system.