Video Content Lesson 11

Question 1

Question

Answer 1

Answer

Question 2

Types of Computer Crime

Answer 2

Overview
Military Attacks
Business Attacks
Financial Attacks
Terrorist Attacks
Grudge Attacks
Fun Attacks
Hacking/Cracking

Question 3

Overview

Answer 3

Crime is Crime
Computers provide unique tools for criminals to use when committing crimes
The apparent anonymity gives criminals a false sense of security
The reasons for computer crime are the same for any type of crime (thrill, greed, prestige, revenge)

Question 4

Military Attacks

Answer 4

attempt to acquire secret information from military or law enforcement agencies
disclosure could cause great harm

Question 5

Business Attacks

Answer 5

attempt to acquire secret information from a commercial organization
purpose is generally to harm or embarrass a person or an organization (Business secrets, personal medical information, financial information, secret or sensitive corporate information)

Question 6

Financial Attacks

Answer 6

Attempt to improperly acquire goods, services, or money (greed based attack)
Phone phreaking (break into phone company for free long distance)
Credit Card Fraud

Question 7

Terrorist Attacks

Answer 7

attempt to alter the normal lifestyle of a group of people
Most likely target is infrastructure or high visibility entity
It is expected that such an attack could coincide with a physical attack making the emergency response more difficult

Question 8

Grudge Attacks

Answer 8

The “I’m gonna get you back!” attack
Revenge directed toward a person or organization (disgruntled employee)
Purpose is generally to harm the reputation of the intended victim

Question 9

Fun Attacks

Answer 9

Attacks “just to see if I can do it”

Main purpose is for the thrill and prestige

Question 10

Hacking/Cracking

Answer 10

the art of compromising access controls to gain unauthorized access to a system
Once access is gained the attacker generally launches a data attack
True hackers are not bad
crackers are individuals who seek to compromise access controls for illegal means

Question 11

Categories of Law

Answer 11

Criminal Law
Civil Law
Admin/Regulatory Law
Categories of Law
Intellectual Property Law
Trade Secrets
Copyrights
Trademarks
Patents
There are three main categories of law in the US (Criminal, Civil, Administrative/Regulatory)
Each imposes different potential penalties

Question 12

Criminal Law

Answer 12

Criminal Law
Body of laws that preserve the peace and keep society safe
Criminal cases are prosecuted by the state
Penalties (Community Service, Monetary Penalties (fine), Incarceration)

Question 13

Civil Law

Answer 13

Laws intended to settle disputes between individuals and organizations
Most laws are civil laws
In general, law enforcement personnel are not parties to civil litigation, unless to restore order
Civil courts often use different standards of proof than criminal courts
Criminal - proof beyond a reasonable doubt
Civil - preponderance of evidence
Penalties are generally monetary
Punitive (Punish offender)
Compensatory (payback to the offended)

Question 14

Admin/Regulatory Law

Answer 14

any regulations that govern specific personal or organizational practices
Most commonly associated with specific industries or business functions
Hazardous waste handling
nuclear materials handling
medical records
hiring practices

Question 15

Categories of Law

Answer 15

Religious Law (laws that originate in religion, not legislation; some societies separate religious and secular laws; others combine/integrate them)
Mixed Law (Blending two or more systems of law; More and more common as international commerce and interaction increases; EX - NAFTA (North America Free Trade Agreement))

Question 16

Intellectual Property Law

Answer 16

Several types of laws help protect the intellectual property of individuals and organizations
the basic purpose is to protect the effort and creativity invested to develop a product or service
as society moves toward increasingly service-oriented businesses, intellectual property protection becomes crucial
Most large companies have very strong public associations with their brand names and products (protection of brand and product association is important to the organization’s ability to conduct business)

Question 17

Trade Secrets

Answer 17

Intellectual property that is critical to a business
Secret recipe or unique process
Protection only requires sufficient controls in place

Question 18

Copyrights

Answer 18

Guarantees the creator of “original works of authorship” protection from unauthorized duplication and distribution
(Books, Music, Pictures (still and motion), other art and architectural works)

Question 19

Trademarks

Answer 19

Word, slogans, or logos that identify an organization or product
Trademark registration is not required, but doing so guarantees exclusive use of the trademark ?Trademarks are valid for 10 years, renewable

Question 20

Patents

Answer 20

Protects an inventor’s right to exclusive control of the creation and distribution of an invention
Patents last for 20 years, nonrenewable
To warrant a patent, the product must be new, useful, and nonobvious

Question 21

Computer Laws

Answer 21

Technology Threat
Government Intervention
Fraud and Abuse Act
Computer Security Act
Amended Security Act
Security Reform Act
Privacy Acts
USA Patriot Act
Liability

Question 22

Technology Threat

Answer 22

The explosion in growth makes it very easy to share data
Without appropriate controls, sensitive data could be disclosed and made available to many people and organizations
Main areas of concern (personal medical records; personal and organizational records; other potentially harmful personal records)

Question 23

Government Intervention

Answer 23

Laws have been updated and changed as new needs arose

Question 24

Fraud and Abuse Act

Answer 24

Computer Fraud and Abuse Act of 1986 (1994, 1996, 2001)
Law that covers computer crime that crosses state boundaries
Main (original) provisions that constitute a crime (Unauthorized access to classified or financial information on a federal system; Unauthorized access to a federal system; Any use of a federal system o perpetrate fraud; Causing malicious damage to a federal system that exceeds $1000; Modifying medical records or traffic passwords stored on a federal system)
Amendments added these definitions of crime (Any development or introduction of malicious code that causes system damage; Modifies definition to include any computer used in interstate commerce, not just federal systems)
Allowed imprisonment of offender, regardless of the intent
Provides legal authority for victims to pursue civil action

Question 25

Computer Security Act

Answer 25

Computer Security Act of 1987
Four Main Ideas
1-Gave the National Institute of Standards and Technology (NIST) responsibility for developing standards and guidelines related to federal computer systems
2-Provides for the promulgation of standards and guidelines
3-Required security plans for all federal systems that contain sensitive data
4-Requires mandatory periodical training for managers, administrators, and users of federal systems that contain sensitive data

Question 26

Amended Security Act

Answer 26

National Information Infrastructure Protection Act of 1996
Amendment to Computer Security Act
Broadens authority to cover systems used in international commerce
Extends protection beyond computer systems to infrastructure elements (electricity, etc)
Treats any reckless or malicious code that damages critical national infrastructure as a felony

Question 27

Security Reform Act

Answer 27

Government Information Security Reform Act (GISRA) of 2000
Provides a comprehensive framework for establishing effectiveness of controls
Calls for increased network security control
Provides for government-wide management of information security risks
Calls for the development of minimum security controls for federal systems
Improves oversight of federal information systems

Question 28

Privacy Acts

Answer 28

1-Federal Privacy Act of 1974
Very significant privacy legislation
Severely restricts the ability of federal government agencies to disclose personal information without prior written approval by the affected party
Contains exceptions for (Census; Law Enforcement; Health and Safety; Court Orders)
2-Electronic Communications Privacy Act (ECPA) of 1986
Makes it a crime to invade a person’s electronic privacy
Protects from e-mail and voice mail monitoring
Prevents service providers from disclosing the contents of e-mail and voice mail messages
Prohibits monitoring of cell phone conversations
3-Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Set forth strict regulations for organizations that process or store personal medical information
HIPAA is quite a complex, but a general overview of its intent will suffice unless you work in the health care field
4-Gramm-Leach-Bliley Act of 1999
Modified restrictions that govern exchange of financial information between financial institutions

Question 29

USA Patriot Act

Answer 29

USA Patriot Act of 2001
Direct Response to the 9/11 terrorist attacks
Broadened the authority of law enforcement and intelligence agencies to conduct electronic monitoring
Permission can now be granted per person, instead of the per circuit requirement
ISPs can provide detailed information to the government pertaining to user activity
penalties can now be up to 20 years in prison

Question 30

Liability

Answer 30

3 basic standards
1-Prudent Man Rule (officers and agents of an organization must perform duties that are consistent with what a prudent man would exercise in a similar situation)
2-Due Care (Steps an organization takes that show it has taken responsible action to protect assets
3-Due Diligence (Continual activities that demonstrate that due care is maintained

Question 31

Types of Incidents

Answer 31

Overview
Incident Categories
Scanning Incidents
Compromise Incidents
Malicious Code Incidents
DoS Incidents

Question 32

Overview

Answer 32

An Incident is any actual or threatened violation of a security policy
An Incident may or may not actually violate a statute or regulation
The greatest barrier to proper incident handling is the fact that many incidents are never detected
Solid security awareness training is necessary to recognize and properly handle incidents

Question 33

Incident Categories

Answer 33

4 categories
1-Scanning Incident (Any structured survey of a system or data source to find information helpful for a later attack–like casing a joint)
2-Compromise Incidents (Bypassing or otherwise defeating one or more access controls)
3- Malicious Code Incidents (Introduction of malicious code to a system)
Denial of Service Incidents (Attack that renders a system unavailable to authorized users)

Question 34

Scanning Incidents

Answer 34

Scanning incidents normally precede more serious attacks (Main purpose is to gain information)
Port Scanning (Automated query sent to each port to see if it responds) (If active, the response will generally contain information about the software listening on the port)
Dumpster Diving (physically sorting through discarded trash for useful information)

Question 35

Compromise Incidents

Answer 35

1-Network Intrusion (any unauthorized access to a protected network resource) (requires that an attacker compromise one or more controls) (careful activity monitoring can detect such intrusions in many cases) (applications that focus in such activities are call Intrusion-detection systems (IDS) Network OR Host based)
2-Eavesdropping (Any unauthorized surveillance of communication) (can refer to electronic or natural communication) (purpose is to intercept useful information)
3-Illegal Content (the transfer from or to a protected machine, or the storage of illegal content on a protected machine) (any content that is defined by local, state, and federal law, as well as the security policy)
4-Social Engineering (Any attempt, whether successful or unsuccessful, to compromise a system through the aid of an authorized user) (Defining social engineering as an incident is important from an educational perspective)
5-Software Piracy (Installing and/or using any software that is not legally licensed for that specific machine) (The concept is simple, but compliance seems to be hard to understand)
6-Information Warfare (The use of information and systems to deny or destroy an enemy’s information and systems) (To be successful means survival) (These actions are designed to gain advantages over our adversaries)
7-IP Spoofing (Replaces the true sender’s IP address with some other IP address) (These actions could encourage the target machine into relaxing access controls to sensitive data or resources)
8-Theft (the act of stealing) (the attacker must compromise some access controls to get to the object to steal) (full backup)
9-Fraud (a deception deliberately practiced in order to secure unfair or unlawful gain) (Any use of the system or data to commit fraud constitutes not only an incident but also a crime)

Question 36

Malicious Code Incidents

Answer 36

Any introduction or propagation of malicious code
Malicious code can be many different types (viruses, worms, Trojan horses, Logic Bombs, Trap doors)
Be proactive, put in front-end scanning

Question 37

DoS Incidents

Answer 37

Any deliberate attempt to deny access to a system by authorized users
Includes distributed denial of service DDoS

Question 38

Incident Handling

Answer 38

Knowledge
Response
Contain Damage
Reporting

Question 39

Knowledge

Answer 39

Know when an incident has occurred (the most common reason that an incident is never properly handled is that it is never detected) (Good security awareness training and active monitoring are the two best countermeasures to undetected incidents) (Security policy will dictate what actions are incidents and how to respond to each one)

Question 40

Response

Answer 40

The very first step in handling an incident, after it has been identified, is the initial response
1-Contain the damage
2-Assess the damage and report the incident to the appropriate authorities
3-Investigate the origin of the incident
4-Postmortem analysis (Once the incident is over, take a look and analyze all the findings and implement controls to prevent a reoccurrence of the incident
5-Document every step

Question 41

Contain Damage

Answer 41

1-disconnect the compromised machine(s) from the network (stop all communication with other machines)
2-To power off or not to power off?
3-Reestablish controls or implement new temporary controls
4-Goal is to stop any damage from making the situation worse
5-Take a system backup

Question 42

Reporting

Answer 42

Security policy will dictate the proper reporting procedure
Report any incident that involves a violation of any law or regulation to the appropriate authorities
Should a reported at the discretion of the Security Manager
Ensure that each incident is responded to properly and notify all affected parties as soon as possible
Any reports should be standardized to make later analysis easier
Any incident should contain (the nature of the incident; How it originated, and from whom; the date and time of the incident; the location of the incident; what tools were used to launch the incident; known damage)

Question 43

Investigation and Evidence

Answer 43

Overview
Evidence Handling
Evidence Types
Evidence Admissibility
Search and Seizure

Question 44

Overview

Answer 44

Incident Investigation
The act of conducting a detailed inquiry or examination
The purpose is to understand the incident’s origin and the vulnerabilities that allowed it to occur
Evidence
An investigation will produce various forms of evidence to present as results
any hardware, software, or data that can be used to verify the origin and details of an incident
Evidence is used to figure out what happened, where it came from, and who started it
Computer Forensics
The process of examining a computer system to find electronic evidence of a specific activity

Question 45

Evidence Handling

Answer 45

If an incident may result in legal action (only allow trained personnel to collect and handle evidence; best to let law einforcement officers handle the evidence; improper handing of evidence could render it useless)
Maintain the chain of custody (must remain unbroken for evidence to be viable in court)

Question 46

Evidence Types

Answer 46

1-Best evidence (original copy of document)
2-Secondary evidence (relevant information that has been drawn from a publication other than the original document)
3-Direct evidence (evidence that stand on its own (witness)
4-Conclusive Evidence (evidence that cannot be contradicted)
5-Circumstantial evidence (any fact that can be used to infer another fact)
6-Corroborative evidence (Evidence that support, or corroborates a finding
7-Opinion Evidence (testimony of an expert witness who due to expert status is allowed to state an opinion)
8-Hearsay evidence (evidence that was relayed from a third party)

Question 47

Evidence Admissibility

Answer 47

In order of evidence to be allow in a court of law it must be
1-Relevant (it must pertain to the case)
2-Permissible (it must comply with laws governing collection and maintenance)
3-Reliable (there can be no questions as to its authenticity)
4-Preserved (It was be in the precise state as it was collected)
2, 3, and 4 are included in the proper use of Chain of Command

Question 48

Search and Seizure

Answer 48

It may be necessary to seize hardware or data
1-Voluntary surrender (the subject freely gives investigators what they need)
2-Subpoena (A court order that compels a custodian to produce requested hardware or data
3-Search Warrant (a court order that allows law enforcement to seize hardware or data without prior notification of the subject)
Employee Agreement (an up-front agreement to voluntarily surrender if requested)