Computer Security Overview

Questions and Answers

What is the primary characteristic of a virus in the context of malware?

It disguises itself as a legitimate program.

It remains dormant until triggered by a specific condition.

It attaches itself to a legitimate program or file. (correct)

It spreads without any host program.

Which type of malware is designed to trick users into installing it by appearing harmless?

Logic Bomb

Virus

Trojan Horse (correct)

Worm

What does spoofing of user identity entail?

Entails masquerading as another by falsifying data (correct)

Describes tampering with product modifications

Refers to unauthorized access to systems

Involves the release of secure information

What distinguishes a worm from other types of malware?

It replicates itself independently without a host program.

Which scenario best illustrates repudiation?

A signature's authenticity is challenged

How does a logic bomb operate within a program?

It is embedded in a program but activates under specific conditions.

What does tampering refer to?

Modifying products to make them harmful to consumers

Which of the following is a characteristic of indirect attacks?

Exploit a third party to achieve objectives

What is unique about a trapdoor in the context of malware?

It creates a hidden pathway for unauthorized access.

What type of activities are classified as computer crimes?

Any illegal activity involving a computer system

What is one of the top tips for cyber crime prevention?

Secure your computer with protective measures

What is the best practice for password creation?

Create complex and unique passwords

How can you secure your mobile device?

Install updates regularly and protect from malware

Which principle ensures only authorized individuals can access specific resources?

Access Control

What is the primary purpose of the principle of availability?

To ensure access to systems is available when needed

What is the primary goal of computer security?

To protect system resources and information

Which principle guarantees that a person cannot deny their actions regarding a transaction?

Non-repudiation

Which of the following best describes a vulnerability?

A weakness that enables an attacker to reduce information assurance

What is a backdoor in the context of computer security?

A hidden method of bypassing security controls

How can users protect themselves from identity theft online?

By safeguarding personal information shared online

What does the principle of integrity ensure during data transmission?

Data remains unchanged during transmission

Which statement accurately describes a Denial-of-Service (DoS) attack?

It involves a single source overwhelming a target with requests.

What distinguishes a Distributed Denial of Service (DDoS) attack from a DoS attack?

DDoS attacks originate from multiple sources.

Which approach incorporates multiple security layers to protect against attacks?

Defense in Depth

What is a key method for preventing unauthorized access to Wi-Fi networks?

Configuring Wi-Fi networks properly

What is the main characteristic of passive eavesdropping?

Silently monitoring communications

What is the significance of the principle of confidentiality?

To keep messages hidden from unintended recipients

How does active eavesdropping differ from passive eavesdropping?

It involves altering the communication process.

Which of the following actions is NOT typically associated with defensive computer security practices?

Disabling all security protocols

Study Notes

Computer Security

• Protects computer systems and networks from various threats such as theft, damage, unauthorized access, and cyberattacks.
• Focuses on various security practices including physical protection, firewalls, encryption, and secure authentication mechanisms.

Key Concepts in Computer and Network Security

• Vulnerability: A weakness in a system that can be exploited by attackers to compromise information assurance.
• Backdoors: Hidden methods in software or hardware that bypass security controls, allowing unauthorized access.

Denial-of-Service (DoS) Attack

• Aims to make a website or service unavailable by overwhelming it with excessive traffic or malicious requests.
• Two Types:
  • DoS Attack: A single source floods the target with requests, consuming its resources and preventing normal operations.
  • Distributed Denial of Service (DDoS) Attack: Launched from multiple sources, often using a compromised network of devices.

Direct-Access Attacks

• Involves gaining physical access to the target system to manipulate or tamper with hardware or software, extract data, install malicious programs, or compromise security.

Eavesdropping

• An attacker secretly listens to private communications or intercepts data being transmitted between parties.
• Two Types:
  • Passive Eavesdropping: Silently monitoring and capturing data without interfering with the communication process.
  • Active Eavesdropping: Interfering with the communication process to gain unauthorized access to information.

Spoofing

• An attacker falsely impersonates a legitimate user or program by falsifying data to gain an illegitimate advantage.

Tampering

• Involves intentionally modifying products to render them harmful or unsafe for consumers.

Repudiation

• An individual or entity challenges the authenticity of a signature, denying involvement in a transaction or action.

Information Disclosure

• Sensitive information considered secure is released into an untrusted environment, leading to a privacy breach or data leak.

Indirect Attacks

• An attacker exploits vulnerabilities through a third party or intermediary without directly targeting the victim.
• These attacks often rely on social engineering, misconfigured systems, or vulnerabilities in external components to achieve their goals.

Computer Crime

• Any illegal activity involving a computer, network, or internet-enabled device.
• Covers criminal activities against individuals, organizations, or government entities, leveraging technology to carry out unlawful actions.

Top 10 Cyber Crime Prevention Tips

• Use Strong Passwords: Complex and unique passwords with letters, numbers, and special characters.
• Secure your computer: Implement security measures to protect against unauthorized access and malware
• Be Social-Media Savvy: Understand risks of sharing personal information on social media platforms and manage privacy settings.
• Secure Your Mobile Devices: Protect smartphones and tablets from unauthorized access and malware.
• Install the Latest Operating System Updates: Keep software up-to-date to benefit from the latest security patches and features.
• Protect Your Data: Implement measures to safeguard sensitive data against unauthorized access and loss.
• Secure Your Wireless Network: Configure Wi-Fi networks to prevent unauthorized access and ensure secure communication.
• Protect your e-identity: Safeguard personal information shared online to prevent identity theft.
• Avoid Being Scammed: Be vigilant against phishing attacks and scams designed to deceive users into revealing personal information.

Confidentiality

• Protects the content of a message, ensuring only the sender and intended recipient can access it.
• Access Control Lists: Used to implement and manage access control.

Integrity

• Ensures data remains unchanged during transmission, guaranteeing the recipient receives the same information as the sender intended.

Availability

• Ensures systems and data are accessible to authorized users whenever needed. Prevents downtime or delays in access due to system failures or attacks.

Authentication

• Verifies the identity of a user or entity attempting to access resources, confirming their identity before granting access privileges.

Access Control

• Restricts and manages who can view, modify, or use resources based on permissions or roles.

Defense in Depth

• Emphasize multiple security layers to protect the system from breaches. If one layer is compromised, other layers remain in place to protect the system.

Non-repudiation

• prevents individuals or systems from denying actions or the receipt of messages, providing proof of their involvement in a transaction or action.

Malware

• A general term for malicious code or rogue programs that cause unintended or undesired effects in programs or program parts.
• These effects are intentionally caused by agents aiming to inflict damage.

Kinds of Malicious Code

• Virus: A type of malicious software that attaches itself to a legitimate program or file and spreads to other files or programs.
• Transient: Viruses that only exist in memory when the host program is running.
• Resident: Viruses that install themselves in the hard drive and load into memory when the computer starts.
• Trojan Horse: Malicious software disguised as a legitimate or harmless program to trick users into downloading and installing it.
  • Trojans do not replicate themselves.
• Logic Bomb: Malicious code intentionally embedded in a legitimate program that remains dormant until a specific condition or trigger occurs.
• Trapdoor: A hidden feature in a program that allows unauthorized access, bypassing normal security measures.
• Worm: A type of malware that replicates itself to spread to other computers and networks without needing to attach to a host program.
  • Worms spread rapidly and autonomously across networks.

Description

This quiz explores key concepts in computer and network security, including vulnerabilities, backdoors, and Denial-of-Service attacks. Test your knowledge on the methods used to protect systems from unauthorized access and cyber threats.