Computer Security Threats Overview

Questions and Answers

PDF Questions PDF Answers

What is the primary purpose of integrity in information security?

To prevent unauthorized modifications of information (correct)

To authenticate the identity of users accessing information

To ensure information is always available to users

To design systems focusing on human capabilities

Which concept emphasizes having multiple layers of security?

Authentication

Ergonomics

Diversity of defense (correct)

Integrity

What is the primary role of authentication in information security?

To prevent fraud in communication systems

To ensure the user can access data efficiently

To manage hardware and software availability

To verify the identity of individuals accessing systems (correct)

What is one of the key characteristics of a 'criminal hacker'?

They seek unauthorized access for recreational purposes

Which act ensures individuals can access their personal data collected by government agencies?

Freedom of Information Act

What type of risk involves unauthorized remote users executing commands on the host machine?

Misconfiguration risks

Which computer crime involved Vladimir Levin and Citibank?

Unauthorized fund transfer

What is a key characteristic of a macro virus?

It utilizes an application’s macro programming language for distribution.

What does the 'integrity' aspect of the CIA triad refer to?

Protecting data from unauthorized modification.

Which of the following describes a 'script kiddie'?

A novice who utilizes predetermined scripts to attack systems.

What is the purpose of network security?

To protect networks and their services from unauthorized modification, destruction, or disclosure.

What type of threat does the Shamoon virus present?

It can wipe files and make computers unusable.

What is meant by 'confidentiality' in computer security?

Information should not be disclosed to unauthorized individuals.

Study Notes

Threats to Computer Security

• Unauthorized Remote Access: Bugs or misconfiguration problems can allow unauthorized access, leading to data theft, system modification, information gathering, and denial-of-service attacks.
• Computer Crimes:
  • Citibank and Vladimir Levin (1994): Levin exploited Citibank's cash management system to initiate unauthorized fund transfers.
  • Shamoon (2012): A virus that attacks Microsoft Windows systems, capable of wiping files and disabling computers.
• Types of Security Threats:
  • Virus: A self-replicating program that spreads by copying itself into other files.
  • Macro Virus: A virus that uses an application's macro programming language to spread.
  • Script Kiddie: Inexperienced hackers who utilize scripts and programs developed by others to gain unauthorized access and launch attacks.
  • Elite Hackers: Skilled hackers capable of writing scripts to exploit vulnerabilities and discovering new ones.
  • Information Warfare: Attacks targeting information and information processing equipment belonging to adversaries.

Network Security

• Network Security Goal: Protects networks and services from unauthorized modification, destruction, or disclosure, ensuring proper functioning without harmful side effects.
• CIA of Security:
  • Confidentiality: Prevents unauthorized access to information.
  • Integrity: Ensures information is not modified without authorization.
  • Availability: Guarantees hardware, software, and data are accessible when needed.

Security Principles

• Authentication: Verifies the identity of individuals claiming access.
• Diversity of Defense: Utilizes multiple layers of security to protect against various threats.
• Ergonomics: Focuses on designing technological systems that prioritize human needs and capabilities.

Time and Ethics in Information Systems

• Unethical Acts: Information systems can facilitate the swift execution of unethical acts.

Federal Computer Crime Laws

• Freedom of Information Act (1970): Grants individuals access to personal data collected about them and information regarding government activities.
• Mail Fraud Law: Prohibits fraudulent use of mail services.
• Pen Registers and Trap and Trace Devices: Regulates the use of these devices, which track communications.
• Standards against Fraud by Wire, Radio, or Television: Addresses fraudulent activities involving these communication mediums.
• Standards against Interception and Disclosure of Wire, Oral, or Electronic Communications: Prevents unauthorized interception and disclosure of communication.

Hackers and Crackers

• Hacker: A person who enjoys computer technology and spends time learning and using computer systems.
• Criminal Hacker (Cracker): A computer-savvy individual who attempts to gain unauthorized or illegal access to computer systems.

Description

Explore various threats to computer security, including unauthorized remote access, notable computer crimes, and different types of security threats such as viruses and hacker classifications. This quiz covers key incidents and terms that are essential for understanding cybersecurity risks.