Cybersecurity Fundamentals Quiz

Questions and Answers

What is the name of the software that the Stuxnet Worm attacked?

Siemens

What is the name of the malware designed to extort money from victims?

Ransomware

What is the name of the organization that released the Firesheep extension to the Firefox browser?

Eric Butler

Which of the following are considered types of malware? (Select all that apply)

Rootkits (A), Adware (B), Viruses (C), Worms (D), Trojan Horses (E), Spyware (F), Bots (G)

The default administrator password on most home network routers should be changed once set up to prevent security issues.

True (A)

What is the name of the botnet that was used to launch the DDoS attack on October 21, 2016?

Mirai

What does SCADA stand for?

Supervisory Control and Data Acquisition

What type of attack is designed to prevent legitimate users from accessing a service?

Denial-of-Service (DoS) Attack

What is the name of the Israeli company that developed a spam deterrence system called Blue Frog?

Blue Security

The Internet Worm was a type of malware that was initially released by a graduate student from Cornell University and spread to significant numbers of Unix computers.

True (A)

What is the name of the loosely organized international movement of hacktivists that has been attributed to various DDoS attacks?

Anonymous (D)

The spread of a virus can be inhibited by using Antivirus software and keeping it up to date.

True (A)

The act of gaining unauthorized access to computers and networks is known as hacking.

True (A)

Multifactor authentication is a protocol that requires two or more different authenticators to access a user's account.

True (A)

Flashcards

Computer Security

Importance of protecting computer systems and networks from unauthorized access and harm.

Hacker

Someone who gains unauthorized access to computers and networks.

Eavesdropping

Secretly listening to communication.

Dumpster Diving

Searching through discarded materials for sensitive information.

Social Engineering

Manipulating people to gain access to sensitive information.

Brute-Force Search

Trying many different combinations of passwords to guess the correct one.

Dictionary Attack

Trying common passwords from a list (dictionary).

Password Strength

How secure a password is.

Multifactor Authentication

Security protocol requiring two or more authentication methods.

Virus

Self-replicating code embedded in a program.

Worm

Self-contained program spreading through a network.

Malware

Malicious software designed to harm a computer.

Trojan Horse

Program masking malicious intent.

Backdoor Trojan

Trojan allowing attacker access to computer.

Ransomware

Malware designed to extort money.

Rootkit

Set of programs secretly gaining privileged access to a computer.

Spyware

Program running in the background without knowledge, collecting information.

Adware

Spyware displaying pop-up ads.

Bot

Program responding to commands from another computer.

Botnet

Collection of bot-infected computers.

Cyber Crime

Crimes committed using computers and networks.

Phishing

Large-scale attempt to gather sensitive information.

Spear-Phishing

Targeted phishing emails.

SQL Injection

Attacking a database-driven website by inserting malicious code.

DDoS Attack

Overloading a server with traffic from many computers.

Sidejacking

Hijacking an open web session by stealing cookies.

Study Notes

Chapter 7: Computer and Network Security

• The increasing use of computers highlights the growing importance of computer security.
• Lack of security has harmful consequences, including stolen information and extortion.
• Computers and networks can be weaponized, enabling attacks on the cyber infrastructure of governments and organizations.

7.1 Introduction

• Increasing computer use means greater importance for computer security.
• Lack of security results in harmful consequences. These include:
  • Stolen information
  • Extortion
• Computers and networks can be "weaponized," which leads to attacks on the cyber infrastructure of governments and organizations.

7.2 Hacking

• A hacker is someone who gains unauthorized access to computers and computer networks.
• Methods hackers use to gain access:
  • Eavesdropping
  • Dumpster diving
  • Social engineering
  • Brute-force searches
  • Dictionary attacks

Password Dos and Don'ts

• Avoid using short passwords.
• Don't rely solely on dictionary words for passwords.
• Don't reuse passwords.
• Avoid simple letter-number substitutions.
• Use strong and unique passwords.
• Provide ridiculous answers to security questions.
• Have password recoveries sent to a secure email address.
• Enable multifactor authentication.

7.3 Malware

• Malware is a shorthand for malicious software.
• A virus is self-replicating code embedded within another program (host).
  • Viruses often target program files (hard disks, floppy disks, CDs, etc). Email attachments are also common delivery vehicles.
  • Viruses spread via storage media (disk drives, discs, etc). and email files.
  • Files downloaded from the internet can also carry viruses.
• A worm is a self-contained program that spreads through computer networks, exploiting security holes.
• Rootkits are a set of programs that offer privileged access to a computer. These are activated every time the computer boots, and are designed to hide their presence.
• Spyware is a program that communicates over the internet without user knowledge. Spyware often monitors web surfing, logs keystrokes, takes screenshots of the desktop, and reports back to the host computer that initiated the spyware.
• Adware is a specific type of spyware that displays pop-up advertisements related to user activity.
• Trojans and Backdoor Trojans are programs seemingly benign but with malicious purposes. The backdoor Trojan offers attackers privileged access to infected systems.

7.4 Cyber Crime and Cyberattacks

• Phishing is a large-scale attempt to acquire sensitive information from trusting computer users.
• Spear phishing is a type of phishing that targets specific individuals or groups.
• SQL injection technique attacks database-driven web applications. SQL injection attacks take advantage of improper security measures on vulnerable web applications.
• Denial-of-service (DoS) attacks are intended to prevent legitimate users from using a computer service. Distributed DoS (DDoS) attacks originate from multiple devices.
• The IoT (Internet of Things) devices are often vulnerable to DoS attacks, since many devices lack sufficient security.
• Criminal organizations engage in significant cybercrime from malware. Prominent groups are Jeanson James Ancheta, Pharmamaster, Albert Gonzales, and the Avalanche Gang.

7.5 Online Voting

• This section does not appear in the provided text.

Case Studies & Examples

• Firesheep: A Firefox extension that enabled ordinary users to easily hijack web sessions. Led to increased security awareness.
• The Internet Worm: Released by Robert Tappan Morris, Jr., it spread to many Unix computers, causing disruptions.
• Stuxnet: A worm that targeted industrial control systems, causing temporary shutdowns of Iran's nuclear program. Operated by US and Israel.
• Colonial Pipeline: An attack that encrypted data and shut down a significant fuel delivery system.
• Anonymous: A loosely organized group of hacktivists that performed various DDoS attacks.

Security Risks of "Bring Your Own Device" (BYOD)

• Many US companies rely on employees using their personal devices for work.
• Advantages - Cost savings from reducing hardware and software expenditures. Increase in employee productivity and job satisfaction.
• Disadvantages - Devices potentially compromised when stolen. Increased vulnerability to data breaches.

Supporting Policies and Technologies

• Install latest security patches, anti-malware tools, and change default passwords. Consider replacing insecure devices.
• Avoid using easily guessed passwords on vulnerable systems.
• Companies need policies for BYOD usage and data removal on employee departure that consider security standards (passwords, anti-malware packages), allowed applications, and IT support level. Organizations should have protocols for handling lost or stolen personal devices.

Discussion Questions

• Is it acceptable to use a neighbor's unsecured Wi-Fi without permission?
• Was the response of universities appropriate when students circumvented application security to view their admission statuses?
• Discuss the ethical dilemma of creating tools that make it easier for others to commit immoral acts.
• Was the University of Calgary wrong to provide the computer virus course?
• Considering the advantages and disadvantages, is it necessary to give users unique passwords for every router unit?

Description

Test your knowledge on key concepts in cybersecurity, including types of malware, significant cyber attacks, and the organizations involved in developing security extensions. This quiz covers a range of topics such as botnets, SCADA systems, and the importance of secure network practices.