Mastering Computer Security

Questions and Answers

What is computer security?

Computer security is the protection of computer systems and networks from malicious attacks that can result in unauthorized information disclosure, theft, or damage.

Why is cybersecurity significant?

Cybersecurity is significant due to the reliance on computer systems, the Internet, and wireless network standards. Additionally, the growth of smart devices and the complexity of information systems make it a major challenge in today's world.

How has computer security evolved over the years?

Computer security was initially limited to academia until the conception of the Internet. With increased connectivity, computer viruses and network intrusions became prevalent. In the 2000s, cyber threats and cybersecurity became institutionalized.

What were the foundational moments in the history of computer security?

The April 1967 session organized by Willis Ware and the publication of the Ware Report.

What is the CIA triad?

The CIA triad consists of confidentiality, integrity, and availability as key security goals.

What were the main computer threats in the 1970s and 1980s?

The main threats were from malicious insiders gaining unauthorized access to sensitive documents and files.

What was one of the earliest examples of an attack on a computer network?

The computer worm Creeper, written by Bob Thomas, propagated through the ARPANET in 1971.

What is a backdoor and why is it considered a vulnerability?

A backdoor is a hidden method of bypassing normal authentication and gaining unauthorized access to a computer system. It is considered a vulnerability because it allows unauthorized individuals to access a system and potentially compromise its security.

What is a denial-of-service attack and how can it be carried out?

A denial-of-service attack is an attempt to make a machine or network resource unavailable to its intended users. It can be carried out by overwhelming the target with a flood of illegitimate requests or by exploiting vulnerabilities to crash the system.

How can an unauthorized user gain access to a computer and compromise its security?

An unauthorized user can gain physical access to a computer and directly copy data from it. They can also compromise security by making operating system modifications, installing malicious software, or using various techniques such as keyloggers or wireless microphones.

What is phishing and how does it work?

Phishing is the attempt to acquire sensitive information, such as usernames and passwords, by deceiving users. It is typically carried out through email spoofing or instant messaging, directing users to enter their details on fake websites that mimic legitimate ones. Attackers use social engineering techniques to gain the trust of their victims and trick them into revealing their personal information.

What are some examples of cyber threats?

Computer viruses and network intrusions are examples of cyber threats.

Why is cybersecurity significant in today's world?

Cybersecurity is significant due to the expanded reliance on computer systems, the Internet, and wireless network standards, as well as the growth of smart devices and the complexity of information systems.

When did computer security start to gain more attention?

Computer security started to gain more attention after the spread of viruses in the 1990s.

What were the key security goals introduced in the 1977 NIST publication?

confidentiality, integrity, and availability

What was one of the earliest computer worms and when did it propagate through the ARPANET?

The computer worm Creeper, in 1971

Who performed the first documented case of cyber espionage between September 1986 and June 1987?

A group of German hackers

What is a backdoor in computer security?

A secret method of bypassing normal authentication or security controls

What are backdoors and why are they considered a vulnerability?

Backdoors are hidden access points in a system that allow unauthorized parties to gain entry. They are considered a vulnerability because they can be used by attackers to compromise the security of a system.

What is a denial-of-service attack and how can it be carried out?

A denial-of-service attack is designed to make a machine or network resource unavailable to its intended users. It can be carried out by overwhelming the target with a high volume of traffic or by exploiting vulnerabilities in the target's system.

How can an unauthorized user gain physical access to a computer and compromise its security?

An unauthorized user can gain physical access to a computer and compromise its security by directly copying data from it, making operating system modifications, installing malware, or using wireless devices to eavesdrop on conversations.

What is phishing and how does it work?

Phishing is an attempt to acquire sensitive information by deceiving users. It typically involves sending fake emails or messages that appear to be from a legitimate source, tricking users into entering their personal information on a fake website. This information is then used to gain unauthorized access to the user's real accounts.

Computer security, cyber security , digital security or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information ______, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

disclosure

The field is significant due to the expanded reliance on computer systems, the Internet, and wireless network standards such as Bluetooth and ______.

Wi-Fi

Security is of especially high importance for systems that govern large-scale systems with far-reaching physical effects, such as power distribution, elections, and ______.

finance

Denial of service attacks (DoS) are designed to make a machine or network resource ______ to its intended users.

unavailable

An unauthorized user gaining physical access to a computer is most likely able to directly ______ data from it.

copy

Eavesdropping is the act of surreptitiously listening to a private computer conversation (communication), typically between hosts on a ______.

network

Phishing is the attempt of acquiring sensitive information such as usernames, passwords, and credit card details directly from users by ______ the users.

deceiving

The April 1967 session organized by Willis Ware at the Spring Joint Computer Conference, and the later publication of the Ware Report, were foundational moments in the history of the field of ______ security.

computer

A 1977 NIST publication introduced the CIA triad of confidentiality, integrity, and availability as a clear and simple way to describe key ______ goals.

security

One of the earliest examples of an attack on a computer network was the computer worm ______ written by Bob Thomas at BBN, which propagated through the ARPANET in 1971.

Creeper

In 1988, one of the first computer worms, called the ______ worm, was distributed via the Internet.

Morris

Computer security, cyber security , digital security or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Computer systems and networks

The field is significant due to the expanded reliance on computer systems, the Internet, and wireless network standards such as Bluetooth and Wi-Fi. Also, due to the growth of smart devices, including smartphones, televisions, and the various devices that constitute the Internet of things (IoT).

Smart devices

Cybersecurity is one of the most significant challenges of the contemporary world, due to both the complexity of information systems and the societies they support.

Information systems

Eavesdropping is the act of surreptitiously listening to a private computer conversation, typically between hosts on a ______

network

Surfacing in 2017, a new class of multi-vector, polymorphic cyber threats combined several types of attacks and changed form to avoid cybersecurity controls as they ______

spread

Phishing is the attempt of acquiring sensitive information such as usernames, passwords, and credit card details directly from users by ______ the users

deceiving

Denial of service attacks (DoS) are designed to make a machine or network resource ______ to its intended users

unavailable

Computer security is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information ______, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

access

A backdoor in a computer system, a cryptosystem, or an algorithm, is any secret method of bypassing normal authentication or security ______.

controls

A vulnerability is a weakness in design, implementation, operation, or internal ______.

control

To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of these ______.

categories

Flashcards are hidden until you start studying