Quiz 9 "Computer Security and Safety, Ethics, and Privacy"

1. Define the term, computer security risks, and briefly describe the types of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy, unethical employee, cyberextortionist, and cyberterrorist.

• The term computer security risk means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively.

Types of Cybercrime Perpetrators:

The term hacker refers to someone who accesses a computer or network illegally that the intent of their security breaches is to improve security. 

A cracker is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious actions. 

A script kiddie has the same intent as a cracker but does not have the technical skills and knowledge. 

Corporate spies have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information, or to help identify security risks in their own organization. 

Unethical employees may break into their employees’ computers for a variety of reasons. Some simply want to exploit a security weakness. 

A cyberextortionist is someone who use e-mail as a vehicle for extortion. 

A cyberterrorist is someone who uses the Internet or Network to destroy or damage computers for political reasons.

2. Describe various types of Internet and network attacks (computer viruses,  worms, Trojan horses, rootkits, botnets, denial of service attacks, back  doors, and spoofing), and identify ways to safeguard against these attacks,  including firewalls, intrusion detection software, and honeypots.

Computer Viruses are potentially damaging computer program:

• Worm copies  itself  repeatedly, using up resources and possibly shutting down computer or network.
• Trojan horse hides within or looks like legitimate program until triggered.
• Rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications.
• Botnet is a collection of compromised computers connected to the Internet, it is used for malicious purposes and also it controlled via protocols such as IRC and http.
• A denial of service attack is an assault which disrupts computer access to an Internet service such as the Web or e-mail.
• A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a computer resource.
• Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network.

3. Discuss techniques to prevent unauthorized computer access and use.

• Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or illegal activities. 

4. Identify safeguards against hardware theft and vandalism.

Hardware theft is act of stealing computer equipment.

• Cables sometimes used to lock equipment
• Some notebook computers use passwords, possessed objects, and biometrics as security methods
• For PDAs and smart phones, you can password-protect the device

Harware vandalism is act of defacing or destoying computer equipment.

• Product activation allows user to input product identification number online or by phone and receive unique installation identification number.
• Business Software Alliance (BSA) promotes better understanding of software piracy problems.

5. Explain the ways software manufacturers protect against software piracy.

•  Software piracy is the unauthorized and illegal duplication of copyrighted software. To protect themselves from software piracy, manufacturers issue a license agreement and require product activation.

6. Discuss how encryption work, and explain why it is necessary.

• Encryption is the process of converting readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. That is, you can store it or send it in an e - mail message. Encryption prevents information theft and unauthorized access by converting readable data into unreadable characters.

7. Discuss the types of devices available that protect computers from system failure.


Safeguards against System Failure

• To protect against electrical power variations, use a surge protector. A surge protector uses special electrical components to provide a stable current flow to the computer and other electric equipment. For additional electrical protection, some users connect an uninterruptible power supply to the computer. An uninterruptible power supply (UPS) is a device that contains surge protection circuits and one or more batteries that can provide power during a loss of power.

8. Explain the options available for backing up computer resources.

• Data loss caused by a system failure or hardware/software/information theft, computer users should back up files regularly. A backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed. Thus, to backup a file means to a make a copy of it.

9. Identify risks and safeguards associated with wireless communications. 

• A wireless access point (WAP) should be configured so that it does not broadest a network name. The WAP also can be programmed so that only certain devices can access it. 

• Wi-Fi Protected Access (WPA) is a security standard that improves on older security standards by authenticating network users and providing more advanced encryption techniques.

• An 802.11i network, sometimes called WPA2, the most recent network security standard, conforms to the government's security standards and uses more sophisticated encryption techniques than WPA.

10. Discuss ways to prevent health-related disorders and injuries due to computer use. 

• A repetitive strain injury (RSI) is an injury or disorder of the muscles, nerves, tendons, ligaments, and joints. Computer-related RSI's include tendonitis and carpal tunnel syndrome.

• Tendonitis is inflammation of a tendon due to some repeated motion or stress on that tendon.

• Carpal Tunnel Syndrome (CTS) is inflammation of the nerve that connects the forearm to the palm of the wrist. 

• Computer vision syndrome (CVS), you have CVS if you have sore, tired, burning, itching, or dry eyes; blurred or double vision; distance blurred vision after prolonged staring at a display device; headache or sore neck; difficulty shifting focus between a display device and documents; difficulty focusing on the screen image; color fringes or after

11. Recognize issues related to information accuracy, intellectual property rights, codes of conduct, and green computing.

      

     Computer ethics govern the use of computers and information systems. Issues in computer ethics include the responsibility for information accuracy and the intellectual property rights to which creators are entitled for their works.

12. Discuss issues surrounding information privacy, including electronic profiles, cookies, spyware and adware, spam, phishing, privacy laws, social engineering, employee monitoring, and content filtering.

• Information privacy is the right of individuals and companies to deny or restrict the collection and use of information about them. Issues surrounding information privacy include the following.

1. An electronic profile combines data about an individual's Web use with data from public sources, which then is sold. 
2.  A cookie is a file that a Web server stores on a computer to collect data about the user.
3. Spyware is a program placed on a computer that secretly collects information about the user. 
4.  Adware is a program that displays an online advertisement in a banner or pop-up window. 
5. Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once.
6. Phishing is a scam in which a perpetrator attempts to obtain personal or financial information.

• Issues in computer ethics include the responsibility for information accuracy and the intellectual property rights to which creators are entitled for their works.A surge protector uses special electrical components to provide a stable current flow to the computer and other electric equipment. For additional electrical protection, some users connect an uninterruptible power supply to the computer. Encryption is the process of converting readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. Encryption prevents information theft and unauthorized access by converting readable data into unreadable characters.

Quiz 8 "Database Management"

1.Define the term, database, and explain how a database interacts with data

and information.

• A database is an integrated collection of data records, files, and other database objects. The term database implies that the data is managed to some level of quality and it is correctly applied to the data and data structures.

2. Describe file maintenance techniques (adding records, modifying records, deleting records) and validation techniques.

• File maintenance procedures include adding records when new data is obtained, modifying records to correct inaccurate data or to update old data with new data, and deleting records when they no longer are needed.
• Validation maintenance is the process of comparing data with a set of rules or values to find out if the data is correct. Many programs perform a validity check that analyze data, either as you enter it or after you enter it, to help ensure that it is correct.

3. Discuss the terms character, feild, record, and file.

• Character it can be a number, letter, space, punctuation mark, or other symbols.
• Field is a combination of one or more related characters or bytes and is the smallest unit of data a user accesses.
• Record is a group of related fields.
• File is a collection of related records stored on a storage medium.

4. Discuss the functions common to most database management systems: data dictionary, file retrieval and maintenance, data security, and backup and recovery. 

• Data dictionary contains data about cache file in the database and cache field within those files. A DBMS offers several methods to retrieve and maintain data, such as query languages, query by example, forms, and report generators. A report generator allows users to design a report on the screen, retrieve data into the report design, and display or print the report. 
  Backup is the copy of the database.
  Recovery Utility uses the logs and/or backups to restore the database.

5. Differentiate between a file processing approach and the database approach.

• File processing approach each department or area within an organization has its own set of data files. Two major weaknesses of file processing systems are redundant data and isolated data.
• The database approach reduces data redundancy, improves data integrity, shares data, permits easier access, and reduces development time. A database, however, can be more complex than a file processing system, requiring special training and more computer memory, storage, and processing power. Data in a database also can be more vulnerable than data in file processing system.

6. Describe characteristics of relational, object-oriented, and multidimensional databases.

• A relational database user refers to a file as a table, a record as a row, and a field as a column.
•  An object-oriented database (OODB) stores data in objects. An object is an item that contains data, as well as the actions that read or process the data.
• A multidimensional database stores data in dimensions. These multiple dimensions, sometimes known as a hypercube, allow users to access and analyze any view of the database data.

7. Explain how to access Web databases.

• To access data in a Web database, you fill in a form or enter search text on a Web page, which is the front end to the database. A Web database usually resides on a database server, which is a computer that stores and provides access to a database.

8. Define the term, computer security risks, and briefly describe the types of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy, unethical employee, cyberextortionist, and cyberterrorist.

• The term computer security risk means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively.

Types of Cybercrime Perpetrators

• The term hacker refers to someone who accesses a computer or network illegally that the intent of their security breaches is to improve security.
• 
  

  A cracker is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious actions.
• 
  

  A script kiddie has the same intent as a cracker but does not have the technical skills and knowledge.
• 
  

  Corporate spies have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information, or to help identify security risks in their own organization.
• 
  

  Unethical employees may break into their employees’ computers for a variety of reasons. Some simply want to exploit a security weakness.
• 
  

  A cyberextortionist is someone who use e-mail as a vehicle for extortion.
• 
  

  A cyberterrorist is someone who use the Internet or Network to destroy or damage computers for political reasons.

9. Identify database design guidelines and discuss the responsibilities of database analysts and administrators.

• A database analyst (DA), or data modeler, focuses on the meaning and usage of data. The DA decides on the placement of fields, defines data relationships, and identifies users' access privileges. A database administrator (DBA) requires a more technical inside view of the data. The DBA creates and maintains the data dictionary, manages database security, monitors database performance, and checks backup and recovery procedures.

10. Discuss techniques to prevent unauthorized computer access and use.

• Operating system and software patches and updates. There is no such thing as perfect software, often a software program may have several issues and could potentially have security vulnerabilities that can leave your computer open to attacks that compromise your computer and your data.
• Passwords. Make sure a password has been set on computer. Default passwords such as password, root, admin or no password will allow easy access to your computer or your Internet account.
• Get a hardware or software firewall. We highly recommend all computer users have a firewall solution. There are two ways a firewall can protect your computer and network.
• Trojans, viruses, spyware, and other malware. Software Trojans, viruses, spyware, and other malware can not only damage or destroy your computer data Internet or even log all your keystrokes to capture sensitive data such as passwords and credit card information. But is also capable of monitoring your computer to learn more about your viewing habits
• To help protect your computer from these threats we suggest installing a virus protection program as well as a spyware protection program.
• Know how to handle e-mails. Today, e-mail is one of the most popular features on the Internet. Being able to identify threats sent through e-mail can help keep your computer and your personal information safe.
• Alternative browser. Before the release of Microsoft Windows XP SP2 and Internet Explorer 7.0, Microsoft Internet Explorer was notorious for security and spyware related issues. Below are a listing of recommend sites to try: 
• Gibson Research Corporation. The Gibson Research Corporation, or GRC, is a great location to learn about network security as well as well as test your computer or network for vulnerabilities. 
• Hacker Wacker. Another great site with computer security related information, help, and programs to help test your computer and network.

Quiz 7

1. Discuss the components required for successful communications.

• Computer communications describes a process in which two or more computers or devices transfer data, instructions, and information. Successful communications requires a sending device that initiates a transmission instruction, a communications device that connects the sending device to a communications channel, a communications channel on which the data travels, a communications device that connects the communications channel to a receiving device, and a receiving device that accepts the transmission of data, instructions, or information.

2. Identify various sending and receiving devices.

• A sending device initiates the transmission of data, instructions, and information while a receiving device accepts the items transmitted.
• All types of computers and mobile devices serve as sending and receiving devices in a communications system. This includes mainframe computers, servers, desktop computers, notebook computers, Tablet PCs, smart phones, portable media players, and GPS receivers.

3. Describe uses of computer communications.

• Communications technologies include the Internet, Web, e-mail, instant messaging, chat rooms, newsgroups, blogs, wikis, RSS, VoIP, FTP, Web folders, video conferencing, and fax machine or computer fax/modem. Users can send and receive wireless messages to and from smart phones, cell phones, handheld game consoles, and other personal mobile devices using text messaging, video messaging and etc. A wireless Internet access point lets people connect wirelessly to the Internet through a wireless Internet access point. A cybercafé is a coffeehouse, restaurant, or other location that provides computers with Internet access. A global positioning system (GPS) analyzes signals sent by satellites to determine an earth-based receiver’s geographic location. Many software products provide a means to collaborate, or work online with other users connected to a server. 

4. List advantages of using a network.

• Speed. Sharing and transferring files within Networks are very rapid. thus saving time, while maintaining the integrity of the files.
• Cost. Individually licensed copies of many popular software programs can be costly. Networkable versions are available at considerable savings. Shared programs, on a network allows for easier upgrading of the program on one single file server, instead of upgrading individual workstation.
• Security. Sensitive files and programs on a network are passwords protected or designated as "copy inhibit," so that you do not have to worry about illegal copying of programs.
• Centralized Software Management. Software can be loaded on one computer (the file server) eliminating that need to spend time and energy installing updates and tracking files on independent computers throughout the building.
• Resource Sharing. Resource such as, printer, fax machines and modems can be shared.
• Electronic Mail. E-mail aids in personal and professional communication Electronic mail on a LAN can enable staff to communicate within the building having to leave their desk.
• Flexible Access. Access their files from computers throughout the firm.
• Workgroup Computing. Workgroup software (such as Microsoft BackOffice) allows many users to work on a document or project concurrently.

• A network is a collection of computers and devices connected together via communications devices and transmission media. Advantages of using a network include facilitating communications, sharing hardware, sharing data and information, sharing software, and transferring funds.

5. Differentiate among client/server, peer-to-peer, and P2P networks.

• On a client/server network, one or more computers acts as a server, sometimes called a host computer, which controls access to network resources and provides a centralized storage area, while the other computers on the network are clients that rely on the server for resources. A peer-to-peer network is a simple network that typically connects fewer than 10 computers, each called a peer, that have equal responsibilities and capabilities. P2P is an Internet peer-to-peer network on which users access each other’s hard disks directly and exchange files over the Internet.

6. Describe the various network communications standards.

• A network standard defines guidelines that specify the way computers access a medium, the type(s) of medium, the speeds on different types of networks, and the type of physical cable or wireless technology used. Network communications standards include Ethernet, token ring, TCP/IP, 802.11 (Wi-Fi), Bluetooth, UWB, IrDA, RFID, WiMAX, and WAP. 

7. Explain the purpose of communications software.

• Communications software helps users establish a connection to another computer or network; manages the transmission of data, instructions, and information; and provides an interface for users to communicate with one another.

8. Describe various types of lines for communications over the telephone network.

• The telephone network uses dial-up lines or dedicated lines. A dial-up line is a temporary connection that uses one or more analog telephone lines for communications. A dedicated line is an always-on connection established between two communications devices. Dedicated lines include ISDN lines, DSL, FTTP, T-carrier lines, and ATM.

9. Describe commonly used communications devices.

• A communications device is hardware capable of transmitting data between a sending device and a receiving device. A modem converts a computer's digital signals to analog signals for transmission over standard telephone lines. An ISDN modem transmits digital data to and from an ISDN line, while a DSL modem transmits digital data to and from a DSL line. A cable modem, sometimes called a broadband modem, is a digital modem that sends and receives digital data over the cable television network. 

10. Discuss different ways to set up a home network.

• A home network connects multiple computers and devices in a home. An Ethernet network connects each computer to a hub with a physical cable. A home powerline cable network uses the same lines that bring electricity into the house. A phoneline network uses existing telephone lines in a home. Most home networks use a Wi-Fi network, which sends signals through the air at distances up to 1,500 feet in some configurations.

11. Identify various physical and wireless transmission media.

• Transmission media consist of materials or substances capable of carrying one or more signals. Physical transmission media use tangible materials to send communications signals. Twisted-pair cable consists of one or more twisted-pair wires bundled together. Coaxial cable consists of a single copper wire surrounded by at least three layers: an insulating material, a woven or braided metal, and a plastic outer coating. Fiber-optic cable consists of thin strands of glass or plastic that use light to transmit signals. Wireless transmission media send communications signals through the air or space. Infrared (IR) sends signals using infrared light waves. Broadcast radio distributes radio signals through the air over long and short distances. Cellular radio is a form of broadcast radio that is used widely for mobile communications. Microwaves are radio waves that provide a high-speed signal transmission. A communications satellite is a space station that receives microwave signals from an earth-based station, amplifies the signals, and broadcasts the signals back over a wide area.