Quiz 9 "Computer Security and Safety, Ethics, and Privacy"

1. Define the term, computer security risks, and briefly describe the types of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy, unethical employee, cyberextortionist, and cyberterrorist.

• The term computer security risk means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively.

Types of Cybercrime Perpetrators:

The term hacker refers to someone who accesses a computer or network illegally that the intent of their security breaches is to improve security. 

A cracker is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious actions. 

A script kiddie has the same intent as a cracker but does not have the technical skills and knowledge. 

Corporate spies have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information, or to help identify security risks in their own organization. 

Unethical employees may break into their employees’ computers for a variety of reasons. Some simply want to exploit a security weakness. 

A cyberextortionist is someone who use e-mail as a vehicle for extortion. 

A cyberterrorist is someone who uses the Internet or Network to destroy or damage computers for political reasons.

2. Describe various types of Internet and network attacks (computer viruses,  worms, Trojan horses, rootkits, botnets, denial of service attacks, back  doors, and spoofing), and identify ways to safeguard against these attacks,  including firewalls, intrusion detection software, and honeypots.

Computer Viruses are potentially damaging computer program:

• Worm copies  itself  repeatedly, using up resources and possibly shutting down computer or network.
• Trojan horse hides within or looks like legitimate program until triggered.
• Rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications.
• Botnet is a collection of compromised computers connected to the Internet, it is used for malicious purposes and also it controlled via protocols such as IRC and http.
• A denial of service attack is an assault which disrupts computer access to an Internet service such as the Web or e-mail.
• A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a computer resource.
• Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network.

3. Discuss techniques to prevent unauthorized computer access and use.

• Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or illegal activities. 

4. Identify safeguards against hardware theft and vandalism.

Hardware theft is act of stealing computer equipment.

• Cables sometimes used to lock equipment
• Some notebook computers use passwords, possessed objects, and biometrics as security methods
• For PDAs and smart phones, you can password-protect the device

Harware vandalism is act of defacing or destoying computer equipment.

• Product activation allows user to input product identification number online or by phone and receive unique installation identification number.
• Business Software Alliance (BSA) promotes better understanding of software piracy problems.

5. Explain the ways software manufacturers protect against software piracy.

•  Software piracy is the unauthorized and illegal duplication of copyrighted software. To protect themselves from software piracy, manufacturers issue a license agreement and require product activation.

6. Discuss how encryption work, and explain why it is necessary.

• Encryption is the process of converting readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. That is, you can store it or send it in an e - mail message. Encryption prevents information theft and unauthorized access by converting readable data into unreadable characters.

7. Discuss the types of devices available that protect computers from system failure.


Safeguards against System Failure

• To protect against electrical power variations, use a surge protector. A surge protector uses special electrical components to provide a stable current flow to the computer and other electric equipment. For additional electrical protection, some users connect an uninterruptible power supply to the computer. An uninterruptible power supply (UPS) is a device that contains surge protection circuits and one or more batteries that can provide power during a loss of power.

8. Explain the options available for backing up computer resources.

• Data loss caused by a system failure or hardware/software/information theft, computer users should back up files regularly. A backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed. Thus, to backup a file means to a make a copy of it.

9. Identify risks and safeguards associated with wireless communications. 

• A wireless access point (WAP) should be configured so that it does not broadest a network name. The WAP also can be programmed so that only certain devices can access it. 

• Wi-Fi Protected Access (WPA) is a security standard that improves on older security standards by authenticating network users and providing more advanced encryption techniques.

• An 802.11i network, sometimes called WPA2, the most recent network security standard, conforms to the government's security standards and uses more sophisticated encryption techniques than WPA.

10. Discuss ways to prevent health-related disorders and injuries due to computer use. 

• A repetitive strain injury (RSI) is an injury or disorder of the muscles, nerves, tendons, ligaments, and joints. Computer-related RSI's include tendonitis and carpal tunnel syndrome.

• Tendonitis is inflammation of a tendon due to some repeated motion or stress on that tendon.

• Carpal Tunnel Syndrome (CTS) is inflammation of the nerve that connects the forearm to the palm of the wrist. 

• Computer vision syndrome (CVS), you have CVS if you have sore, tired, burning, itching, or dry eyes; blurred or double vision; distance blurred vision after prolonged staring at a display device; headache or sore neck; difficulty shifting focus between a display device and documents; difficulty focusing on the screen image; color fringes or after

11. Recognize issues related to information accuracy, intellectual property rights, codes of conduct, and green computing.

      

     Computer ethics govern the use of computers and information systems. Issues in computer ethics include the responsibility for information accuracy and the intellectual property rights to which creators are entitled for their works.

12. Discuss issues surrounding information privacy, including electronic profiles, cookies, spyware and adware, spam, phishing, privacy laws, social engineering, employee monitoring, and content filtering.

• Information privacy is the right of individuals and companies to deny or restrict the collection and use of information about them. Issues surrounding information privacy include the following.

1. An electronic profile combines data about an individual's Web use with data from public sources, which then is sold. 
2.  A cookie is a file that a Web server stores on a computer to collect data about the user.
3. Spyware is a program placed on a computer that secretly collects information about the user. 
4.  Adware is a program that displays an online advertisement in a banner or pop-up window. 
5. Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once.
6. Phishing is a scam in which a perpetrator attempts to obtain personal or financial information.

• Issues in computer ethics include the responsibility for information accuracy and the intellectual property rights to which creators are entitled for their works.A surge protector uses special electrical components to provide a stable current flow to the computer and other electric equipment. For additional electrical protection, some users connect an uninterruptible power supply to the computer. Encryption is the process of converting readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. Encryption prevents information theft and unauthorized access by converting readable data into unreadable characters.