When data are stored in digital form, they are more vulnerable than when they exist in manual form. Show
Security refers to the policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. Controls consist of all the methods, policies, and organizational procedures that ensure the safety of the organization's assets; the accuracy and reliability of its accounting records; and operational adherence to management standards. Threats to computerized information systems include hardware and software failure; user errors; physical disasters such as fire or power failure; theft of data, services, and equipment; unauthorized use of data; and telecommunications disruptions. On-line systems and telecommunications are especially vulnerable because data and files can be immediately and directly accessed through computer terminals or at points in the telecommunications network. Figure 8-1
Wireless networks are even more vulnerable because radio frequency bands are easy to scan. LANs that use the Wi-Fi (802.11b) standard can be easily penetrated by outsiders with laptops, wireless cards, external antennae, and freeware hacking software. Service set identifiers (SSID) identifying access points in a Wi-Fi network are broadcast multiple times and can be picked up fairly easily by sniffer programs. In war driving, eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic. The initial security standard developed for Wi-Fi, called Wired Equivalent Privacy (WEP), is not very effective. WEP is built into all standard 802.11 products, but users must turn it on, and many neglect to do so, leaving many access points unprotected. Figure 8-2
Worms are independent computer programs that copy themselves to computers over a network independently from other computer programs or files, and therefore spread more rapidly. A Trojan horse is an apparently benign program that actually performs some hidden action such as installing malicious code or compromising the security of a computer. Spyware can also act as malicious software by obtaining information about users' buying habits and infringing on privacy. Keyloggers record keystrokes made on a computer to discover steal serial numbers for software and passwords. A hacker is an individual who intends to gain unauthorized access to a computer system. The term cracker is typically used for hackers with criminal intent. Hackers spoof, or misrepresent themselves, by using fake e-mail addresses or masquerading as someone else. Hacker activities include:
Other examples of computer crime include:
The U.S. Congress responded to the threat of computer crime in 1986 with the Computer Fraud and Abuse Act. This act makes it illegal to access a computer system without authorization. Most U.S. states and European nations have similar legislation. Congress also passed the National Information Infrastructure Protection Act in 1996 to make virus distribution and hacker attacks to disable Web sites federal crimes. One concern is that terrorists or foreign intelligence services could exploit network or Internet vulnerabilities to commit cyberterrorism or cyberwarfare and cripple networks controlling essential services such as electrical grids and air traffic control systems. The largest financial threats to businesses actually come from insiders, either through theft and hacking or through lack of knowledge. Malicious intruders may sometimes trick employees into revealing passwords and network access data through social engineering. Employees can also introduce faulty data or improperly process data. Software errors are also a threat to information systems and cause untold losses in productivity. Hidden bugs or program code defects, unintentionally overlooked by programmers working with thousands of line of programming code, can cause performance issues and security vulnerabilities. Software vendors create lines of code called patches to repair flaws without disrupting the software's operation. What is an internet monitoring technique that captures keystrokes?A keylogger, sometimes called a keystroke logger or keyboard capture, is a type of surveillance technology used to monitor and record each keystroke on a specific computer. Keylogger software is also available for use on smartphones, such as the Apple iPhone and Android devices.
Is a hardware or software that acts as a filter to prevent unwanted packets from entering a network?A firewall is a computer network security system that restricts internet traffic in, out, or within a private network. This software or dedicated hardware-software unit functions by selectively blocking or allowing data packets.
What refers to the ability to identify the person or entity with whom you are dealing on the Internet?Internet identity (IID), also online identity or internet persona, is a social identity that an Internet user establishes in online communities and websites.
Which dimension S of security is spoofing a threat to integrity availability integrity and authenticity availability and integrity?test like questions from ecommerce 2012 8/e. |