Does information need protecting? What information needs protecting?

When does that information have to be protected?

What fields do you think relate to information security?

1987

What historical periods do you think information security has experienced

1960s – 1970s and 1980s – 1990s – 2000s to present

Who was known as the founder of the Internet? What did he develop?

Larry Roberts, known as the founder of the Internet, developed the project which was called
ARPANET from its inception. ARPANET is the predecessor to the Internet

How was access to sensitive military locations controlled during World War II?

When was a famous study entitled “Protection Analysis: Final Report” published? What did it
focus on? Why?

It focused on a project undertaken by ARPA to discover the vulnerabilities of operating

system security.

What is the difference between MULTICS system and UNIX system?

While the MULTICS system implemented multiple security levels and passwords, the UNIX
system did not. Its primary function, text processing, did not require the same level of
security as that of its predecessor

When has the Internet become an interconnection of millions of networks and why?

Since its inception as a tool for sharing Defense Department information, the Internet has
become an interconnection of millions of networks.

What led to more complex and more technologically sophisticated computer security
safeguards before?

.
When did the technology become pervasive, reaching almost every corner of the globe with
an expanding array of uses?

After the Internet was commercialized, the technology became pervasive, reaching almost
every corner of the globe with an expanding array of uses.

What has made governments and companies more aware of the need to defend the computer-
controlled control systems of utilities and other critical infrastructure?

realization that information security is important to national defense.

What is security?

security is “the quality or state of being secure to be free from danger.”

What is information security?

Information security, to protect the confidentiality, integrity and availability of information

assets, whether in storage, processing, or transmission.

What components of information security do you know?

Management of IS, Network security, Computer & data security

What areas does information security relate to?

Which areas does information security include?

information security management, computer and data security, and network security

Why does the C.I.A. triangle model no longer adequately address the constantly changing
environment?

The threats to the confidentiality, integrity, and availability of information have evolved into
a vast collection of events, including accidental or intentional damage, destruction, theft,
unintended or unauthorized modification, or other misuse from human or nonhuman threats

What is security? What is information security?

security is “the quality or state of being secure to be free from danger.”

Information security, to protect the confidentiality, integrity and availability of information

assets, whether in storage, processing, or transmission
How many fundamental characteristics does information have? What are they?

3. confidentiality, integrity, availability

Since when has the C.I.A triangle been industry standard for computer security? What is it
based on?

What should a successful organization have to protect its operation?

A successful organization should have the following multiple layers of security in place to
protect its operations: Physical security, Personnel security, Operations security,
Communications security, Network security, Information security

What is attack? What types of attack are mentioned in the passages?

Attack: An intentional or unintentional act that can cause damage to or otherwise

compromise information and/or the systems that support it.

A direct attack, An indirect attack

What is vulnerability? Give some examples of vulnerabilities.

Vulnerability: A weaknesses or fault in a system or protection mechanism that opens it to

attack or damage. Some examples of vulnerabilities are a flaw in a software package, an
unprotected system port, and an unlocked door. Some well-known vulnerabilities have been
examined, documented, and published; others remain latent (or undiscovered).

When is information authentic?

Information is authentic when it is in the same state in which it was created, placed, stored,
or transferred.

When is information considered inaccurate?

if information has been intentionally or unintentionally modified, it is no longer accurate.

When has information confidentiality?

Information has confidentiality when it is protected from disclosure or exposure to

unauthorized individuals or systems.

How many critical characteristics does information have? What are they?

7: Availability, Accuracy, Authenticity, Confidentiality, Integrity, Utility, Possession

Why is a key method given in the integrity of information?

Because Corruption can occur while information is being stored or transmitted. Many
computer viruses and worms are designed with the explicit purpose of corrupting data.

Why is information integrity the cornerstone of information systems?

because information is of no value or use if users cannot verify its integrity.

When is the integrity of information threatened?

The integrity of information is threatened when the information is exposed to corruption,

damage, destruction, or other disruption of its authentic state.

What can you use to protect the confidentiality of information?

To protect the confidentiality of information, you can use a number of measures, including
the following: Information classification, Secure document storage, Application of general
security policies, Education of information custodians and end user

Which tools of physical security are often applied to restrict access to and interaction with the
hardware components of an information system?

locks and keys

What happens when an unauthorized user obtains an organization’s procedures?

When an unauthorized user obtains an organization’s procedures, this poses a threat to the
integrity of the information.

When local area networks are connected to other networks such as the Internet, new security
challenges rapidly emerge?

What is an information system?

it is the entire set of software, hardware, data, people, procedures, and networks that make
possible the use of information resources in the organization.

Why is data the main target of intentional attacks?

Because Data is often the most valuable asset possessed by an organization

Which component of Information system is the most difficult to secure?

Software is perhaps the most difficult IS component to secure

What became common in airport before 2002? Give details

laptop thefts in airports were common. A two-person team worked to steal a computer as
its owner passed it through the conveyor scanning devices. The first perpetrator entered the
security area ahead of an unsuspecting target and quickly went through. Then, the second
perpetrator waited behind the target until the target placed his/her computer on the baggage
scanner. As the computer was whisked through, the second agent slipped ahead of the victim
and entered the metal detector with a substantial collection of keys, coins, and the like,
thereby slowing the detection process and allowing the first perpetrator to grab the computer
and disappear in a crowded walkway.

Why do software programs become an easy target of accidental or intentional attacks?

Unfortunately, software programs are often created under the constraints of project
management, which limit time, cost, and manpower. Information security is all too often
implemented as an afterthought, rather than developed as an integral component from the
beginning.

Why is securing the physical location of computers and the computers themselves important?

Securing the physical location of computers and the computers themselves is important
because a breach of physical security can result in a loss of information.

Do only software and hardware enable information to be input, processed, output, and
stored.? If no, what components enable it to do so?

Why don’t any individuals and organizations purchase software as mandated by the owner’s
license agreements?

Because most software is licensed to a particular purchaser, its use is restricted to a single
user or to a designated user in an organization. If the user copies the program to another
computer without securing another license or transferring the license, he or she has violated
the copyright.

Which malicious code software programs that hire their true nature and reveal their designed
behavior only when activated?

Why are the software components or programs of malicious code designed?

These software components or programs are designed to damage, destroy, or deny service to
the target systems.
What types of software attacks are mentioned in the text?

Virus, Worms, Trojan Horses, Back Door or Trap Door, Polymorphic Threats, Virus and
Worm Hoaxes, Espionage or Trespass

What does IP stand for? What is it?

Information security, to protect the confidentiality, integrity and availability of information

assets, whether in storage, processing, or transmission.

Who is considered an expert hacker?

The expert hacker is usually a master of several programming languages, networking

protocols, and operating systems and also exhibits a mastery of the technical environment of
the chosen targeted system. Once an expert hacker chooses a target system, the likelihood
that he or she will successfully enter the system is high

Who are hackers? Which skill levels are divided among hackers?

Hackers are “people who use and create computer software to gain access to information
illegally.”

There are generally two skill levels among hackers. The first is the expert hacker, or elite
hacker, who develops software scripts and program exploits used by those in the second
category, the novice or unskilled hacker.

What is one of the most common methods of virus transmission?

One of the most common methods of virus transmission is via e-mail attachment files.

Why do employees’s mistakes represent a serious threat to the confidentiality, integrity, and
availability of data?

This is because employee mistakes can easily lead to the following: revelation of classified
data, entry of erroneous data, accidental deletion or modification of data, storage of data in
unprotected areas, and failure to protect information.

What threats are mentioned in the text? Which one is the biggest threat to an organization?

Forces of Nature, Human Error or Failure, Information Extortion, Theft, Technical Hardware
Failures or Errors, Technical Software Failures or Errors

One of the greatest threats to an organization’s information security is the organization’s own
employees.
How can physical theft be controlled?

Physical theft can be controlled quite easily by means of a wide variety of measures, from
locked doors to trained security personnel and the installation of alarm systems

Why is electronic theft a more complex problem to manage and control?

When electronic information is stolen, the crime is not always readily apparent. If thieves are
clever and cover their tracks carefully, no one may ever know of the crime until it is far too
late.

Who is Maxus? What did he do? Give details to his act.

Maxus is Russian hacker. who hacked the online vendor and stole several hundred thousand
credit card numbers. When the company refused to pay the $100,000 blackmail, he posted the
card numbers to a Web site, offering them to the criminal community.

Can human error or failure be prevented? How can it be protected?

Much human error or failure can be prevented with training and ongoing awareness activities,
but also with controls, ranging from simple procedures, such as requiring the user to type a
critical command twice, to more complex procedures, such as the verification of commands
by a second party.

Are natural disasters considered threats in the information security? What effects do they
cause?

Which mistakes do employees often make when they use information systems?

Leaving classified information in unprotected areas, such as on a desktop, on a Web site, or

even in the trash can, is as much a threat to the protection of the information as is the
individual who seeks to exploit the information, because one person’s carelessness can create
a vulnerability and thus an opportunity for an attacker.

What is a cracking attack? When is it used?

A cracking attack is a component of many dictionary attacks (to be covered shortly). It is

used when a copy of the Security Account Manager (SAM) data file, which contains hashed
representation of the user’s password, can be obtained

What is a distributed denial of-service?

A distributed denial-of-service (DDoS) is an attack in which a coordinated stream of requests

is launched against a target from many locations at the same time.
Why is sometimes the brute force attack called a password attack?

If attackers can narrow the field of target accounts, they can devote more time and resources
to these accounts.

Which attack includes the execution of viruses, worms, Trojan horses, and active Web scripts
with the intent to destroy or steal information

Why is a trap door hard to detect

because very often the programmer who puts it in place also makes the access exempt from
the usual audit logging features of the system.Why are always the manufacturer’s default
administrator account names and passwords changed?

Why are many requests made that the target system becomes overloaded and cannot respond
to legitimate requests for service in a DoS attack?

What is a vulnerability?

A vulnerability is an identified weakness in a controlled system, where controls are not

present or are no longer effective.

Attack(1): Malicious Code, Hoaxes, Back Doors, Password Crack, Brute Force, Dictionary,
Denial-of-Service (DoS) and Distributed. 7 type

What is phishing? What is its variant?

Phishing - an attempt to gain personal or financial information from an individual, usually by

posing as a legitimate entity.

A variant is spear phishing, a label that applies to any highly targeted phishing attack

How may pharming also exploit the Domain Name System?

Pharming may also exploit the Domain Name System (DNS) by causing it to transform the
legitimate host name into the invalid site’s IP address; this form of pharming is also known as
DNS cache poisoning.

What do sometimes attackers do to sway the target for social engineering?

Sometimes attackers threaten, cajole, or beg to sway the target.

In which attack does an attacker monitor packets from the network, modify them, and insert
them back into the network?

In the well-known man-in-the-middle or TCP hijacking attack, an attacker monitors (or

sniffs) packets from the network, modifies them, and inserts them back into the network.

Why does pharming often use Trojans, worms, or other virus technologies to attack the
Internet browser’s address bar?

What do hackers use to engage in IP spoofing?

To engage in IP spoofing, hackers use a variety of techniques to obtain trusted IP addresses,

and then modify the packet headers to insert these forged addresses. Newer routers and
firewall arrangements can offer protection against IP spoofing

In Which attack can the cookie allow the designer to collect information on how to access
password-protected sites?

Timing Attack

Attack(2): Spoofing, Man-in-the-Middle, Spam, Mail Bombing, Social Engineering,

Pharming, Timing Attack (7)

What is a firewall in computing?

Where does the term firewall derive from?

Is a firewall in an information security program the same as or different from a building’s

firewall? What is their similarity or difference?

A firewall in an information security program is similar to a building’s firewall in that it

prevents specific types of information from moving between the outside world, known as the
untrusted network (for example, the Internet), and the inside world, known as the trusted
network

What are the functions of stateful filters?

How can firewalls be categorized?

Firewalls can be categorized by processing mode, development era, or structure

What are the predecessors to firewalls for network security?

The predecessors to firewalls for network security were the routers used in the late 1980s,
because they separated networks from one another, thus halting the spread of problems from
one network to another

What is the most important benefit of application layer filtering?

The key benefit of application layer filtering is that it can understand certain applications and
protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext
Transfer Protocol (HTTP)).

What are the benefits of firewalls in aircraft and automobiles?

In aircraft and automobiles, a firewall is an insulated metal barrier that keeps the hot and
dangerous moving parts of the motor separate from the inflammable interior where the
passengers sit.

What does a commercial-grade firewall system consist of?

A commercial-grade firewall system consists of application software that is configured for

the firewall application and run on a general-purpose computer.

Why can the firewall rule sets be changed by technical staff when necessary ?

The firewall rule sets are stored in nonvolatile memory, and thus they can be changed by
technical staff when necessary but are available each time the device is restarted.

What are most small office or residential-grade firewalls?

Most small office or residential-grade firewalls are either simplified dedicated appliances
running on computing devices or application software installed directly on the user’s
computer.

What is one of the most effective methods of improving computing security in the SOHO
setting?

One of the most effective methods of improving computing security in the SOHO setting is
by means of a SOHO or residential-grade firewall.

What method is used for protecting the residential user?

Another method of protecting the residential user is to install a software firewall directly on
the user’s system.
What are Windows or Linux/Unix?

Why do more and more small businesses and residences become more and more vulnerable
to attacks?

As more and more small businesses and residences obtain fast Internet connections with
digital subscriber lines (DSL) or cable modem connections, they become more and more
vulnerable to attacks.

What common architectural implementations are mentioned in the text?

Although literally hundreds of variations exist, there are four common architectural
implementations: Packet-filtering routers, screened host firewalls, dual-homed firewalls, and
screened subnet firewalls

Why do most organizations with an Internet connection have some form of a router at the
boundary between the organization’s internal networks and the external service provider?

Because This is a simple but effective way to lower the organization’s risk from external
attack. The drawbacks to this type of system include a lack of auditing and strong
authentication.

Which approach allows the router to prescreen packets to minimize the network traffic and
load on the internal proxy?

Screened host firewalls combine the packet-filtering router with a separate, dedicated
firewall, such as an application proxy server. This approach allows the router to prescreen
packets to minimize the network traffic and load on the internal proxy.

What is the protocol for handling TCP traffic via a proxy server?

SOCKS is the protocol for handling TCP traffic via a proxy server.

Are there many variants of the screened subnet architecture? What does the first general
model consist of?

There are many variants of the screened subnet architecture. The first general model consists
of two filtering routers, with one or more dual-homed bastion hosts between them. In the
second general model, the connections are routed as follows:

 Connections from the outside or untrusted network are routed through an external filtering
router.
 Connections from the outside or untrusted network are routed into—and then out of—a
routing firewall to the separate network segment known as the DMZ.

 Connections into the trusted internal network are allowed only from the DMZ bastion host
servers.

How many NICs does the bastion host contain? What are they?

2, One NIC is connected to the external network, and one is connected to the internal
network, providing an additional layer of protection. With two NICs, all traffic must
physically go through the firewall to move between the internal and external networks.
Implementation of this architecture often makes use of NAT.

Why is NAT able to prevent external attacks from reaching internal machines with addresses
in specified ranges?

NAT is a method of mapping real, valid, external IP addresses to special ranges of no

routable internal IP addresses, thereby creating yet another barrier to intrusion from external
attackers. The internal addresses used by NAT consist of three different ranges.

Why is the bastion host often refered to as the sacrificial host?

Since the bastion host stands as a sole defender on the network perimeter, it is commonly
referred to as the sacrificial host

What type of filtering is common in network routers and gateways?

How many subsets of packet-filtering firewalls are mentioned in the text? What are they?

How many major processing-mode categories are firewalls categorized? What are they?

What do simple firewall models examine?

Where do filtering firewalls inspect packets?

What does the packet-filtering firewall examine?

What is the primary disadvantage of stateful inspection