quiz9 #S1-3

1. Define the term, computer security risks, and briefly describe the types

of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy,

unethical employee, cyberextortionist, and cyberterrorist.
A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
Cybercrime-refers to online or Internet-based illegal acts
Hacker-refers to someone whom accesses a computer or network illegally; the intent of their security breaches is to improve security

Cracker-someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious actions

Script kiddie-has the same intent as the cracker but does not have the technical skills and knowledge; often use prewritten hacking and cracking programs to break into computer

Corporate spies-have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information

Unethical employee-break into their employer's computer for a variety of reasons;some simply want to exploit a security weakness, others seek financial gains from selling confidential information
Cyberextortionist-someone who uses e-mail as a vehicle for extortion; these perpetrators send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flow, or launch an attack that will compromise the organization's network-if they are not paid a sum of money
Cyberterrorist-a programmer who breaks into computer systems in order to steal or change or destroy information;including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses

2. Describe various types of Internet and network attacks (computer viruses,

worms, Trojan horses, rootkits, botnets, denial of service attacks, back

doors, and spoofing), and identify ways to safeguard against these attacks,

including firewalls, intrusion detection software, and honeypots.

viruses-is a computer program that can copy itself and infect a computer

worms-is a self-replicating malware computer program which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention

Trojan horses-is a destructive program that masquerades an application; the software initially appears to perform a desirable function for the user prior to installation and/or execution, but steals information or harms the system

rootkit- a software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications

botnets-is a grouped of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks usually for nefarious purposes

denial of service attacks-is an assault whose purpose is to disrupt computer access to an Internet services such as the Web or e-mail

backdoors-a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected

spoofing-the process of deception by which an individual or system alters its identity or creates additional identities, thereby causing another person or system to act incorrectly

To take precautions against this malware:
1. Do not start a computer with removable media in the drives or ports.
2. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.
3. Disable macros in documents that are not from a trusted source.
4. Install an antivirus program and a personal firewall.
5. Stay informed about any new virus alert or virus hoax.
6. To defend against a botnet, a denial of service attack, improper use of a back door, and spoofing, users can install a firewall, install intrusion detection software, and set up a honeypot.

3. Discuss techniques to prevent unauthorized computer access and use
Some safeguards that improve the security of wireless networks include reconfiguring the wireless access point and ensuring equipment uses one or more wireless security standards such as Wi-Fi  Protected Access and 802.11i.
-a wireless access point (WAP) should be configured so that it does not broadcast a network name. The WAP also can be programmed so that only certain devices can access it.
-Wi-Fi Protected Access (WPA) is a security standard that improves an older security standards by authenticating network users and providing more advanced encryption techniques.
-an 802.11i network, sometimes called WPA2, the most recent network security standard, conforms to the government's security standards and uses more sophisticated encryption techniques than WPA.

By implementing these security measures, you can help to prevent an unauthorized access to wireless networks.

quiz9 #s 4-6

4. Identify safeguards against hardware theft and vandalism

  Hardware theft is the act of stealing computer equipment. Hardware vandalism is the act of defacing or destroying computer equipment. The best preventive measures against hardware theft and vandalism are common sense and a constant awareness of the risk. Physical devices and practical security measures, such as locked doors and windows, can help protect equipment. Passwords, possessed objects, and biometrics can reduce the risk of theft or render a computer useless if it is stolen.
Safeguards Against Hardware Theft And Vandalism Restricted access (locked doors and windows) Alarm systems Cables Locking devices for hard disk, other drives
 

5. Explain the ways software manufacturers protect against software piracy.
Software piracy is the unauthorized and illegal duplication of copyrighted software. To protect themselves from software piracy, manufacturers issue a license agreement and require product activation.

6. Discuss how encryption works, and explain why it is necessary

Encryption is the process of converting readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. That is, you can store it or send it in an e-mail message. To read the data, the recipient must decrypt, or decipher, it into a readable form.

quiz9 #s 7-9

7. Discuss the types of devices available that protect computers from

system failure
A system failure is the prolonged malfunction of a computer. A common cause of system failure is an electrical power variation such as noise, an undervoltage, or an overvoltage. A surge protector, also called a surge suppressor, uses special electrical components to smooth out minor noise, provide a stable current flow, and keep an overvoltage from reaching the computer and other electronic equipment. An uninterruptible power supply (UPS) contains surge protection circuits and one or more batteries that can provide power during a temporary loss of power.

8. Explain the options available for backing up computer resources.
A backup is a duplicate of a file, program, or disk that can be used to restore the file if the original is lost, damaged, or destroyed. Users can opt for a full backup or a selective backup. Some users implement a three-generation backup policy that preserves three copies of important files: the grandparent, the parent, and the child. Others use RAID or continuous backup. Most operating systems and backup devices include a backup program.

9. Identify risks and safeguards associated with wireless communications.
Wireless access poses additional security risks. Intruders connect to other wireless networks to gain free Internet access or an organization's confidential data. Some individuals intercept and monitor communications as they transmit. Others connect to a network through an unsecured wireless access point (WAP), sometimes using the techniques of war driving or war flying. Some safeguards include firewalls, reconfiguring the WAP, and ensuring equipment uses a wireless security standard, such as Wi-Fi Protected Access (WPA) and 802.11i.

quiz9 #s10-12

10. Discuss ways to prevent health-related disorders and injuries due to

computer use.
A computer-related repetitive strain injury (RSI) can include tendonitis and carpal tunnel syndrome (CTS). Another health-related condition is eyestrain associated with computer vision syndrome (CVS). To prevent health-related disorders, take frequent breaks, use precautionary exercises and techniques, and use ergonomics when planning the workplace. Computer addiction occurs when the computer consumes someone's entire social life.

11. Recognize issues related to information accuracy, intellectual property

rights, codes of conduct, and green computing.
Computer ethics govern the use of computers and information systems. Issues in computer ethics include the responsibility for information accuracy and the intellectual property rights to which creators are entitled for their works. An IT (information technology) code of conduct helps determine whether a specific computer action is ethical or unethical.
intellectual property rights-are the rights to which creators are entitled for their work;certain issues arise surrounding IP today because many of these works available digitally

green computing-involves reducing the electricity and environmental waste while using a computer;people use, and often waste, resources such as electricity and paper while using the computer
 

12. Discuss issues surrounding information privacy, including electronic

profiles, cookies, spyware and adware, spam, phishing, privacy laws, social

engineering, employee monitoring, and content filtering.
Information privacy-the right of individuals and companies to deny or restrict the collection and use of information about them. Issues surrounding information privacy include the following.  
electronic profile-combines data about an individual's Web use with data from public sources, which then is sold.  
cookie-a file that a Web server stores on a computer to collect data about the user. 
Spyware-a program placed on a computer that secretly collects information about the user.
Adware-a program that displays an online advertisement in a banner or pop-up window. 
Spam-an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once. 
Phishing-a scam in which a perpetrator attempts to obtain personal or financial information. 
The concern about privacy has led to the enactment of many federal and state laws regarding the disclosure of data. As related to the use of computers, social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others. Employee monitoring uses computers to observe, record, and review an employee's computer use. Content filtering restricts access to certain materials on the Web.  

quiz8 #s 1-4

1. Define the term, database, and explain how a database interacts with data

and information.

Database-a collection of data organized in a manner that allows access, retrieval, and use of that data. Database software often called a database management system (DBMS), allows users to create a computerized database; add, modify, and delete the data; sort and retrieve the data; and create forms and reports from the data. Data is a collection of unprocessed items, which can include text, numbers, images, audio, and video. Computers processed data into information. Information is processed data; that is, it is organized, meaningful, and useful. in addition to documents, information can be in the form of audio, images, and video.

2. Describe file maintenance techniques (adding records, modifying records,

deleting records) and validation techniques.

File maintenance refers to the procedures that keep data current. File maintenance procedures include adding records when new data is obtained, modifying records to correct inaccurate data or to update old data with new data, and deleting records when they are no longer are needed.

Validation is the process of comparing data with a set of rules or values to find out if the data is correct. Many programs perform a validity check that analyzes data, either as you enter it or after you enter it, to help ensure that it is correct. Types of validity checks include an alphabetic check, a numeric check, a range check, a consistency check, a completeness check, and a check digit.

3. Discuss the terms character, field, record, and file.

A bit is the smallest unit of data a computer can process. Eight bits grouped together form a byte, and each byte represents a single character, which can be a letter, number, space, punctuation mark or other symbol.

A field is a combination of one or more related characters or bytes and is the smallest unit of data a user accesses.

A record is a group of related fields.

A data file is a collection of related records stored on a storage medium such as a hard disc or optical disc.

4. Discuss the functions common to most database management systems:
data dictionary, file retrieval and maintenance, data security, and backup
and recovery.

With a database management system (DBMS), users can create, access, and manage a computerized database. Most DBMS perform common functions. 
A data dictionary contains data about cache file in the database and cache field within those files. A DBMS offers several methods to retrieve and maintain data, such as query languages, query by example, forms, and report generators. A query language is consists of simple, English-like statements that allow users to specify the data to display, print, or store. A query by example (QBE) has a graphical user interface that assists users with retrieving data. A form is a window on the screen that provides areas for entering or modifying data. A report generator allows users to design a report on the screen, retrieve data into the report design, and display or print the report. A backup is a copy of the database. A log is a listing of activities that change the contents of the database. A  recovery utility uses the logs and/or backups to restore the database.

quiz8 #s 5-7

5. Differentiate between a file processing approach and the database
approach.

File processing system- each department or area or area within an organization has its own sets of data files. Two major weaknesses of file processing systems are redundant data and isolated data.

Databse approach- many programs and users share the data in a database. The database approach reduces data redundancy, improves data integrity, shares data, permits easier access, and reduces development time.

A database, however, can be more complex than a file processing system, requiring special training and more computer memory, storage, and processing power. Data in a database also can be more vulnerable than data in file processing system.

6. Describe characteristics of relational, object-oriented, and
multidimensional databases.

Relational database-stores data in tables that consists of rows and columns

Object-oriented database (OODB)- stores data in objects;often use an object query language to manipulate and retrieve data

Multidimensional database-stores data in dimensions;allows users to access and analyze any view of the database data and no standard query language exists

7. Explain how to access Web databases.
A Web database links to a form on a Web page. To access data in a Web database, you fill on the form or enter search text on a Web page. A Web database usually resides on a database server, which is a computer that store and provides access to a datbase

quiz8 #s 8-10

8. Define the term, computer security risks, and briefly describe the types
of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy,
unethical employee, cyberextortionist, and cyberterrorist.
A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
Cybercrime-refers to online or Internet-based illegal acts
Hacker-refers to someone whom accesses a computer or network illegally; the intent of their security breaches is to improve security

Cracker-someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious actions

Script kiddie-has the same intent as the cracker but does not have the technical skills and knowledge; often use prewritten hacking and cracking programs to break into computer

Corporate spies-have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information

Unethical employee-break into their employer's computer for a variety of reasons;some simply want to exploit a security weakness, others seek financial gains from selling confidential information
Cyberextortionist-someone who uses e-mail as a vehicle for extortion; these perpetrators send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flow, or launch an attack that will compromise the organization's network-if they are not paid a sum of money
Cyberterrorist-a programmer who breaks into computer systems in order to steal or change or destroy information;including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses


9. Identify database design guidelines and discuss the responsibilities of
database analysts and administrators.
Database analysts and database administrators are responsible for managing and coordinating all database activities. A database analyst focuses on the meaning and usage of data. A database administrator requires more technical inside view of the data. The DBA creates and maintains the data dictionary, manages database security, monitors database performance and checks backup and recovery procedures.


10. Discuss techniques to prevent unauthorized computer access and use
Some safeguards that improve the security of wireless networks include reconfiguring the wireless access point and ensuring equipment uses one or more wireless security standards such as Wi-Fi  Protected Access and 802.11i.
-a wireless access point (WAP) should be configured so that it does not broadcast a network name. The WAP also can be programmed so that only certain devices can access it.
-Wi-Fi Protected Access (WPA) is a security standard that improves an older security standards by authenticating network users and providing more advanced encryption techniques.
-an 802.11i network, sometimes called WPA2, the most recent network security standard, conforms to the government's security standards and uses more sophisticated encryption techniques than WPA.

By implementing these security measures, you can help to prevent an unauthorized access to wireless networks.