<?xml version="1.0"?>
<rss version="2.0">
   <channel>
      <title>CSC 408 AM228 4C by fariza nadhirah</title>
      <link>https://padlet.com/farizanadhirah97/u7aeiswdio4</link>
      <description>Management Information System</description>
      <language>en-us</language>
      <pubDate>2018-12-25 12:09:40 UTC</pubDate>
      <lastBuildDate>2023-05-20 04:30:14 UTC</lastBuildDate>
      <webMaster>hello@padlet.com</webMaster>
      <image>
         <url></url>
      </image>
      <item>
         <title>CSC 408 Management Information SystemsChapter 7/8 Securing Information SystemsAnswer ALL questions</title>
         <author>farizanadhirah97</author>
         <link>https://padlet.com/farizanadhirah97/u7aeiswdio4/wish/316642544</link>
         <description><![CDATA[<div>Question 1</div><div> </div><div>Briefly explain the following computer crimes.</div><div>a) Sniffer</div><div> </div><div>Sniffers can be used both for legitimate <a href="https://www.webopedia.com/TERM/N/network_management.html">network management</a> functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the <a href="https://www.webopedia.com/TERM/H/hacker.html">hacker's</a> arsenal. On TCP/IP networks, where they sniff <a href="https://www.webopedia.com/TERM/P/packet.html">packets</a>, they're often called packet sniffers.</div><div> </div><div> </div><div>b) Phishing</div><div> </div><div>Phishing is a cyber crime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.</div><div> </div><div>c) Pharming</div><div> </div><div>Pharming is yet another way hackers attempt to manipulate users on the Internet. While phishing attempts to capture personal information by getting users to visit a fake website, pharming redirects users to false websites without them even knowing it.</div><div> </div><div>d) Spoofing</div><div> </div><div>Spoofing is when a hacker impersonates another device or user on a network in order to steal data, spread malware, or bypass access controls. The most common forms are IP spoofing, email spoofing, and DNS spoofing.<br><br>Question 2</div><div>a) Distinguish the TWO (2) methods for encrypting network traffic on the Web.</div><div> </div><div>1) Secure Sockets Layer (SSL): SSL and its successor Transport Layer Security (TLS) enable client and server computers to establish a secure connection session and manage encryption and decryption activities.</div><div> </div><div>2) Secure Hypertext Transfer Protocol (S-HTTP) is another protocol used for encrypting data flowing over the Internet, but it is limited to individual messages.</div><div> </div><div>b) Briefly explain the following terms.<br><br></div><div>i. Cyber warfare</div><div> </div><div>The <a href="https://dictionary.cambridge.org/dictionary/english/activity">activity</a> of using the <a href="https://dictionary.cambridge.org/dictionary/english/internet">internet</a> to <a href="https://dictionary.cambridge.org/dictionary/english/attack">attack</a> a country’s <a href="https://dictionary.cambridge.org/dictionary/english/computer">computers</a> in <a href="https://dictionary.cambridge.org/dictionary/english/order">order</a> to <a href="https://dictionary.cambridge.org/dictionary/english/damage">damage</a> things such as <a href="https://dictionary.cambridge.org/dictionary/english/communication">communication</a> and <a href="https://dictionary.cambridge.org/dictionary/english/transport">transport</a> <a href="https://dictionary.cambridge.org/dictionary/english/system">systems</a> or <a href="https://dictionary.cambridge.org/dictionary/english/water">water</a> and <a href="https://dictionary.cambridge.org/dictionary/english/electricity">electricity</a> <a href="https://dictionary.cambridge.org/dictionary/english/supplies">supplies</a></div><div> </div><div> </div><div> ii. Computer Forensic</div><div> </div><div>Computer forensics is the practice of collecting, analyze and reporting on digital data in a way that is legally admissible. It can be used in the detection and prevention of crime and in any dispute where evidence is stored digitally.</div><div> </div><div>Question 3</div><div>a) Without protection against malware and intruders, connecting to the Internet could be very</div><div>dangerous. Firewalls, intrusion detection system and antivirus software have become the tools to</div><div>overcome this problem. Briefly explain these THREE (3) tools.</div><div> </div><div><strong>Firewall</strong>-A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic and prevents unauthorized communication into and out of the network. The firewall identifies names, Internet Protocol (IP) addresses, applications, and other characteristics of incoming traffic. It checks this information against the access rules programmed into the system by the network administrator</div><div><strong> </strong></div><div><a href="https://paginas.fe.up.pt/~als/mis10e/ch8/javascript:pop_win('ids.htm')"><strong>Intrusion detection systems</strong></a> feature full-time monitoring tools placed at the most vulnerable points of corporate networks to detect and deter intruders continually. Scanning software looks for patterns indicative of known methods of computer attacks, such as bad passwords, checks to see if important files have been removed or modified, and sends warnings of vandalism or system administration errors.</div><div><strong> </strong></div><div><a href="https://paginas.fe.up.pt/~als/mis10e/ch8/javascript:pop_win('antivirus.htm')"><strong>Antivirus software</strong></a> is designed to check computer systems and drives for the presence of computer viruses. However, to remain effective, the antivirus software must be continually updated.</div><div> </div><div>b) Information systems controls is one of the components of an organizational framework for</div><div>security and control. Information systems controls consist of two - general and application</div><div>control. A company must know how and where to deploy security tools and security personnel</div><div>must know what controls a company must have in place to protect its information system.</div><div>Contrast between General Controls and Application Controls.</div><div> </div>]]></description>
         <enclosure url="https://padlet-uploads.storage.googleapis.com/344380109/eac76f056c5459d9d8dfab6228f2e9bb/image.png" />
         <pubDate>2018-12-25 12:15:32 UTC</pubDate>
         <guid>https://padlet.com/farizanadhirah97/u7aeiswdio4/wish/316642544</guid>
      </item>
      <item>
         <title></title>
         <author>farizanadhirah97</author>
         <link>https://padlet.com/farizanadhirah97/u7aeiswdio4/wish/316642697</link>
         <description><![CDATA[<div>Question 4<br><br></div><div>Malicious Software programs are referred to as Malware. Describe FOUR (4) types of malicious</div><div>Software</div><div> </div><div> </div><div><strong>Spyware</strong>- Spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a Spybot or tracking software), Spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program.</div><div> </div><div> </div><div><strong>Virus</strong>- a virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document. Viruses can be transmitted as attachments to an e-mail note or in a downloaded file, or be present on a diskette or CD</div><div> </div><div> </div><div><strong>Worm</strong>- a worm is a self-replicating virus that does not alter files but duplicates itself. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.</div><div> </div><div> </div><div><strong>Logic bomb</strong>- a logic bomb is programming code, inserted surreptitiously or intentionally, that is designed to execute (or "explode") under circumstances such as the lapse of a certain amount of time or the failure of a program user to respond to a program command. It is in effect a delayed-action computer virus or Trojan horse. A logic bomb, when "exploded," may be designed to display or print a spurious message, delete or corrupt data, or have other undesirable effects.</div><div> </div><div>Question 5</div><div> </div><div>a)Define computer crime and provide an appropriate example.</div><div> </div><div>Computer crime is an act performed by a knowledgeable computer user, sometimes referred to as a <a href="https://www.computerhope.com/jargon/h/hacker.htm">hacker</a> that illegally browses or steals a company's or individual's private information. In some cases, this person or group of individuals may be malicious and destroy or otherwise corrupt the computer or data files.  </div><div>Example:Child pornography - Making or distributing child pornography</div><div> </div><div>b) Briefly explain THREE (3) reasons why information systems are vulnerable to destruction, error</div><div>and abuse?</div><div> </div><div>1) Corporate systems using the Internet are especially vulnerable because the Internet is designed to be an open system and makes internal corporate systems more vulnerable to actions from outsiders</div><div>2) Hackers can unleash denial of service (DoS) attacks or penetrate corporate networks to cause serious system disruptions.</div><div>3) Wi-Fi networks can easily be penetrated by intruders using sniffer programs to obtain an address to access the resources of the network.</div><div> </div><div>c) Discuss the THREE (3) most important tools and technology for safeguarding information</div><div>resources.</div><div> </div><div>1). They can use fault-tolerant computer systems or create high-availability computing environments to make sure that their information systems are always available and performing without interruptions</div><div>2) Firewalls are placed between an organization’s private network and external networks such as the Internet to prevent unauthorized users from accessing the private network.</div><div>3)Intrusion detection systems monitor private networks for suspicious network traffic and attempts to access corporate systems</div><div> </div><div>a) Identity management software automates the process of keeping track of all information systems users and their system privileges, assigning each user a unique digital identity for accessing each system. Define authentication.</div><div> </div><div>Authentication is the technique by which a system checks the identification of an end user who wants to access it. Since entrance or access control is normally based on the identification of the user who demands access to a resource, authentication is essential to effective security.</div><div> </div><div>b) Identify and briefly describe FOUR (4) authentication technologies.</div><div> </div><div>1. Password Based Technologies</div><div>Passwords are the most common form of authentication. Password may be of any form (string of alphabets, numbers and special characters). This password is necessarily to be known by the entity or the thing or a person that is being authenticated.</div><div> </div><div>2. E-Token Based Technologies</div><div>An E-Token authentication is small devices that develop/generates a new odd/random value every time it is used. This random value becomes the basis for authentication (an alternative to a password). It can be implemented on a USB key fob or on a smart card. Data is protected on the device itself. Store credentials such as passwords, digital signatures and certificates, and private keys. E-Token has different components or features like processor, LCD for displaying outputs or random values, battery, small keypad for entering information, real-time clock.</div><div> </div><div>3. Biometric Based Technologies</div><div>It mention to the realization/recognition/identification of humans by their personality/characteristics such as face, fingerprint, human voice, retina, iris pattern of the eye, vein pattern etc. It's used in computer science as a form of realization/recognition and access control. It is also used to find/select persons in groups that are under consideration/measurement.</div><div> </div><div>4. Two-factor authentication</div><div>It requires two or more independent ways of verifying an identity. Examples include something that the user possesses such as a telephone or other physical token, inherent factors like biometric traits or something known like a password. ATM’s are prime examples of MFAs because you need a card (physical token) and a PIN (something known) in order for the transaction to take place.</div><div> </div><div>QUESTION 7 </div><div> </div><div>a)Describe ransomware. </div><div>Ransomware: A subset of malware in which the data on a victim's computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim. The motive for ransomware attacks is nearly always monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Payment is often demanded in a virtual currency, such as bit coin, so that the cybercriminal's identity is not known.</div><div> </div><div>b) State how do we prevent and protect our computer from ransomware. </div><div> </div><div>1. Do not provide personal information when answering an email, unsolicited phone call, text message or instant message.</div><div>2. Do make sure that all systems and software are up-to-date with relevant patches.</div><div>3. Restore any impacted files from a known good backup.</div><div> </div><div>c) Discuss the effects of computer crime to an organization.</div><div> </div><div><strong>Economic cost of cyber-attack</strong>-Cyber-attacks often result in substantial financial loss arising from theft of corporate information, theft of financial information (example: bank details or payment card details), theft of money, disruption to trading (example: inability to carry out transactions online) and loss of business or contract. Businesses that suffered a cyber-breach will also generally incur costs associated with repairing affected systems, networks and devices.</div><div> </div><div><strong>Reputational damage</strong>- Trust is an essential element of customer relationship. Cyber-attacks can damage your business' reputation and erode the trust your customers have for you. This, in turn, could potentially lead to loss of customers, loss of sales and reduction in profits. The effect of reputational damage can even impact on their suppliers, or affect relationships that may have with partners, investors and other third parties vested in their organization.</div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-25 12:21:05 UTC</pubDate>
         <guid>https://padlet.com/farizanadhirah97/u7aeiswdio4/wish/316642697</guid>
      </item>
      <item>
         <title></title>
         <author>farizanadhirah97</author>
         <link>https://padlet.com/farizanadhirah97/u7aeiswdio4/wish/316642744</link>
         <description><![CDATA[<div>CASE STUDY 1: THE LOOMING THREAT OF CYBER<br><br></div><div>1. Is cyber-warfare a serious problem? Why or why not?</div><div> </div><div>Cyber-warfare is a set of challenges for security experts, not only in detecting and preventing intrusions but also in tracking down perpetrators and bringing them to justice. The most prominent threats so far include, successful attacks on the FAA airline system, including one in 2006 that partially shut down air traffic data systems in Alaska. Intruders successfully penetrated the Pentagon’s $300 billion Joint Strike Fighter project and stole several terabytes of data related to design and electronics systems. Cyber spies infiltrated the U.S. electrical grid in April 2009 and left behind software programs whose purpose is unclear. In Iraq, insurgents intercepted Predator drone feeds using software downloaded from the Internet. An act of cyber-war against a critical resource such as the electric grid, financial system, or communication systems would likely be devastating.</div><div> </div><div>2. What solutions have been proposed? Do you think they will be effective? Why or why not?</div><div>Proposed solutions include the following along with an assessment of their effectiveness:</div><div> </div><div> Congress is considering legislation that would require all critical infrastructure companies to meet newer, tougher cyber security standards. As cyber warfare technologies develop and become more advanced, the standards imposed by this legislation will likely be insufficient to defend against attacks.</div><div>Furthemore, Secretary of Defense Gates ordered the creation of Cyber com, the first headquarters designed to coordinate government cyber security efforts. It was activated in May 2010. It will coordinate the operation and protection of military and Pentagon computer networks. It will coordinate efforts to restrict access to government computers and protect systems that run the stock exchanges, clear global banking transactions, and manage the air traffic control system. Its ultimate goal will be to prevent catastrophic cyber attacks against the U.S. Some insiders suggest that it might not be able to effectively organize the governmental agencies without direct access to the President, which it currently lacks.</div><div> </div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-25 12:23:39 UTC</pubDate>
         <guid>https://padlet.com/farizanadhirah97/u7aeiswdio4/wish/316642744</guid>
      </item>
   </channel>
</rss>
