<?xml version="1.0"?>
<rss version="2.0">
   <channel>
      <title>CSC408: Chapter 7/8  by Shira Husna</title>
      <link>https://padlet.com/shira_husna/csc408revision</link>
      <description>AM228-4A</description>
      <language>en-us</language>
      <pubDate>2018-12-22 08:28:55 UTC</pubDate>
      <lastBuildDate>2018-12-22 09:33:13 UTC</lastBuildDate>
      <webMaster>hello@padlet.com</webMaster>
      <image>
         <url>https://padlet-assets.s3.amazonaws.com/icons/Lightdecrease.png</url>
      </image>
      <item>
         <title>QUESTION 1</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316501792</link>
         <description><![CDATA[<div>Briefly explain the following computer crimes. </div><div> </div><div>a)     <mark> </mark><strong><mark>Sniffer</mark></strong></div><div>·         Sniffer is a type of eavesdropping program that monitors information travelling over a network. When used legitimately, sniffers help identify potential network trouble spots or criminal activity on networks, but when used for criminal purposes, they can be damaging and very difficult to detect.</div><div>b)      <strong><mark>Phishing</mark></strong></div><div>·         Phishing involve setting up fake Web sites or sending email messages that look like those of legitimate businesses to ask users for confidential personal data. The email messages instructs recipients to update or confirm records by providing social security numbers, bank or credit card information and other confidential data.</div><div>c)   <mark>   </mark><strong><mark>Pharming</mark></strong></div><div>·         Pharming redirects users to a bogus Web page, even when the individual types the correct Web page address into his or her browser. This is possible if pharming perpetrators gain access to the internet address information stored by Internet service providers to speed up Web browsing and the ISP companies have flawed software on their servers that allows the fraudsters to hack in and change those address.</div><div>d)      <strong><mark>Spoofing</mark></strong></div><div>·         Spoofing involve redirecting a Web link to an address different from the intended one, with the site masquerading as the intended destination.</div><div>(8 marks) </div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 08:34:00 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316501792</guid>
      </item>
      <item>
         <title>QUESTION 2 (a)</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316501854</link>
         <description><![CDATA[<div>a) Distinguish the <strong>TWO (2)</strong> methods for encrypting network traffic on the Web. </div><div><br></div><div><strong><mark>Symmetric key encryption</mark></strong></div><div>·         Sender and receiver use single encryption key, shared key.</div><div> </div><div><strong><mark>Public key encryption</mark></strong></div><div>·         Use two mathematically related keys which are Private Key and Public Key. Public key is keep in public directory while private key is kept secret.</div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 08:36:08 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316501854</guid>
      </item>
      <item>
         <title>QUESTION 2 (b)</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316501878</link>
         <description><![CDATA[<div>b) Briefly explain the following terms. </div><div>i) <strong><mark>Cyber warfare</mark></strong></div><div>·         Is a state sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks for the purposes of causing damage and disruption.</div><div>ii) <strong><mark>Computer forensic</mark></strong></div><div>·         Is the scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law.</div><div>(4marks) <br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 08:37:34 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316501878</guid>
      </item>
      <item>
         <title>QUESTION 3 (a)</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316501926</link>
         <description><![CDATA[<div>a)      Without protection against malware and intruders, connecting to the Internet could be very dangerous.  Firewalls, intrusion detection system and antivirus software have become the tools to overcome this problem.  Briefly explain these <strong>THREE (3)</strong> tools. </div><div> </div><div><strong><mark>Firewalls</mark></strong></div><div>·         Firewalls prevent unauthorized users from accessing private networks. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic.</div><div> </div><div> <strong><mark>Intrusion detection systems</mark></strong></div><div>·         Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable points or “hot spot” of corporate networks to detect and deter intruders continually. The system generates an alarm if it finds a suspicious or anomalous event.</div><div> </div><div>  <strong><mark>Antivirus software</mark></strong></div><div>·         This software prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware and ardware. However, most antivirus software is effective only against malware already known when the software was written. </div><div>(6 marks)</div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 08:39:30 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316501926</guid>
      </item>
      <item>
         <title>QUESTION 3 (b)</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316501962</link>
         <description><![CDATA[<div>b) Information systems controls is one of the components of an organizational framework for security and control.  Information systems controls consist of two - general and application control.  A company must know how and where to deploy security tools and security personnel must know what controls a company must have in place to protect its information system. </div><div> </div><div>Contrast between General Controls and Application Controls. </div><div> </div><div><strong><mark>General Controls</mark></strong></div><div>·         General governs the design, security, and use of computer programs and the security of data files in general throughout the organization’s information technology infrastructure. On the whole, general controls apply to all computerized applications and consists of a combination of hardware, software, and manual procedures that create an overall control environment. General controls include software controls, physical hardware controls, computer operations controls, data security controls, controls over implementation of system processes and administrative controls. </div><div> </div><div><strong><mark>Application controls</mark></strong></div><div>·         Application controls are specific controls unique to each computerized application, such as payroll or order processing. They include both automated and manual procedures that ensure that only authorized data are completely and accurately processed by that application. Application controls can be classified as input controls, processing controls and output controls. </div><div>(8 marks) </div><div> </div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 08:41:10 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316501962</guid>
      </item>
      <item>
         <title>QUESTION 4</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316502064</link>
         <description><![CDATA[<div>Malicious Software programs are referred to as Malware. Describe <strong>FOUR (4)</strong> types of malicious software. </div><div> </div><div><strong><mark>Worms</mark></strong></div><div>·         Which are independent computer programs that copy themselves from one computer to other computer over a network. Unlike viruses, worms can operate on their own without attaching to other computer program files and rely less on human behavior in order to spread from computer to computer. </div><div> </div><div><strong><mark>Trojan horse</mark></strong></div><div>·         Is a software programs that appears to be benign but then does something other than expected. The Trojan horse is not itself a virus because it does not replicate, but it is often a way for viruses or other malicious code to be introduced into a computer system. </div><div> </div><div><strong><mark>Ransomware</mark></strong></div><div>·         Ransomware is proliferating on both desktop and mobile devices. It tries to extort money from users by taking controls of their computers or displaying annoying pop-up messages.</div><div> </div><div><strong><mark>Spyware</mark></strong></div><div>·         These small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising. Thousands of forms of spyware have been documented. </div><div> </div><div>(8 marks) </div><div> </div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 08:44:39 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316502064</guid>
      </item>
      <item>
         <title>QUESTION 5 (a,b,c)</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316502127</link>
         <description><![CDATA[<div>a)      Nowadays securing information systems has become an important issue in organization to protect itself against computer crime. </div><div> </div><div>Define computer crime and provide an appropriate example.</div><div> </div><div>Computer crime is defined by the U.S. Department of Justice as “any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution”. For example, hackers.</div><div>(3 marks) <br><br><br></div><div>b)      Briefly explain <strong>THREE (3)</strong> reasons why information systems are vulnerable to destruction, error and abuse? </div><div> </div><div>·         This is because the internet are open to everyone. Every people can access to what they want. </div><div>·         Wireless security challenge where radio frequency are easy to scan.</div><div>·         Commercial software contain flaws that create security vulnerability.</div><div>(6  marks) <br><br></div><div> </div><div>c)      Discuss the <strong>THREE (3)</strong> most important tools and technology for safeguarding information resources. </div><div> </div><div><strong><mark>Firewalls</mark></strong></div><div>·         Firewalls prevent unauthorized users from accessing private networks. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic.</div><div><strong><mark>Intrusion detection systems</mark></strong></div><div>·         Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable points or “hot spot” of corporate networks to detect and deter intruders continually. The system generates an alarm if it finds a suspicious or anomalous event.</div><div><strong> </strong><strong><mark>Antivirus software</mark></strong></div><div>·         This software prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware and hardware. However, most antivirus software is effective only against malware already known when the software was written. </div><div> </div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 08:46:57 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316502127</guid>
      </item>
      <item>
         <title>QUESTION 6 (a,b)</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316502246</link>
         <description><![CDATA[<div>a)      Identity management software automates the process of keeping track of all information systems users and their system privileges, assigning each user a unique digital identity for accessing each system. </div><div> </div><div><mark>Define authentication.</mark></div><div> </div><div>·         It refers to the ability to know that a person is who he or she claims to be. Authentication is often established by using passwords known only to authorized users.</div><div>(2 marks) </div><div> </div><div>b)      Identify and briefly describe <strong>FOUR (4)</strong> authentication technologies. </div><div> </div><div><strong><mark>Token</mark></strong></div><div>·         Is a physical device, similar to an identification card that is designed to prove the identity of a single user. Tokens are small gadgets that typically fit on key rings and display passcodes that change frequently. </div><div>       <br><mark> </mark><strong><mark>Smart card</mark></strong></div><div>·         Is a device about the size of credit card that contains chip formatted with access permission and other data. A reader device interprets the data on the smart card and allows or denies access. </div><div>     </div><div><strong><mark>Biometric authentication</mark></strong></div><div>·         It uses system that read and interpret individual human traits such as fingerprints, irises and voices, in order to grant or deny access. This technology is based on the measurement of a physical or behavioral trait that makes each individual unique. </div><div>      <br> <strong><mark>Two-factor authentication</mark></strong><strong> </strong></div><div>·         Increases security by validating users with a multi-step process. To be authenticated, a user must provide two means of identification, one of which is typically a physical token, such as smart card or chip-enabled bank card, and the other of which is typically data, such as word or PIN .</div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 08:49:59 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316502246</guid>
      </item>
      <item>
         <title>QUESTION 7 (a,b,c)</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316502474</link>
         <description><![CDATA[<div>a)      Describe ransomware. </div><div> </div><div>·         <mark>Ransomware</mark> is proliferating on both desktop and mobile devices. It tries to extort money from users by taking controls of their computers or displaying annoying pop-up messages.</div><div> </div><div>(3  marks) </div><div> </div><div>b)      State how do we prevent and protect our computer from ransomware. </div><div> </div><div>·         Install antivirus and antispyware system. It will ensure the regular check for any virus that exist and also can eliminate them as well. It requires continual updating from user.</div><div>(3  marks) </div><div> </div><div>c)      Discuss the effects of computer crime to an organization. </div><div> </div><div>·         The organization will suffer the loss of information. It also will affect the organization daily activities such as the customer information and many more. </div><div>·         It will make the organization hard to manage their work due to the attack of computer crime. It will incur a lot of cost to get back all the information that lost.</div><div>(4 marks) </div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 08:56:07 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316502474</guid>
      </item>
      <item>
         <title>Part B Question 1: Security isn’t simply a technology issue, it’s a business issue. Discuss.</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316502609</link>
         <description><![CDATA[<ul><li> Security pertains to the measurements that a company takes in order to help prevent intrusions from hackers or other unauhorized individuals. </li><li> These measurements can be certain policies and procedures that will ultimately aim to eliminate the threats of identity theft or possible damage to a company’s system. </li><li> Security make sure that a business is running very smoothly and free of any possible external threats. </li><li> Information can be kept confidential which would ensure great customer service and reliability.  </li></ul>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 09:00:22 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316502609</guid>
      </item>
      <item>
         <title>Question 2</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316502813</link>
         <description><![CDATA[<div><strong>Who poses the biggest security threat: insiders or outsiders?</strong></div><div> </div><div>While an organization usually faces more external threats, the reality is that organizations need to be just as concerned about the insider threat. An insider attack is one of the biggest threats faced by organizations since these types of hacks can be very difficult for IT teams to identify. This is because an insider – whether he’s an employee or a contractor – is already entrusted with authorized access to at least some systems and applications on a corporate network. It can be very hard for those in IT to decipher whether he’s just performing his regular job tasks, or carrying out something sinister. An angry employee who already has access to company files could be secretly leaking documents to competitors, or he could be sabotaging systems or corrupting data because he is miffed at his employer. The same could be said about former employees, who often retain access to the network even long after leaving the organization. </div><div> </div><div>However, they are most often not deliberately a threat. Outsiders are the ones who have bad intentions, but they don’t have access. Network restrictions are usually strong enough to keep them out. So instead, they focus their efforts on tricking unsuspecting insiders into opening the doors for them. And once inside, they are indistinguishable from the insiders. Employee web browsing is one of the most used pathways to accomplish this. Outsiders set up a website capable of exploiting any computer that browses to it, and then they send emails to the insiders that entice them to click a link to that site. Most employees will not take the bait, but it just takes one person to give in to curiosity and click the link. Malicious outsiders are very good at this. They can craft emails that look like they are from someone within the company and reference projects or people that the recipient knows. It can be very difficult to tell these emails are not legitimate. With a little perseverance, it’s just a matter of time before someone clicks. Because of this, efforts to protect the company from malicious outsiders can only go so far. Companies today must prioritize protecting against threats from their own insiders. One employee clicking the wrong link doesn’t have to put the whole company at risk. Therefore, companies need to take both outsiders and insiders seriously, because they can each have disastrous consequences.</div><div> </div><div> </div><div><br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 09:06:06 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316502813</guid>
      </item>
      <item>
         <title>                                                  PART B</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316502917</link>
         <description><![CDATA[]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 09:08:42 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316502917</guid>
      </item>
      <item>
         <title>                                       PART A</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316502963</link>
         <description><![CDATA[]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 09:10:07 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316502963</guid>
      </item>
      <item>
         <title>Question 3</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316503137</link>
         <description><![CDATA[<div><br></div><div>Suppose your business had an e-commerce Web site where it sold goods and accepted credit card payments. Discuss the major security threats to this Web site and their potential impact. What can be done to minimize these threats?</div><div><br>Malicious software and computer viruses are some of the biggest security threats to any e-commerce website, Viruses are normally from external sources and can corrupt files on website if introduced into internal network. Viruses can completely destroy a computer system and disrupt the operations of th website. Moreover, one of software of malicious which is Trojan horse has ability to capture the client’s information, before any encryption software can take effect. Furthermore, they also can impersonate a customer and pass over bad and malicious codes into the server running the websites.</div><div>To minimize or avoid these viruses, user should takes reasonable precautions to avoid th introduction and spread of computer viruses onto the Rhodes networks. Virus scanning software should be used to check any software downloaded from the internet or obtained from any questionable source. Moreover, virus protection software has to ne installed on the computer, it to check frequently for virus signature upfates and actually to scan the files on the PC.  </div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 09:16:25 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316503137</guid>
      </item>
      <item>
         <title>                             PART C ( case study )</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316503214</link>
         <description><![CDATA[]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 09:18:22 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316503214</guid>
      </item>
      <item>
         <title>Question 1</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316503252</link>
         <description><![CDATA[<div>Is cyberwarfare a serious problem? Why or why not?</div><div> </div><div>Cyberwarfare is a serious problem because it poses a unique and dauting a challenges for security experts, not only in detecting and preventing intrusions but also in tracking down prepetrators and bringing them to justice. The most prominent threats so far include the succesfull attacks on the FAA airline system, including one in 2006 that partially shut down air traffic data system in Alaska. And also the case of cyberspies that inflitrated the U.S electrical grid in April 2009 and left behind software programs whose purpose is unclear. Beside that, it also include the intruders that successfully penetrated the Pentagon’s 300 billion dollar joint strike fighter project and stole several terabytes of data related to design and electronics systems. In Iraq, insurgents intercepted Predaor drone feeeds using software downloade from the internet.</div><div> </div><div><br></div><div> </div><div> </div><div><br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 09:19:31 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316503252</guid>
      </item>
      <item>
         <title>Question 2</title>
         <author>shira_husna</author>
         <link>https://padlet.com/shira_husna/csc408revision/wish/316503352</link>
         <description><![CDATA[<div>What solutions are available for this problem? Do you think they will be effective? Why or why not?<br><br></div><div>Because the whole issue of cyberspace and the problems and damage it can cause is quite new and is still on the rise, many things have not yet been internationally agreed on and many states take different measures. Cyber attacks can be prevented with two different types of measures: The first type intending to prevent states from carrying out cyber attacks and the second type being measures to increase security of the networks which have the highest risk of being attacked. Most states have laws regulating computer crimes done by individuals or non-state actors to hopefully prevent any cyber attacks but other states are not bound to any rules yet. They would only have to be aware of the reaction of the attacked country. Besides definitions of cyber warfare and information warfare and other important terms, an internationally agreed list of computer crimes or rules should therefore be established, maybe in combination with an organization monitoring the cyberspace, with large and serious consequences against states violating these rules. Each state should increase its own security measures against cyber attacks. In order to do this as effectively as possible governments should establish, if not yet done so, an agency whose solely focus is on the cyberspace and cyber attacks. Moreover they should follow the example of the USA and conduct simulations on a regular basis, maybe even in cooperation with other countries, in order to analyse their current security measures. Once they have done that, they will have a bigger insight into the strength of their security measures and should try to strengthen the most vulnerable parts. It is important to notice, that many internet networks are all connected to a big network which is like the gateway to the whole internet. These are in most cases not managed by the governments but by large technological companies or universities. Governments should hence support these companies and organizations financially to protect their network as well as possible. If these gateways are protected well, then a large number of cyber attacks can be stopped and the government, banks, companies and all other entities threatened could handle the few remaining attacks more easily. <br><br>However, the strength of a security system is not always the most important part as the potential strength of attacks is steadily growing, sometimes it’s more important to take different measures. Two very controversial ideas are the kill switch and the electrical wall. The kill switch could shut down the internet of certain areas, whether it is only concerning a company, a city or a whole country, in case of serious cyber attacks. The electrical wall intends to inspect every data package coming into the country’s network and compares it to known signatures and in case of a match do not let them through. Both these ideas can be very useful and even save lives, however, if used by the wrong person or government, they can violate basic human rights by censoring certain parts of the internet. Therefore such measures have to be evaluated very carefully and include certain restrictions. In general all states should consider their possibilities with care as the internet is a symbol for freedom and a state interfering with the internet could lead to protest of the civilians. Because the internet connects everyone worldwide, each state is equally affected. Cooperations between countries and international agreements could therefore prove very useful leaving only non-state actors as a possible cyber threat.<br><br></div>]]></description>
         <enclosure url="" />
         <pubDate>2018-12-22 09:21:57 UTC</pubDate>
         <guid>https://padlet.com/shira_husna/csc408revision/wish/316503352</guid>
      </item>
   </channel>
</rss>
