The document discusses various topics related to computer maintenance including scheduled maintenance, breakdown maintenance, frequency of breakdowns, and classifications of maintenance. It also covers differences between threats, vulnerabilities, and risks and ways to prevent man-in-the-middle attacks and secure servers.
The document discusses various topics related to computer maintenance including scheduled maintenance, breakdown maintenance, frequency of breakdowns, and classifications of maintenance. It also covers differences between threats, vulnerabilities, and risks and ways to prevent man-in-the-middle attacks and secure servers.
The document discusses various topics related to computer maintenance including scheduled maintenance, breakdown maintenance, frequency of breakdowns, and classifications of maintenance. It also covers differences between threats, vulnerabilities, and risks and ways to prevent man-in-the-middle attacks and secure servers.
The document discusses various topics related to computer maintenance including scheduled maintenance, breakdown maintenance, frequency of breakdowns, and classifications of maintenance. It also covers differences between threats, vulnerabilities, and risks and ways to prevent man-in-the-middle attacks and secure servers.
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1/ 4
1.
A ____ is a small program embedded inside of a GIF image
A. web bug 2. A hacker that changes or forges information in an electronic resource, is engaging in……… D. data diddling 3. The time elapsed from the point the machine fails to perform its function to the point it is repaired C. Both (A) and (B) 4. Scheduled Maintenance is _______ between breakdown maintenance and the preventive B. Compromise. 5. (Number of Breakdowns/Available machine hours) =___ B. Frequency of breakdown 6. The ____ goes on increasing with the increase in degree of maintenance efforts C Labour and Overhead Cost 7. The following is (are) the scheduled maintenance D. All of the above 8. The Phrase ____ describes viruses, worms, Trojan horse attack applets and attack scripts A. malware 9. Hackers often gain entry to a network be pretending to be at a legitimate computer C. IP Spoofing 10. The following is not a classification of maintenance B. Timely maintenance
11. What is the difference between threat, vulnerability and a risk?
Difference between Threat, Vulnerability, and Risk Threat Vulnerability Risks
Take advantage of vulnerabilities in the system Known as the weakness in hardware, and have the potential to software, or designs, which might The potential for loss or destruction of data is caused 1. steal and damage data. allow cyber threats to happen. by cyber threats.
Generally, can’t be 2. controlled. Can be controlled. Can be controlled.
Vulnerability management is a Reducing data transfers, downloading files from
process of identifying the problems, reliable sources, updating the software regularly, then categorizing them, prioritizing hiring a professional cybersecurity team to monitor Can be blocked by managing them, and resolving the data, and developing an incident management plan, 4. the vulnerabilities. vulnerabilities in that order. etc. help to lower down the possibility of cyber risks.
Can be detected by anti- Can be detected by penetration Can be detected by identifying mysterious emails, virus software and threat testing hardware and many suspicious pop-ups, observing unusual password 5. detection logs. vulnerability scanners. activities, a slower than normal network, etc.
12. What port does ping work over?
If you're accustomed to working with different computer systems to send data across the internet, you might be used to thinking in terms of internet ports. These are essentially numbers assigned to different types of data sent on the internet, from World Wide Web data to Windows file transfer to various email systems. One common internet service that doesn't use ports at all is the ping service, which is used to check if computers and connections are working properly.
What Port Does Ping Use?
When you send messages across the internet, they're normally routed using what's called the internet protocol (IP). That's a standard way for computers to talk to one another to pass messages from machine to machine to get where they're going. Probably the best-known aspect of IP is the IP address, a numerical address similar to a phone number that's used to route internet messages to a particular machine.
13. Which is the most secure: SSL, TLS or HTTPS
SSL stands for secure socket layers. SSL is basically a part of HTTPS protocol which is responsible for the encryption of the Internet security protocol. It is responsible for the integrity of data, the confidentiality of data, and its availability to authorized users only. SSL is the main protocol that performs the encryption task in HTTPS protocol to convert it into a random string of alphabets and numbers. SSL has a popular handshake authentication procedure where it authenticates and only allows authorized devices to perform the communication over the Internet. SSL also performs digital signatures on each of the conversations that take place over the Internet.
SSL is a secure protocol that provides safer conversations between two or more parties across the internet. It works on top of the HTTP to provide security. In terms of security, SSL is more secure than HTTPS.
TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from DigiCert you are actually buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption.
HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.
14. What could you do to prevent a man-in-the-middle attack?
5 ways to prevent MITM attacks
1. Secure connections A secure internet connection is your first line of defence. To that end, only visit websites with a secure HTTP connection using SSL (Secure Socket Layer) technology. The additional SSL protection prevents MITM attacks.
2. VPN One of the best practices for network security is to use a VPN (virtual private network) when connecting online. A VPN encrypts the data you send online.
Another VPN benefit: If you must connect to public Wi-Fi, doing so through a VPN provides protection.
3. Endpoint security Despite your best efforts, you or your staff can fall prey to MITM attacks. These attacks combine with malware to gain unrestricted access to your device or IT network.
4. Multi-factor authentication If you’re tricked by a MITM attack and the criminal gains your login credentials through a fake website, all is not lost if you use multi-factor authentication (MFA).
5. Education Businesses are particularly vulnerable to MITM and other cyberattacks. Organizations are attractive targets for criminals, and unsuspecting employees can unwittingly open doors for these villains.
18. What are your first three steps when securing a server?
1. Review your server status: Following a regular and routine monitoring process can catch a problem before it snowballs. Begin by conducting a review of your server’s status, and check whether there are any problems with its CPU, RAM, disk usage, running processes and other metrics, as these will often help detect server security issues.
Ideally, store network services logs, site access logs, database logs (Microsoft SQL Server, MySQL, and Oracle) and check them frequently. Then investigate the cause of any strange log entries you find. 2. Automate your security updates: Most vulnerabilities have a zero-day status. It takes very little time before a public vulnerability is used to create an attack. But by applying automatic security updates and security patches as soon as they are available you can minimise the risk.
3. Set up perimeter security with firewalls: Applications like border routers and firewalls can help filter for known threats, automated attacks, malicious traffic, DDoS filters, bogus IPs, and untrusted networks. Your local firewall can monitor for attacks such as port scans and SSH password guessing, and block any security threat from attacking the firewall. A web application firewall will also filter incoming web page requests, and can block any that have been deliberately created to break or compromise your website.
4. Remove unnecessary services: Typical default operating system installations and network configurations (Remote Registry Services, Print Server Service, and RAS) are not secure. Ports are left vulnerable to abuse with more services running on an operating system. It’s best, therefore, to disable all unnecessary services.
19. Explain the implications of poor management commitment to computer security
IT is now the cornerstone of how every modern business operates. With that comes the unassailable fact that proper levels of IT security are not negotiable. If you are not taking proper steps to ensure the security of your business’s IT systems, you are placing your business at risk. Along with yourself, your employees, and your customers/clients at great personal risk.
Confidential data is compromised
When IT security is lax, it invites data thieves to pray on the confidential data your business carries. Think for a moment about the data you deal with on a daily basis. Customer information, payment details, bank accounts, employee and client details, credit and debit cards, details about your suppliers and other clients. The list goes on.
Negative public image
Nobody wants to do business with a company that is not secure. It is as simple as that. Think about it, would you choose to spend your hard-earned money with a business that has just proved itself unable to handle customer data securely or too careless to put in the effort to increase security levels? No, you wouldn’t, and nor will your customers if your security is compromised.
Financial losses This is a direct result of the last point because of that damage to your public image having an obvious knock-on effect on your ability to be competitive in the marketplace. If more customers don’t feel their confidential data is secure, they will choose to give their business to your competitors which will drastically hit your profits.
Staffing problems The issues that arise from your negative image from a data security perspective will not just affect how your business is viewed by customers and clients. The damage could be even more far-reaching internally than externally.
Legal issues Don’t forget that if your business deals with any sort of confidential information, then you are going to almost certainly be under some form of a legal requirement to take the proper steps to keep that information safe. The data could be in the form of employee and client details or other confidential data.
23. Discuss five major components of IT Security Management
Following Top 5 Key Elements of an Information Security
1. Confidentiality Data and information assets should be confine to individuals license to access and not be disclose to others; I Confidentiality assurance that the information is accessible those who are authorize to have access. Confidentiality breaches may occur due to improper data handling or a hacking attempt.
2. Integrity Keeping the information intact, complete and correct, and IT systems operational; Integrity is the trustworthiness of data or resources in the prevention of improper and unauthorized changes the assurance that information is sufficiently accurate for its purpose. 3. Availability An objective indicating that data or system is at disposal of license users once require. Availability is the assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users. Availability means data is accessible by licensed users.
4. Authenticity A security policy includes a hierarchical pattern. It means inferior workers is typically certain to not share the small quantity of data they need unless explicitly approved. Conversely, a senior manager might have enough authority to create a choice what information is shared and with whom, which implies that they’re not tied down by an equivalent data security policy terms.
5. Non-Repudiation It is the assurance that somebody cannot deny the validity of one thing. It may be a legal thought that’s widely used in data security and refers to a service that provides proof of the origin of information and also the integrity of the information.
24 Discuss the importance of involving security in system development life cycle
Security System Development Life Cycle (SecSDLC) is defined as the set of procedures that are executed in a sequence in the software development cycle (SDLC). It is designed such that it can help developers to create software and applications in a way that reduces the security risks at later stages significantly from the start. The Security System Development Life Cycle (SecSDLC) is similar to Software Development Life Cycle (SDLC), but they differ in terms of the activities that are carried out in each phase of the cycle. Phases involved in SecSDLC are:
System Investigation: This process is started by the officials/directives working at the top level management in the organization. The objectives and goals of the project are considered priorly in order to execute this process.
System Analysis: In this phase, detailed document analysis of the documents from the System Investigation phase are done. Already existing security policies, applications and software are analyzed in order to check for different flaws and vulnerabilities in the system. Upcoming threat possibilities are also analyzed. Risk management comes under this process only.
Logical Design: The Logical Design phase deals with the development of tools and following blueprints that are involved in various information security policies, their applications and software.
Physical Design: The technical teams acquire the tools and blueprints needed for the implementation of the software and application of the system security. During this phase, different solutions are investigated for any unforeseen issues which may be encountered in the future.
Implementation: The solution decided in earlier phases is made final whether the project is in-house or outsourced. The proper documentation is provided of the product in order to meet the requirements specified for the project to be met.
Maintenance: After the implementation of the security program it must be ensured that it is functioning properly and is managed accordingly. The security program must be kept up to date accordingly in order to counter new threats that can be left unseen at the time of design.
Lucia Embrado and Oreste Torregiani, Petitioners, vs. Court of Appeals, Pacifico Cimafranca, Marcos Salimbagat, Eda Jimenez and Santiago Jimenez, Respondents.
Lucia Embrado and Oreste Torregiani, Petitioners, vs. Court of Appeals, Pacifico Cimafranca, Marcos Salimbagat, Eda Jimenez and Santiago Jimenez, Respondents.
