Deck 11: Security and Ethics

A single computer without access to e-mail or the Internet is easy to protect and has a low risk of attack.

When nonsynchronized processes access data records and modify some but not all of a record's fields, it is called "accidental incomplete modification of data."

A logic bomb often spreads unnoticed throughout a network until it goes off and does its damage.

A firewall sits between the network and the individual computers.

One popular authentication tool is Kerberos, a network authentication protocol developed as part of the Athena Project at MIT.

Software to combat viruses is always preventive.

A gap in system security is always malicious.

The Kerberos protocol does not provide a mechanism for revoking access from users who should no longer have access.

A virus is defined as a small program written to alter the way a computer operates, without the permission or knowledge of the user.

If a password consists of ten characters, it would take a human about 4.5 years to guess the password if the human makes one try each second.

Wire tapping is when unauthorized users gain the capability to search through storage, directories, or files for information they aren't privileged to read.

Some viruses are benign.

There are several guaranteed methods of protecting your system from assault.

Any vulnerability at the operating system level opens the entire system to attack.

A master boot record virus infects both the boot record and program files, making them especially difficult to repair.

Intrusion detection is an example of a strategy for improving system survivability based on knowledge gained from intrusions.

Backups become significant when a computer virus infects your system.

The most extreme form of encryption is partial encryption.

The only way to remove a Trojan horse is to remove the entire body of the malicious program.

Default passwords pose unique vulnerabilities because they are widely known among system attackers but are a necessary tool for vendors.

In public/private key encryption, the private key is a pair of two prime numbers chosen by the person who wants to receive a private message.

In 1977 the IEEE and the Association for Computing Machinery (ACM) issued a standard of ethics for the global computing community.

A continuing series of security awareness and ethics communications to computer users is more effective than a single announcement.

Spooling is a security threat that relies on cleartext transmission whereby the assailant falsifies the IP addresses of an Internet server by changing the address recorded in packets it sends over the Internet.