DCOM 258 Lab 02 Computer System Security

Security + Computer System Security
Name: Shaamim Ahmed
DCOM 258 E31
Chapter 02
I.
Define the following, list the source and/or page # of the definition: (20 points)
I.
Malware:
Answer: Malicious software: Known as malware, this includes
computer viruses, worms, Trojan horses, spyware, rootkits, adware, and
other types of unwanted software. Everyone has heard of a scenario in
which a users computer was compromised to some extent due to
malicious software.
Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,
Academic Edition, Page No. 5
II.
Adware:
Answer: Adware is a form of software that downloads or displays unwanted ads when a
user is online, collects marketing data and other information without the user's knowledge
or redirects search requests to certain advertising websites. Adware that does not notify
the user and attains his or her consent is regarded as malicious.
Source:
center/threats/adware#.Vz9lIpErLIU
III.
https://usa.kaspersky.com/internet-security-
Grayware:
Answer: Grayware is another general term that describes applications that are behaving
improp- erly but without serious consequences. It is associated with spyware, adware,
and joke programs.
IV.
Threat vector:
Answer: Threat vector, the method a threat uses to gain access to a target computer.
V.
Attack vector:
Answer: "attack vector means by which an attacker gains access to a computer.
VI.
Typosquatting:
Answer: Typosquatting also known as URL hijacking, a method used by attackers that
takes advantage of user typos when accessing websites. Instead of the expected website,
the user ends up at a website with a similar name but often malicious content.

Name: Shaamim Ahmed
VII.
DCOM 258 E31
Botnet:
Answer: A group of compromised computers used to distribute malware across the
Internet; the members are usually zombies.
VIII.
Zombie:
Answer: A zombie is an individual compromised computer connected to the Internet. The
owner is unaware that the computer has been installed with malware. The zombie can be
updated and controlled remotely from a master computer at a control center. This master
computer controls the entire botnet or group of compromised computers. A virus is code
that runs on a computer without the users knowledge, infecting files. A worm is similar
to a virus but has the capability to self-replicate to other systems. Spam is unwanted, or
unsolicited, e-mail.
Academic Edition, Page No. C-4
IX.
Program virus:
Answer: A program virus becomes active when the program file (usually with extensions
.BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is opened. Once active, the virus will
make copies of itself and will infect other programs on the computer.
Source: http://vidarbhastudents.com/note/computer-virus/
X.
Active Interception:
Answer: Active interception normally includes a computer placed between the sender
and the receiver to capture information
Academic Edition, Page No. A-2
XI.
Privilege escalation:
Answer: Signature-based: "Privilege escalation is the act of exploiting a bug or design
flaw in a software or firmware application to gain access to resources that normally
wouldve been protected from an application or user. This results in a user gaining
additional privileges, more than were originally intended by the developer of the
application; for example, if a regular user gains administrative control, or if a particular
user can read another users e-mail without authorization."
XII.
Backdoors:
Answer: Backdoors are used by programmers and hackers to gain access to software,
operating systems, and devices without having to provide proper authentication. One
example, Back Orifice, uses backdoors to enable the remote control of Windows
computers.
XIII.
Logic bomb:

Name: Shaamim Ahmed
DCOM 258 E31
Answer: logic bomb is a Code that has, in some way, been inserted into software; it is
meant to initiate some type of malicious function when specific criteria are met.
XIV.
Statistical Anomaly:
Answer: It establishes a performance baseline based on normal network traffic evaluations, and then compares current network traffic activity with the baseline to detect
whether it is within baseline parameters. If the sampled traffic is outside baseline
parameters, an alarm is triggered and sent to the administrator.
XV.
Time bomb:
Answer: Time bomb is a Trojan set off on a certain date.
XVI.
Polymorphic virus:
Answer: A polymorphic virus is a complicated computer virus that affects data types and
functions. It is a self-encrypted virus designed to avoid detection by a scanner. Upon
infection, the polymorphic virus duplicates itself by creating usable, albeit slightly
modified, copies of itself.
Source: https://www.techopedia.com/definition/4055/polymorphic-virus
Page A-3
XVII.
Easter egg:
Answer: A platonic extra added to an OS or application as a sort of joke; the harmless
cousin of the logic bomb.
XVIII.
Open mail relay:

Answer: open mail relay
Also known as an SMTP open relay, enables anyone on the
Internet to send e-mail through an SMTP server.
XIX.
Host-based intrusion detection system (HIDS):

Answer: Host-based intrusion detection systems (HIDSs) run within the operating
system of a computer. Because of this, they can slow a computers performance. Most
HIDS do not detect network attacks well (if at all). However, a HIDS can detect operating
system attacks and will usually have a high level of detection for those attacks.
XX.
Personal firewall:

Name: Shaamim Ahmed
DCOM 258 E31
Answer: A personal firewall is an application which controls network traffic to and from
a computer, permitting or denying communications based on a security policy. Typically
it works as an application layer firewall.
Source: https://en.wikipedia.org/wiki/Personal_firewall
XXI.
Pop-up blocker:
Answer: Pop-up blockers are associated with web browsers. They are used to block
unwanted advertisements common to many websites. Personal firewalls are software
installed to an operating system to protect it from the Internet and from other networked
computers. Anti- spyware programs are installed to prevent the installation of spyware.
Spyware is software that tracks what a person is doing on the Internet. Service packs are
collections of patches installed at one time to an operating system.
XXII.
Ad filtering:
Answer: Ad filtering, the ways of blocking and filtering out unwanted advertisements;
pop-up blockers and content filters are considered to be ad filtering methods.
XXIII.
Boot sector virus:

Answer: "Boot sector, initially loads into the first sector of the hard drive; when the
computer boots, the virus then loads into memory"
XXIV.
Content filters:
Answer: Content Filter also known as information filtering) is the use of a program to
screen and exclude from access or availability Web pages or e-mail that is deemed
objectionable.
Source: www.searchsecurity.techtarget.com/definition/content-filtering
XXV.
Hardware security module:
Answer: Hardware security modules (HSMs) and USB encryption require additional
hardware. A host-based intrusion detection system requires either additional software or
hardware.
XXVI.
Trusted platform module:

Answer: Trusted platform module (TPM)A chip residing on the motherboard that
actually stores the encrypted keys.
XXVII.
Bluejacking:

Name: Shaamim Ahmed
DCOM 258 E31
Answer: Bluejacking is the sending of unsolicited messages to Bluetooth-enabled

devices such as mobile phones. Bluejacking can be stopped by setting the affected
Bluetooth device to undiscoverable or by turning off Bluetooth altogether."
XXVIII.
Stealth virus:
Answer: Stealth viruses attempt to avoid detection by antivirus software altogether.
XXIX.
Bluesnarfing:
Answer: Bluesnarfing is the unauthorized access of information from a wireless device
through a Bluetooth connection. Generally, bluesnarfing is the theft of data (calendar
information, phonebook contacts, and so on).
XXX.
Application white-listing:
Answer: Application white-listing
applications.
method
of
restricting
users
to
specific

XXXI.
Storage segmentation:
Answer: Storage segmentation is a clear separation of organizational and personal
information, applications, and other content.
XXXII.
Armored Virus:
Answer: Armored virus attempts to make disassembly difficult for an antivirus software
program. It thwarts attempts at code examination. Stealth viruses attempt to avoid
detection by antivirus software altogether. Polymorphic viruses change every time they
run. Worms are not viruses.

Name: Shaamim Ahmed
XXXIII.
DCOM 258 E31
Mobile device management (MDM):

Answer: Mobile Device Management or MDM, a system that enables a security
administrator to configure, update, and secure multiple mobile devices from a central
location."
XXXIV.
System failures:
Answer: System failure means computer crashes or individual application failure. This
can happen due to several reasons, including user error, malicious activity, or hardware
failure.
XXXV.
Social engineering:
Answer: Social engineering, the act of manipulating users into revealing confidential
information or performing other actions detrimental to the user. Almost everyone gets emails nowadays from unknown entities making false claims or asking for personal
information (or money!); this is one example of social engineering.
XXXVI.
Virus:
Answer: Virus, a kind code that runs on a computer without the users knowledge; it
infects the computer when the code is accessed and executed.
XXXVII.
Worm:
Answer: A worm is much like a virus except that it self-replicates, whereas a virus does
not. Worms take advantage of security holes in operating systems and applications
(including backdoors, which we discuss later). They look for other systems on the
network or through the Internet that are running the same applications and replicate to
those other systems.
XXXVIII.
Trojan horse:
Answer: A Trojan horse disguises itself as a legitimate program but conducts malicious
activity behind the scenes. Logic bombs are code designed to set off at a particular time.
They may set off viruses or worms that can cause additional damage to the system. The
only one of the answers that actually disguises itself is a Trojan horse.
XXXIX.
False positive:

Name: Shaamim Ahmed
DCOM 258 E31
Answer: False positive is a system authenticates a user who should not

be allowed access to the systemfor example, when an IDS/IPS blocks
legitimate traffic from passing on to the network.
XL.
Ransomware:
Answer: Ransomware
is a type of malware that restricts access to a computer
system, and demands a ransom be paid.
XLI.
Spyware:
Answer: Spyware is a type of malicious software either downloaded unwittingly from a
website or installed along with some other third-party software. Usually, this malware
collects information about the user without the users consent. Spyware could be as
simple as a piece of code that logs what websites you access, or go as far as a program
that records your keystrokes (known as keyloggers).
XLII.
False negative:
Answer: False negative is a system denies a user who actually should be allowed access
to the system, for example, when an IDS/IPS fails to block an attack, thinking it is
legitimate traffic.
XLIII.
Rootkits:
Answer: A rootkit is a type of software designed to gain administrator-level control over
a computer system without being detected. The term is a combination of the words root
(meaning the root user in a Unix/Linux system or administrator in a Windows system)
and kit (meaning software kit).
XLIV.
Multipartite virus:
Answer: Multipartite virus a kind of hybrid boot and program viruses that attacks the
boot sector or system files first and then attacks the other files on the system.

Name: Shaamim Ahmed
DCOM 258 E31
XLV.
Spam:
Answer: Spam e-mail can be prevented in several ways. By closing open mail relays,
also known as SMTP relays, only properly authenticated users can use those e-mail
servers. A virus is code that runs on a computer without the users consent.
XLVI.
Network intrusion detection system (NIDS):

Answer: NIDS, or network intrusion detection system, cannot proactively detect
computer anomalies. It is deployed to the entire network and looks for a network
intrusion, not intrusions to individual computers. HIPS (host-based intrusion prevention
system), antivirus software, and personal software firewalls can all be loaded on an
individual computer and can be updated as well. These can proactively detect computer
anomalies.
XLVII.
Macro virus:
Answer: Macro virus usually placed in documents and e-mailed to users in the hopes that
the users will open the document, thus executing the virus.

DCOM 258 Lab 02 Computer System Security

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

DCOM 258 Lab 02 Computer System Security

Diunggah oleh

Hak Cipta:

Format Tersedia

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

Security + Computer System Security

DCOM 258 E31

Security + Computer System Security

DCOM 258 E31

Open mail relay:

Host-based intrusion detection system (HIDS):

Security + Computer System Security

DCOM 258 E31

Boot sector virus:

Trusted platform module:

Security + Computer System Security

DCOM 258 E31

Answer: Bluejacking is the sending of unsolicited messages to Bluetooth-enabled

Source: Prowse, David L. CompTIA Security+ SY0-401 Approved Cert Guide,

Security + Computer System Security

DCOM 258 E31

Mobile device management (MDM):

Security + Computer System Security

DCOM 258 E31

Answer: False positive is a system authenticates a user who should not

Security + Computer System Security

DCOM 258 E31

Network intrusion detection system (NIDS):

Anda mungkin juga menyukai