DC2004, Chapter 11 Checkpoint Solution

This page modified on 01/02/04.

Label the Figure

  1. (e) System failure is the prolonged malfunction of a computer.
  2. (a) Computer viruses, worms, and Trojan horses negatively alter a computer's operations.
  3. (f) Unauthorized access and use is using a computer without permission.
  4. (b) Hardware theft is stealing computer equipment.
  5. (d) Software theft is stealing or illegally copying software.
  6. (c) Information theft is stealing confidential information.

True/False

Answer Correct Statement
1. F Some breaches to computer security are accidental.
2. F A Trojan horse hides within and looks like a legitimate program.

A worm copies itself repeatedly.
3. T A recovery disk is a removable disk that contains an uninfected copy of key operating system commands and startup information that enables the computer to restart correctly.
4. T A cracker is someone who tries to access a computer or network illegally.
5. T A honeypot [buzz] is a program designed to entice an intruder to hack into the computer.
6. F Software theft occurs when someone steals software media, intentionally erases software programs, or illegally copies a software program. [Intentionally erasing software is similar to destroying an item in a store rather than walking out of the store with an item without paying for it.]

Piracy is the unauthorized and illegal duplication of copyrighted software.
7. F
[Book wanted T]		 Interference is any unwanted signal that is mixed with the normal voltage entering the computer.

Noise is any unwanted random component that is mixed with the normal voltage entering the computer.
8. T A digital certificate is a notice that guarantees a user or a web site is legitimate.
9. F A hash is a mathematical formula that generates a code from the contents of the message.

A digital signature is an encrypted code that represents the creator of the message.
10. T A cookie is a small text file that a web server stores on your computer.
11. F Web filtering software is a program that excludes access to specified web sites.
12. T Computer addiction occurs when the computer consumes someone's entire social life. (Book answer.) [The value of social contact is context dependent. In a prison, maybe focusing tightly on a computer is healthier.]

Computer addiction constitutes a consuming attention to the computer to the extent that the person thereby makes harmful decisions or neglects to make beneficial decisions necessary for survival.

Multiple Choice

  1. (c) The term cybercrime refers to Internet computer-based illegal acts. [The idea of cybercrime was discussed before the Internet existed.]
  2. (a) The payload is the destructive event or prank that malicious-logic programs are intended to deliver.
  3. (a) An online security service is a web site that evaluates a computer to check for web and e-mail vulnerabilities.
  4. (c) Physical access controls, such as locked doors and windows, usually are adequate to protect against hardware theft.
  5. (d) Software piracy continues because
    1. in some countries, legal protection for software does not exist.
    2. many buyers believe they have the right to copy software.
    3. software piracy is a fairly simple crime to commit.

    The real reasons are:
    ignorance that copying proprietary software is wrong, or
    intentional commission of an act known to be wrong (sin).

  6. (b) Encrypted (scrambled) data is called ciphertext.
  7. (b) A momentary overvoltage, called a spike, occurs when the increase in power lasts for less than one millisecond.
  8. (b) To back up a file means to make a copy of it.
  9. (d) The computer that a hacker uses to execute a DoS or DDoS attack, known as a zombie [buzz], is completely unaware that it is being used to attack other systems.
  10. (d) The Secure Electronics Transactions (SET) specification uses encryption to secure financial transactions on the Internet, such as payment by credit card.
  11. (a) A copyright gives authors and artists exclusive rights to duplicate, publish, and sell their materials.
  12. (b) The Electronic Communications Privacy Act provides the same protection that covers mail and telephone communications to electronic communications such as voice mail.
  13. (a) Web filtering software is a program that restricts access to specified web sites.
  14. (d) Carpal tunnel syndrome is inflammation of the nerve that connects the forearm to the palm of the wrist.

Matching

  1. (b) quarantine: Area of the hard disk that holds an infected file until the infection is removed.
  2. (h) recovery disk: Contains an uninfected copy of key commands and startup information.
  3. (i) cracker: Someone who tries to access a computer or network illegally.
  4. (c) personal firewall: Protects a personal computer from unauthorized intrusions.
  5. (l) password: Private combination of characters associated with a user name.
  6. (f) biometric device: Translates a personal characteristic into digital code.
  7. (k) de(en)cryption key: programmed formula that a data recipient uses to decrypt ciphertext.
  8. (j) certificate authority (CA): Company that issues and verified digital certificates.

Short Answer Questions

1a. How do antivirus programs detect and identify a virus?

Detection:
Search for a virus signature.  This is a known pattern contained within the virus, not a complete copy of the virus.  There may be more than one virus having the same signature.  If the signature is detected, there is a high likelihood that it is associated with a virus.
Record program file size and creation date when it is assumed good.  When scanning files, match this entry to the program current entry.  If there is a mismatch, the flag the program file as a potential problem.
Search for direct use of privileged instructions by application programs.  Privileged instructions are normally used only indirectly through calls to system software.

Identification:
Usually, antivirus detection programs only identify the class and family of a virus.  If only one specific virus is known to use the matched signature, then precise identification can be made.
It is usually not necessary to identify which particular virus has been detected.

1b. What is a virus hoax?

    A virus hoax is an e-mail message that warns users of a nonexistent virus. [Worm and Trojan Horse are types of viruses.]

2a. How is identification different from authentication?
Identification verifies that an individual is a valid user.
Authentication verifies that the individual is the person he or she claims to be.

In network security,
Authentication is a two-part process:
Guarantee that a person is who they claim to be
Guarantee that a person is authorized to perform the actions they attempt

2b. What are four methods of identification and authentication?
User names and passwords
Possessed objects
Biometric devices
Callback systems

3a. What does a single user license agreement typically permit users to do?

3a. What conditions typically are included in a single-user license agreement?
Users can install the software on only one computer.
Users can make one copy for backup purposes.
Transfer ownership, without retaining any copies.

3b. What does it not permit users to do?
Users cannot install the software on a network, such as a school computer lab network.
Users cannot give copies to friends and colleagues.
Export the software.
Rent or lease the software.

4a. How is a brownout different from a blackout?
Brownout: a prolonged low voltage condition.
Blackout: a complete power failure.

4b. How is a standby UPS different from an online UPS?
Standby UPS switches to battery power when line power failure occurs.
Online UPS always supplies power from a battery to the computer.  When line power is available, the online UPS charges the battery.

5a. How is a full backup different from a selective backup?
Full backup: copies all of the files in the computer.
Selective backup: users choose which folders and files to include in a backup.

5b. What is a three-generation backup policy?

    Preserves three generations of backups of important files. [This is really wise for important files.  When you do your senior honors thesis, use the three-generation backup policy.]

DC2002 Short Answer Questions

1.a.  What is an Internet appliance?

    An Internet appliance, also called an information appliance, is a computer with limited functionality whose main purpose is to connect to the Internet from home.  A popular Internet appliance is a set-top box, such as WebTV.

    An Internet appliance is a special case of a network computer, characterized by no secondary storage devices such as a hard disk or floppy disk.  

1.b.  Why would someone want to use one of these devices?

    A motivation for using one of these devices is to surf the Web without buying a more expensive general purpose computer.

2.a.  What is CBT?

    Computer-Based Training, also called Computer-Aided Instruction (CAI), is the application of a computer to the instructional process.  Sophistication and cost varies greatly.

2.b.  What are some advantages of CBT?
Multimedia content delivery.
Simulation (automatic and interactive). Useful for training when:
the real situation is dangerous to the student (driving, flight emergencies, nuclear reactor transients)
the real situation is dangerous to others (surgery, nuclear combat)
the real situation is expensive (flight training, nuclear reactor operation, electronic circuits)
The real situation is politically sensitive (war gaming)
the real situation is time consuming (laboratory experiments for well-known processes: electronic circuits [PSpice], physics, chemistry, computer operating system theory, computer architecture [PCSim])
Automated testing and grading. [Blackboard, SAMs, Scientific Notebook Exam Builder]
Frees instructor to spend more time with students, preparation time, and other instructional activities.
Students get more immediate feedback.  This is important in foundational vertical knowledge subjects.  Possible to provide individual students with more information on incorrect answers that have been observed and analyzed in the past.
Individualized instruction
Self-paced study.  The strong student can work fast; the struggling student can eventually achieve without having to be a slave to a group schedule.
Adaptive instruction: Do not need to spend time on material the student already knows, and can spend more time on areas the student needs more instruction.  Instruction can be tailored to the student based on test results.  Instructional schedule does not require skipping steps to meet semester deadlines for covering the required scope of material.
Good for practicing skills and building experience base.
Language skills.
Typing skills.
Basic mathematics.
An educational institution is not restricted to offering subject instruction only when a qualified faculty member is available to lecture.  This relaxes constraints on university scheduling, and helps a student continue progress towards degree attainment.
Portable training for PC-based computer-based training.
Mailing a CD or FTP download of training software is easier, faster, and cheaper than flying a person to a training location.
As a method of distance education, can form classes for students widely dispersed geographically.
Employers do not lose services of employees by having to send them off for school.
Employers or students do not need to bear extra transportation and living costs of residential study.
People can use computer based training at home.
Preserve expert knowledge.
The knowledge of an expert can be preserved for future generations of students through packaged training, which secures the economic investment of an academic institution in that person while on the staff.  This is particularly helpful if the expert is either expert in a very specialized field (graduate level work), or is very talented in delivery of instruction (undergraduate work).
Less talented or knowledgeable instructors can profitably use the resources prepared under the guidance of an expert.

    Computer-based training is (often much) more expensive to produce and deliver.  Compared to classroom lecture based teaching, computer-based training requires an order of magnitude more effort to do well.  It takes at least ten times the man hours to produce a CBT course as it does to produce a live classroom course. Unlike a live classroom, adaptive teaching requires you to think through in advance all the possible questions a student might ask.  In a live classroom, a teacher needs to spend adaptive time responding to questions that actually get asked. If video taping in a studio is involved, the production cost skyrockets. The cost of this approach is only recovered if enough students use it.

    CBT is cost effective for subjects at a level that are well established, such as undergraduate mathematics. Once the learning modules are constructed, they can be used for long periods of time without additional manpower required.

    CBT can be cost effective for subject areas in which there are not enough experts to satisfy demand, even if the subject area is changing rapidly.

    Some computer-based training requires specialized computer hardware and sometimes attached simulation devices.  Not all computer-based training is PC-based.

2.c.  How do simulations help someone learn?

    Simulations, or computer-based models of real-life situations, allow students to learn skills in hazardous, emergency, or other situations.  

3.a.  What is e-commerce?

    Electronic commerce is a financial business transaction that occurs over an electronic network such as the Internet.

3.b.  How has it changed the way in which an organization does business?

    E-commerce virtually eliminates the barriers of time and distance that slow traditional transactions.

3.c.  What are some examples of e-commerce transactions?

    Examples of e-commerce transactions include retail sales of goods and services, auctions, gambling, barter, financial management, online banking, insurance transactions, billing and payment for separately delivered goods and services, and stock trading.

4.a.  What is a global positioning system (GPS)?

    The global positioning system is a system of satellites, a local receiver, and software that computes the location of the receiver.

4.b.  What are some advantages of a GPS?

    A GPS system is used for automatic position determination and as an aid to navigation.  

    Use of GPS receivers in the trucking and shipping industry has significantly reduced theft and aided recovery of stolen containers and trailers.  GPS is very helpful for emergency services navigation, such as fire, police, rescue, medical doctor, etc., to get help to the desired location.  It is a luxury item in some privately owned vehicles.

    GPS units are sometimes combined with other computer devices for remote use.

5.a.  What is the digital divide?

    The digital divide is the idea that you can separate people of the world into two distinct groups: (a) those who have access to technology with the ability to use it and (2) those who do not have access to technology or are without the ability to use it.  Technology includes items such as telephones, television, computers, and the Internet.

5.b.  What agencies and companies are working to eliminate the divide?

    The text cites Microsoft, Toshiba, Gateway, AOL, Hewlett-Packard, Federal Communications Commission as taking actions to make technology more widely available.

5.c.  What programs have been launched in an effort to eliminate the digital divide?

    Microsoft and Toshiba's Anytime Anywhere Learning program provides teachers and students with notebook computers equipped with Microsoft Office.  Gateway's Teach America! program provides online computer training to teachers.  Gateway's PowerUp program seeks to place technology in schools and community centers.  AOL offered free Internet access accounts at PowerUp sites.  Hewlett-Packard invested in a building to provide technology training to low-income Californians.  The Federal Communications Commission offered telephone service to Native Americans for $1 per month.

Other Short Answer Questions from DC2001

5a. Why do Web sites use cookies?
Track user preferences.
Track items in your shopping cart for on-line sales.
Track how often you visit a particular web site or web page.
Store personal information to target advertisements.

5b. What cookie-related practice often is considered unethical?
Some web server owners collect and distribute information (for sale, trade, or other purposes) contained in cookies without informing you they are doing it.

3a.  How is an electronic book different from an e-book?
An electronic book is a book in electronic format.  It has the advantage that it can incorporate hyperlinks or expansions and multimedia.  A common example is the electronic encyclopedia.  A less common example is the mathematics book that hides proofs of theorems except when the reader wants the text expanded.  This permits the knowledgeable reader to only view the level of detail required, while preserving more detail for the novice reader.
Page 14.51 used "e-book" as a synonym for "electronic book".  However, the basic concept described is that of placing the electronic book on its own hardware.  This is an attempt to overcome two problems with the electronic book.  
The first is that of copyright infringement.  By selling an electronic book with no method of making an electronic copy easily, the royalties for selling an electronic book have been safeguarded.
The second is that of having a machine capable of displaying the electronic book in the future.  By making the software and hardware an integral unit, this lengthens the life span over which the electronic book is usable.  The rapid change of storage devices guarantees that we cannot rely on any one format for an extended period of time.  There also is the problem of training the e-book user how to use the e-book device for each e-book used.  
The "Basic Object-Oriented Knowledge" storage device (BOOK) will continue to be used for archival storage.  Its advantages are:
Less expensive to produce in small numbers than an e-book.
It operates without electrical power.
It requires very little training to use.
If the material is preserved, information recorded in it will be easily retrieved centuries from now.
Specialized devices are not required for recording additional notes on the storage media.

3b.  What is a how-to guide?

    A "how-to guide" is a computer-based manual that can include a tutorial, guided procedures (like a Microsoft Wizard), and interactive instruction for infrequent non-vocational tasks.

    This could be useful for computer-aided decision making, such as 
Deciding the trade-off between price of a home versus transportation cost to work over a 10 year period.
Personal financial planning, tax planning and preparation, investment strategies.
Deciding to purchase or lease a new or used car, accounting for maintenance, repair, insurance, and life cycle costs.
Deciding what capabilities in computer hardware and software are best for a family.
Setting up a home computer network.

    For home repairs and auto maintenance, I would get books from Home Depot or NAPA.

Short Answer Questions

1a. In terms of computer viruses, how is a logic bomb different from a time bomb?

    A virus is a computer program.  It can do no harm until it is executed.  A logic bomb begins its destructive work when it detects a predetermined condition.  A time bomb begins its destructive work when a predetermined time on the system clock is detected.  There are two ways a virus such as a logic bomb or time bomb can begin execution, by interrupt or polling.

    The first way is for the virus code to become the target routine for servicing an interrupt.  This requires the virus to execute at least once prior to the condition in order to set the transfer address for servicing the selected interrupt request.  An efficient virus will copy its code into the normal system software on disk so that the needed interrupt service address is always in the state needed by the virus.  A less certain approach is for the virus to be on the startup list and modify the table after it is initialized in memory.  A way of countering this kind of virus is to check the interrupt jump tables against a known good copy immediately after startup to determine if the tables have been altered in an unauthorized way. You have to create a baseline image under benign conditions and check for deviations.  Some interrupt service routines depend on which legitimate program is running, so this approach is not foolproof.  Sophisticated programs may modify jump tables to do error trapping.  A bomb virus that is intended to execute upon the first occurrence of the predetermined condition, however, must choose an interrupt service request that is not likely to be altered by other programs. 

    The other way is for the bomb to actively poll to test if the predetermined condition has occurred yet.  This approach requires that the virus must be activated long before the destructive action takes place, and remain in the execution state.  This might be detected by checking for wasted CPU cycles.

    A sophisticated logic bomb will wait until the nth occurrence or a randomly accepted occurrence of the bomb condition until taking its malicious action.  This means it must maintain a counter somewhere.

1b. What is a worm?

    A worm program copies itself repeatedly in memory or on a disk drive until no memory or disk space remains.  Some worms copy themselves to other computers on a network.

1c.  What are some other types of viruses?

    Other types of viruses are:
Boot sector virus:  A virus that resides on the boot device, and begins execution when the computer it restarted.
File virus or program virus:  A virus that accompanies a legitimate file, which is loaded into memory when the host file is loaded.
Macro virus:  A virus that uses a macro language of an application which executes upon the associated file being opened.  Microsoft Office uses MS Visual Basic for Applications as its macro language.
Trojan horse: A virus that hides within or looks like a legitimate program.  (Beware of Geeks bearing gifs.)
Polymorphic virus: A virus that modifies itself each time it attaches itself to another program or file.
Stealth virus: A virus that resets file allocation table parameters to pre-infection values to escape detection.

2a.  What is an Internet security risk?

    A computer security risk is any event or action that could cause unauthorized use, loss, misuse, theft, unwanted alteration, or damage to computer hardware, software, or data.  An Internet security risk includes these risks, applied to the Internet.

    Information is data; processing capability is the combination of hardware and software.

2b.  What are some security techniques?

    Some techniques for computer security include: 
Virus detection and removal.
User authentication by user names and passwords.
User authentication by a possessed object.
User authentication by a biometric device.
User authentication by a callback system.
Keep an access log to establish an audit trail.
Use of physical security devices to monitor physical access and prevent physical theft.
Display owner's name on the password prompt screen.
Require a hardware key (possessed object) for use of specific licensed software. 
Encrypt sensitive and high value data for storage and transmission.
Remove sensitive and high value data when it is not in use.
Use power filtering (surge filter, voltage regulator) and backup supply hardware (UPS, emergency generator).
Backup data frequently.
Agreement for use of alternate computing facilities.
Restrict collection, processing, and archiving of sensitive data to only that data required to satisfy mission requirements.
Restrict acceptance of cookies.
Monitor employee activities and communications during working hours or using employer's equipment or facilities.
Clear histories, caches, and temp folders often.

3a. What is a computer security plan?

    A computer security plan summarizes in writing all of the safeguards that are in place to protect a company's information assets.

3b. What are the three steps for a security plan?

    A computer security plan should do the following:

    (1) Identify all information assets of an organization, including hardware, software, documentation, procedures, people, data, facilities, and supplies.
    (2) Identify all security risks that may cause an information asset loss.
    (3)  For each risk, identify the safeguards that exists to detect, prevent, and recover from a loss.

4a. How is private key (12.16) encryption [Single Key, or Secret Key] different from public key encryption [Paired Key, Public Key - Private Key, or Asymmetric Key] ?

Single key encryption requires the originator and recipient to use the same key.  The Data Encryption Standard (DES) is an example.

Paired key encryption requires the originator to use one key, and the decoder to use the associated (different) key.

The paired key system is most secure if both keys are kept secret.  If only one key is kept secret, you have solved important portions of communications security problems, but not all.

4b. What is the government's key escrow plan?

    The original plan wanted government to be the holder of all encryption keys.  That plan was strongly opposed by industry and citizenry.  The backup plan was for all encryption keys to be held by a trusted third party not under direct government control, but from which government could obtain keys when it needed to.  This approach also has been strongly opposed.  The government has renamed the concept the "Key Recovery Plan".  Court battles have relaxed the restrictions on development and marketing of encryption standards.  The competing interests of corporate and personal privacy, law enforcement, government encrypted communications security, and intelligence gathering will ensure this issue will continue to be examined and fought over.  None of these plans are practical.  

    It is not possible to archive all the keys that are generated.  It is possible to generate a new key pair for each message transmitted.  Archiving all keys ever used is a stupid approach.  It is also a long term huge risk to personal freedom.

    See web sites:
http://www.wpc-edi.com/insider/Articles/V1/I-18f.html  
http://www.cdt.org/crypto/ 

    Basics of cryptography from Center for Democracy and Technology:
Tutorial: http://www.cdt.org/crypto/new2crypto/1.shtml 
Glossary: http://www.cdt.org/crypto/glossary.shtml 

5a.  What is a password?

    A password is a secret combination of characters associated with a user name that allows access to specific computer resources.

5b.  How can you create a good password?
Use at least 8 characters.  More is better.
Use a mixture of letters, numbers, and allowed special characters.
Select a password you can remember.
Select a password you can type quickly without looking at the keyboard.

5c.  What are some password precautions?
Do not use names of yourself, family, friends, pets, addresses, birth dates.
Do not share your password with anyone.
Use a different password for each computer or service you use, so that if one word is compromised, not everything will be lost.
Change your password often.  Do not change to previously used passwords.
Do not write down your password.  To not store it on anything close to your office.
Do store a copy of passwords in a safe, in a sealed envelope.
Do not use passwords that are related to any aspect of your personal life.  You would be surprised what I can learn about you by collecting the trash from your home several months in a row.

DC2001 Matching 

  1. user ID and password: (b)  Word or series of characters that must match an authentication file stored on a computer.
  2. possessed object: (f)  Item that must be carried to gain access to a computer or computer facility.
  3. personal identification number (PIN) = (e)  Numeric password, either assigned by an organization or selected by the user.
  4. biometric device: (a)  Authenticates by verifying a physical characteristic such as fingerprints or retinal pattern.
  5. callback system: (d)  Connects to a computer only after the computer calls back at a previously established number.

DC2001 Short Answer Questions

2a. What is a virus signature?

    A virus signature is a specific pattern of known virus code.

    Anti-virus programs that rely exclusively upon matching suspect code against copies of selected segments of virus code will do a good job against cataloged viruses.  Exhaustive checks are time consuming, and cannot detect viruses that have code not already cataloged.  Updating the library is crucial to continued reliability.

    Another approach is to search for privileged instructions in suspect files. If such instructions are detected, then subject the file to more exhaustive checks to determine if use of such instructions is permitted or not.  For example, a write instruction to the boot sector of a disk is not common for application software (except Norton Utilities and similar products).  This approach has the potential for detecting new viruses, takes less time to execute, and requires significantly less disk space for cataloged viruses.  It cannot as successful in detecting previously discovered viruses as the matching approach.

    For those interested in the history of computing, there once was a computer language called MAD which ran on the IBM 7040 in the late 1960s.  When a programmer made a level 7 error, the compiler would print a picture of Alfred E. Newman with the caption, "What, Me Worry?".  I think this compiler originated at MIT.

2b. Why is a polymorphic virus difficult to detect ?

    A polymorphic virus modifies its code each time it attaches itself to another file (which can be program or data).

    Dynamic programming is the art of creating programs that modify themselves.  Most serious computer science students do this at least once just to demonstrate the skill to do it, but usually not in a virus application.  High class dynamic programming involves changing the OPCODE field(s) of an instruction.  Normal assembly language programming will frequently change the ADDRESS field, and is not usually accorded the status of being called a dynamic program.

    A program that merely changes the address field of instructions (such as a memory load location, called a program ORIGIN) should still be detectable by pattern matching by examining the sequence of opcode fields without paying attention to the address fields.  A program that permutes segments of its code (along with new address fields) can be a more difficult program to match against.  A program that can do this would be a significant achievement for an undergraduate computer science major, but it can be done.  This kind of program would require more code than the average virus.

3b. What is the Business Software Alliance (BSA)?

    The Business Software Alliance (BSA) is an international organization of software and e-commerce developers.  Its goals are to educate computer users about software copyrights, advocate public policy that fosters innovation and expands trade opportunities, and fight software piracy.  See website at http://www.bsa.org/ 

5. What are some common points shared by federal and state laws regarding the storage and disclosure of personal data ?
Information collected and stored about individuals should be limited to what is necessary to carry out the function of the business or government agency collecting the data.
Once collected, provisions should be made to restrict access to the data to those employees within the organization who need access to it to perform their job duties.
Personal information should be released outside the organization collecting the data only when the person has agreed to its disclosure.
When information is collected about an individual, the individual should know that the data is being collected and have the opportunity to determine the accuracy of the data.