New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
computer sciences
systems analysis and design
Corporate Computer Security 4th edition Randy Boyle, Raymond Panko - Solutions
Why do you think companies often fail to harden their clients adequately?
a) How is the diversity of Linux/UNIX offerings bad? b) How is it good?
Why do you think UNIX has such a limited ability to assign permissions compared with Windows?
a) Directory DunLaoghaire has several subdirectories. Each of these subdirectories has very sensitive information that should only be accessible to a single user. What permissions would you give in the top-level DunLaoghaire directory to the group all logged-in users if you do not want to change
In their purest form, netbooks are PCs designed to have little or no software stored on them. Instead, they are designed to use cloud computing, in which the software and data are both stored on Internet servers. Netbooks in this pure form can only work when they have an Internet connection. Based
What password-cracking method would be used for each of the following passwords? a) Swordfish b) Lt6^ c) Processing1 d) Nitt4aGm^?
Critique the safety of each of the following passwords, giving your specific reasoning. a) Swordfish b) Lt6^ c) Processing1 d) Nitt4aGm^?
Can you use the longest hash possible? How long is good enough?
How could new IP-enabled devices pose a security risk for a corporation?
How could corporations guard against threats from new IP-enabled devices?
Could a ban on all IP-enabled devices from outside the corporation be a workable policy? Why or why not?
Why is data mobility a security threat to businesses?
How will diverse computing platforms affect IT security?
How must IT security evolve to address the development of new devices?
Would IT security policies need to be adjusted for corporate offices in different countries? Why or why not?
a) What software must be patched on an e-commerce server? b) What three other webserver protections were mentioned in the text? c) Where is an application proxy firewall placed relative to the webserver?
a) In staged development, what three servers do companies use? b) What permissions does the developer have on the development server? c) On the testing server? d) On the production server? e) On what servers does the tester have access permissions?
a) Why do hackers attack browsers? b) What is mobile code? c) Why is it called mobile code? d) What is a client-side script? e) What is a Java applet? f) Why is Active-X dangerous? g) How do scripting languages compare to full programming languages? h) Is JavaScript a scripted form of Java?
a) Why is it bad to go to a malicious website? b) How can social engineering be used to trick a victim to go to a malicious website? c) Why do attackers want to get domain names such as micosoft.com? d) Why may malware that allows an attacker to execute a single command on a user's computer not
a) What can users do to enhance browser security? b) Under Internet Options in IE, what can the user do on the Security tab? d) In which tab are cookies controlled?
a) Why are HTML bodies in e-mail messages dangerous? b) What is spam? c) What three problems does spam create? d) Why is spam filtering dangerous? e) For what legal reason should companies filter sexually or racially harassing message content? f) What is extrusion prevention? g) Why is
a) Is encryption widely used in e-mail? b) What part of the e-mail process does SSL/TLS usually secure? c) Is this end-to-end security? Explain. d) What standards provide end-to-end security? e) Compare PGP and S/MIME in terms of how applicants learn the true party's public key? f) Describe the
a) What is VoIP? b) Distinguish between IP telephones and soft phones. c) A soft phone is a computer with hardware and software for VoIP. d) What does RTP add to compensate for the limitations of UDP?
a) Distinguish between transport and signaling? b) In Figure 8-25, is the packet shown a transport packet or a signaling packet? c) What are the two main signaling standards in VoIP? d) What does the registrar server do? (Don't say, "It registers things.") e) What type of SIP message does a VoIP
a) What is eavesdropping? b) Why can DoS attacks be successful even if they only increase latency slightly? c) Why is caller impersonation especially dangerous in VoIP? d) Why are hacking and malware dangerous in VoIP? e) What is toll fraud? f) What is SPIT? g) Why is SPIT more disruptive
a) What is a buffer? b) What is a buffer overflow attack? c) What impacts can buffer overflows have? d) In a stack overflow, what is overwritten by the overflow? e) To where does the overwritten return address point? f) In the IIS IPP buffer overflow attack, what buffer is overflowed?
a) What authentication mechanisms are common on IP telephones? b) What does SIP Identity ensure? c) How can eavesdropping be thwarted? d) What sound quality problem may encryption create? e) Why do firewalls have problems with typical VoIP traffic? f) For SIP signaling, what port has to be
a) What is Skype? b) Why is Skype's use of proprietary software problematic? c) What problem is there with Skype's encryption for confidentiality? d) Does Skype control who can register a particular person's name? e) Why do firewalls have a difficult time controlling Skype? f) Does Skype's
a) In IM, what does a presence server do? b) What does a relay server do? c) For corporate IM, what are the advantages of using a relay server instead of only a presence server?
a) What is the Danvers Doctrine? b) Distinguish between security in SNMP V1 and security in SNMP V2. c) Distinguish between security in SNMP V2 and security in SNMP V3. d) What still needs to be done for SNMP security?
a) Why must you know a server's role to know how to protect it? b) Why is it important to minimize both main applications and subsidiary applications? c) Why are security baselines needed for installing applications? d) Why is it important to minimize permissions for application programs? e)
a) How does a SQL injection attack work? b) What is SQL? c) What is error-based inference? d) What is the difference between in-band and out-of-band SQL injection? e) What is blind SQL injection? f) How can SQL injection be prevented?
a) What is a login screen bypass attack? b) What is a cross-site scripting (XSS) attack? c) What is an SQL injection attack? d) What attitude should programmers have about user input? e) What training should programmers who do custom programming have?
a) Distinguish between WWW service and e-commerce service. b) What kinds of external access are needed for e-commerce? c) Does the webmaster or e-commerce administrator have control over the security of other servers? d) Why are custom programs especially vulnerable?
a) What is website defacement? b) Why is it damaging? c) In directory access commands and URLs, what does ".." represent? d) What are directory traversal attacks? e) Create a URL to retrieve the file aurigemma.htm under the rainbow directory on the host www.pukanui.com. The WWW root is three
Do you think programmers should be allowed to develop server-side dynamic webpages, given the dangers that are involved in their doing so?
Client-side scripting attacks usually require the client to visit a webserver with malicious content. How do you think attackers get users to visit such webpages?
An employee working at home complains that some of her messages to fellow employees at the firm's headquarters site are not getting through. What might be the problem?
A company is warned by its credit card companies that it will be classified as a high-risk firm unless it immediately reduces the number of fraudulent purchases made by its e-commerce clients. Come up with a plan to avoid this outcome?
What is a concurrency flaw?
What are the advantages for IT security professionals having a training environment like the WebGoat platform?
After seeing the impact of the hacked Twitter account, would news organizations become even more attractive targets? Why or why not?
Could an insider use the fact that news feeds are scanned for trading decisions to manipulate the stock market? How?
How could highly integrated information systems be a threat to corporations?
Could a subcontractor with weak security practices make a corporation more vulnerable? How?
Why would Web threats see such a drastic six-fold (600%) increase?
How can malware writers adapt to software detection techniques?
How can organizations limit their exposure to malware?
a) What is the difference between data and information? b) How can data be protected while it is being transmitted? c) How can data be protected while it is being processed? d) What are some ways that data can be attacked when it is stored? e) How can data be protected while it is being stored?
a) What should backup creation policies specify? b) Why are restoration tests needed? c) Where should backup media be stored for the long term? d) What should be done about backup media until they are moved? e) Why is the encryption of backup media critical? f) What three dangers require
a) Why is retaining e-mail for a long period of time useful? b) Why is it dangerous? c) What is legal discovery? d) What are courts likely to do if it would be very expensive for a firm to discover all of its e-mail pertinent to a case? e) What can happen if a firm fails to retain required
a) Are e-mail messages sent by employees private? b) What should employees be trained not to put in e-mail messages?
a) Why is spreadsheet security an IT security concern? b) What two protections should be applied to spreadsheets? c) Briefly list the functions of a vault server? d) Comment on vault server authorizations? e) Describe vault server auditing?
a) What is a relational database? Explain. b) Why would a database administrator want to restrict access to certain tables? c) Why would a database administrator want to restrict access to certain columns? d) Why would a database administrator want to restrict access to certain rows? e) How would
a) What is a DBMS? b) Can a DBMS manage multiple databases? Why? c) How can validation protect against a SQL injection attack? d) How can sanitation protect against a SQL injection attack?
a) What types of database events should be audited? b) How could SQL triggers be used to secure a database? c) What is a DDL trigger? d) What is a DML trigger?
a) What is a multi-tiered architecture? Why is it important? b) How could a multi-tiered architecture stop or mitigate the effects of an attack? c) Why is changing the default database listening port important?
a) Why is encryption usually attractive for sensitive data from a legal standpoint? b) How long must an encryption key be to be considered strong today? c) What happens if the encryption key is lost? d) How do companies address this risk? e) Why is entrusting users to do key escrow risky? f) In
a) What is Data Loss Prevention (DLP)? b) Are there some types of data that are too risky to collect? c) What is PII? Please give a couple examples of PII. d) What is data masking?
a) List the ways in which data can be lost, adding some of your own. b) How does backup ensure availability?
a) Could web scraping be a threat to a corporation? Why? b) What are mashups? Give an example. c) What is the difference between a spider and a web scraper? d) Is web scraping ethical, legal, criminal? Why?
a) How are linking attributes used to connect disparate databases? b) Explain information triangulation? c) What are the odds of correctly identifying a person based on their ZIP code, date of birth, and gender? Why? d) What is profiling?
a) What is DRM? Give an example of how DRM works. b) Why is DRM desirable? c) Give some examples of use restrictions that a company may wish to impose on a document. d) How can many DRM protections against unauthorized printing be circumvented? e) What is the purpose of data extrusion
a) Why is it important to destroy data on backup media and PCs before discarding them or transferring them to someone else? b) What is the difference between basic file deletion and wiping? c) Is it safe to wipe a hard disk and then give it to someone else? Why, or why not? d) What does degaussing
a) Distinguish between file/directory data backup and image backup. b) Why is file/directory backup attractive compared with image backup? c) Why is image backup attractive compared with file/directory data backup? d) What is shadowing? e) What is the advantage of shadowing over file/directory
a) Why don't most companies do full backup every night? b) What is incremental backup (be precise)? c) A company does a full backup one night. Call this backup Cardiff. On three successive nights, it does incremental backups, which it labels Greenwich, Dublin, and Paris. In restoration, what
a) What are the advantages of centralized backup compared with local backup? b) Define CDP. c) Why is CDP attractive? d) Why is it expensive? e) Why is backup over the Internet to a backup storage provider attractive for client PC users? f) What security risk does it create? g) What is mesh
a) Why is magnetic tape desirable as a backup medium? b) Why is tape not desirable? c) Why is backup onto another hard drive attractive?
a) How can disk arrays ensure data reliability and availability? b) Explain RAID 0. c) Explain RAID 1. d) Explain RAID 5.
a) What is parity? b) How does the XOR operator work? c) How can parity be used to restore lost data? d) How long would it take to recalculate the data on a lost disk?
a) What are the advantages of RAID 5 over RAID 1? b) Which RAID level discussed in this chapter has the fastest read-write speeds? c) Is RAID 5 appropriate for home users? Why, or why not?
Is there data in your organization that should be encrypted, but isn't? Why?
Could you get enough information from the Internet to take out a loan in another person's name?
How much data would you lose if your computer's hard drive crashed right now? Could you reduce the amount of data that would be lost? How?
What effect do you think cloud computing will have on data security?
What do you think the impact of social networking will have on data security? Provide your reasoning?
Why do so many data thefts originate from outside the victim's host country (Hint: Extradition)?
What is the purpose of a "hidden" volume? (This was an option when you created the first volume.)?
What are keyfiles and how do they work?
Why isn't this functionality included with Windows?
How should a corporation respond to a large-scale loss of customer data?
How might a corporation be hurt by acknowledging a large-scale data loss?
As data loss admissions become more widespread, how would they affect consumers' willingness to share information with corporations?
How should a corporation decide the appropriate level of resources to devote to securing its data?
Why are corporations worried about insider threats with respect to data loss?
Why have the incidents of data loss seen a rise in the past few years?
a) Why was Walmart able to respond quickly? b) List at least three actions that Walmart took that you might not have thought of.
a) Why should a senior manager head the CSIRT? b) Why should members of affected line departments be on CSIRT? c) Who is the only person who should speak on behalf of the firm? d) Why should the firm's legal counsel be on the CSIRT? e) Why should a firm's human resource department be on the
a) What different actions do criminal and civil law deal with? b) How do punishments differ in civil and criminal law? c) Who brings lawsuits in civil and criminal cases? d) What is the normal standard for deciding a case in civil and criminal trials? e) What is mens rea? f) In what type of
a) What is case law? b) What are jurisdictions? c) What is cyberlaw? d) What are the three levels of U.S. federal courts? e) Which levels can create precedents? f) Does federal jurisdiction typically extend to computer crimes that are committed entirely within a state and that do not have a
a) Why will courts not admit unreliable evidence? b) What is a computer forensics expert? c) What type of witness is allowed to interpret facts for juries? d) Why should companies work with forensics professionals before they have a need for them?
a) What section of which title of the U.S. Code prohibits hacking? b) What other attacks does it prohibit? c) Does it protect all computers? d) What are damage thresholds? e) What types of acts does 18 U.S.C. ยง 2511 prohibit?
a) What is an IDS? b) Is an IDS a preventative, detective, or restorative control? c) What are false positives? d) Why are false positives problems for IDSs?
a) What are the four functions of IDSs? b) What are the two types of analysis that IDSs usually do? c) What types of action did this section mention? d) What information should alarms contain? e) What is the purpose of log summary reports? f) Describe interactive log file analysis?
a) What is the advantage of a distributed IDS? b) Name the elements in a distributed IDS. c) Distinguish between the manager and agents. d) Distinguish between batch and real-time transfers for event data. e) What is the advantage of each type? f) What two types of communication must be secure?
a) At what information do NIDSs look? b) Distinguish between stand-alone NIDSs and switch-based or router-based NIDSs. c) What are the strengths of NIDSs? d) What are the two weaknesses of NIDSs?
a) Can good planning and protection eliminate security incidents? b) Name three terms that successful attacks are commonly called?
a) What is the major attraction of a HIDS? b) What are the two weaknesses of host IDSs? c) List some things at which host operating system monitors look?
a) Why are integrated log files good? b) Why are they difficult to create? c) Explain the time synchronization issue for integrated log files. d) How do companies achieve time synchronization? e) What is event correlation? f) Distinguish between aggregation and event correlation. g) Why is
a) What is precision in an IDS? b) What are false positives, and why are they bad? c) What are false negatives, and why are they bad? d) How can tuning reduce the number of false positives? e) What does an IDS do if it cannot process all of the packets it receives? f) What may happen if a
Showing 3000 - 3100
of 3385
First
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Step by Step Answers
Get 50% OFF
Claim Now
