Chapter 2: Systems Threat and Risks

Chapter 2: Systems Threat and Risks

TRUE/FALSE

1.Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail attachment to start the infection.

ANS:FPTS:1REF:44

2.Removing a rootkit from an infected computer is extremely difficult.

ANS:TPTS:1REF:46

3.Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information.

ANS:TPTS:1REF:53

4.SAN can be shared between servers but cannot be extended over geographical distances.

ANS:FPTS:1REF:56

5.Because NAS operates at the file system level, NAS security cannot be implemented through the standard operating system security features.

ANS:FPTS:1REF:58

MULTIPLE CHOICE

1.A computer ____ is a program that secretly attaches itself to a legitimate “carrier,” such as a document or program, and then executes when that document is opened or program is launched.

a. / virus / c. / adware
b. / worm / d. / spyware

ANS:APTS:1REF:41

2.A ____ virus can interrupt almost any function executed by the computer operating system and alter it for its own malicious purposes.

a. / companion / c. / resident
b. / file infector / d. / boot

ANS:CPTS:1REF:43

3.A ____ virus infects the Master Boot Record of a hard disk drive.

a. / file infector / c. / resident
b. / companion / d. / boot

ANS:DPTS:1REF:43

4.In order to avoid detection some viruses can alter how they appear. These are known as ____ viruses.

a. / macro / c. / boot
b. / metamorphic / d. / companion

ANS:BPTS:1REF:43

5.A ____ is a program advertised as performing one activity but actually does something else.

a. / script / c. / Trojan
b. / virus / d. / worm

ANS:CPTS:1REF:44

6.A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event.

a. / Trojan / c. / macro virus
b. / logic bomb / d. / metamorphic virus

ANS:BPTS:1REF:46

7.____ is an image spam that is divided into multiple images.

a. / Word splitting / c. / Layer variance
b. / Geometric variance / d. / GIF layering

ANS:DPTS:1REF:49

8.____ involves horizontally separating words, although it is still readable by the human eye.

a. / Word splitting / c. / Geometric variance
b. / GIF layering / d. / Layer variance

ANS:APTS:1REF:49

9.____ uses “speckling” and different colors so that no two spam e-mails appear to be the same.

a. / GIF layering / c. / Word splitting
b. / Geometric variance / d. / Layer variance

ANS:BPTS:1REF:49

10.____ is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user.

a. / Adware / c. / Spam
b. / Keylogger / d. / Trojan

ANS:APTS:1REF:52

11.Today’s computer systems have a(n) ____ chip in which the contents can be rewritten to provide new functionality.

a. / ROM / c. / EROM
b. / RAM / d. / PROM

ANS:DPTS:1REF:55

12.Flash memory is a type of ____, nonvolatile computer memory that can be electrically erased and rewritten repeatedly.

a. / EROM / c. / EEPROM
b. / ROM / d. / RAM

ANS:CPTS:1REF:56

13.A ____ is a single, dedicated hard disk-based file storage device that provides centralized and consolidated disk storage available to LAN users through a standard network connection.

a. / NAS / c. / NSF
b. / NSA / d. / NFS

ANS:APTS:1REF:57

14.____ are portable communication devices that function in a manner that is unlike wired telephones.

a. / USB devices / c. / Cell phones
b. / NAS devices / d. / SAN

ANS:CPTS:1REF:58

15.The ____ is the link between the cellular network and the wired telephone world and controls all transmitters and base stations in the cellular network.

a. / SAN / c. / RF cell
b. / NAS / d. / MTSO

ANS:DPTS:1REF:58

16.____ is a means of managing and presenting computer resources by function without regard to their physical layout or location.

a. / Expansion / c. / Load balancing
b. / Virtualization / d. / Distribution

ANS:BPTS:1REF:59

17.One type of virtualization in which an entire operating system environment is simulated is known as ____ virtualization.

a. / NOS / c. / operating system
b. / guest / d. / host

ANS:CPTS:1REF:59

18.With operating system virtualization, a virtual machine is simulated as a self-contained software environment by the ____ system (the native operating system to the hardware).

a. / guest / c. / root
b. / host / d. / server

ANS:BPTS:1REF:59

19.Creating and managing multiple server operating systems is known as ____ virtualization.

a. / operating system / c. / guest
b. / host / d. / server

ANS:DPTS:1REF:59

20.____ technology enables a virtual machine to be moved to a different physical computer with no impact to the users.

a. / Live migration / c. / Operating system virtualization
b. / Load balancing / d. / Server virtualization

ANS:APTS:1REF:61

21.Live migration can be used for ____; if the demand for a service or application increases, then network managers can quickly move this high-demand virtual machine to another physical server with more RAM or CPU resources.

a. / live virtualization / c. / real-time virtualization
b. / online virtualization / d. / load balancing

ANS:DPTS:1REF:61

COMPLETION

1.Malicious software, or ______, is software that enters a computer system without the owner’s knowledge or consent.

ANS:malware

PTS:1REF:41

2.The ______contains the program necessary for the computer to start up and a description of how the hard drive is organized (the partition table).

ANS:

Master Boot Record (MBR)

Master Boot Record

MBR

PTS:1REF:43

3.A(n) ______virus not only changes how it appears but it also encrypts its contents differently each time, making it even more difficult to detect.

ANS:polymorphic

PTS:1REF:43

4.______is exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.

ANS:Privilege escalation

PTS:1REF:47

5.A(n) ______is either a small hardware device or a program that monitors each keystroke a user types on the computer’s keyboard.

ANS:keylogger

PTS:1REF:53

MATCHING

Match each item with a statement below:

a. / Instant messaging / f. / Image spam
b. / File infector virus / g. / Spyware
c. / Companion virus / h. / BIOS
d. / Worm / i. / Storage Area Network
e. / Rootkit

1.a method of online communication like e-mail, except that it is conducted in real time

2.a set of software tools used by an intruder to break into a computer, obtain special privileges to perform unauthorized functions, and then hide all traces of its existence

3.general term used to describe software that violates a user’s personal security

4.adds a program to the operating system that is a malicious copycat version to a legitimate program

5.uses graphical images of text in order to circumvent text-based filters

6.a specialized high-speed network for attaching servers to storage devices

7.a coded program embedded on the processor chip that recognizes and controls different devices on the computer system

8.a program designed to take advantage of a vulnerability in an application or an operating system in order to enter a system

9.infects program executable files

1.ANS:APTS:1REF:42

2.ANS:EPTS:1REF:45

3.ANS:GPTS:1REF:51

4.ANS:CPTS:1REF:43

5.ANS:FPTS:1REF:48

6.ANS:IPTS:1REF:56

7.ANS:HPTS:1REF:55

8.ANS:DPTS:1REF:44

9.ANS:BPTS:1REF:42

SHORT ANSWER

1.What are some of the functions performed by viruses?

ANS:

Viruses have performed the following functions:

• Caused a computer to crash repeatedly

• Erased files from a hard drive

• Installed hidden programs, such as stolen software, which is then secretly distributed from the computer

• Made multiple copies of itself and consumed all of the free space in a hard drive

• Reduced security settings and allowed intruders to remotely access the computer

• Reformatted the hard disk drive

PTS:1REF:42

2.Describe a macro virus.

ANS:

A macro virus is written in a script known as a macro. A macro is a series of commands and instructions that can be grouped together as a single command. Macros often are used to automate a complex set of tasks or a repeated series of tasks. Macros can be written by using a macro language, such as Visual Basic for Applications (VBA), and are stored within the user document (such as in an Excel .XLSX worksheet). A macro virus takes advantage of the “trust” relationship between the application (Excel) and the operating system (Microsoft Windows). Once the user document is opened, the macro virus instructions execute and infect the computer. Some examples of macro viruses are Melissa.A and Bablas.PC.

PTS:1REF:43

3.How does a rootkit work?

ANS:

Rootkits function by replacing operating system commands with modified versions that are specifically designed to ignore malicious activity so it can escape detection. For example, on a computer the antivirus software may be instructed to scan all files in a specific directory, and in order to do this the antivirus software will receive from the operating system a list of those files. A rootkit will replace the operating system’s ability to retrieve a list of files with its own modified version that ignores specific malicious files. The antivirus software assumes that the computer will willingly carry out those instructions and retrieve all files; it does not know that the computer is only displaying files that the rootkit has approved. The operating system does not know that it is being compromised and is carrying out what it thinks are valid commands. This is the fundamental problem with a rootkit: users can no longer trust their computer. A rootkit may actually be in charge and hide actions of the computer.

PTS:1REF:46

4.Describe privilege escalation.

ANS:

Operating systems and many applications have the ability to restrict a user’s privileges in accessing its specific functions. Privilege escalation is exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining. There are two types of privilege escalation. The first is when a user with a lower privilege uses privilege escalation to access functions reserved for higher privilege users. The second type of privilege escalation is when a user with restricted privileges accesses the different restricted functions of a similar user; that is, User A does not have privileges to access a payroll program but uses privilege escalation to access User B’s account that does have these privileges.

PTS:1REF:47

5.What are some of the costs involved for spamming?

ANS:

Consider the following costs involved for spamming:

• E-mail addresses—Spammers often build their own lists of e-mail addresses using special software that rapidly generates millions of random e-mail addresses from well-known Internet Service Providers (ISPs) and then sends messages to these addresses. Because an invalid e-mail account returns the message to the sender, the software can automatically delete the invalid accounts leaving a list of valid e-mail addresses to send the actual spam. If a spammer wants to save time by purchasing a list of valid e-mail addresses to spam, the cost is relatively inexpensive ($100 for 10 million addresses).

• Equipment and Internet connection—Spammers typically purchase an inexpensive laptop computer ($500) and rent a motel room with a high-speed Internet connection ($85 per day) as a base for launching attacks. Sometimes spammers actually lease time from other attackers ($40 per hour) to use a network of 10,000 to 100,000 infected computers to launch an attack.

PTS:1REF:48

6.Describe adware.

ANS:

Adware is a software program that delivers advertising content in a manner that is unexpected and unwanted by the user. Adware typically displays advertising banners, popup ads, or opens new Web browser windows while the user is accessing the Internet. Almost all users resist adware because:

• Adware may display objectionable content, such as gambling sites or pornography.

• Frequent pop-up ads can interfere with a user’s productivity.

• Pop-up ads can slow a computer or even cause crashes and the loss of data.

• Unwanted advertisements can be a nuisance.

Adware can also be a security risk. Many adware programs perform a tracking function, which monitors and tracks a user’s online activities and then sends a log of these activities to third parties without the user’s authorization or knowledge.

PTS:1REF:52

7.What are botnets?

ANS:

One of the popular payloads of malware today that is carried by Trojan horses, worms, and viruses is a program that will allow the infected computer to be placed under the remote control of an attacker. This infected “robot” computer is known as a zombie. When hundreds, thousands, or even tens of thousands of zombie computers are under the control of an attacker, this creates a botnet.

Attackers use Internet Relay Chat (IRC) to remotely control the zombies. IRC is an open communication protocol that is used for real-time “chatting” with other IRC users over the Internet. It is mainly designed for group or one-to-many communication in discussion forums called channels. Users access IRC networks by connecting a local IRC client to a remote IRC server, and multiple IRC servers can connect to other IRC servers to create large IRC networks.

PTS:1REF:54

8.How can a BIOS be attacked?

ANS:

Because it can be flashed, the BIOS can be the object of attacks. One virus overwrites the contents of the BIOS and the first part of the hard disk drive, rendering the computer completely dead. Because the computer cannot boot without the BIOS, the BIOS chip has to be replaced. Another attack does not cripple the BIOS but instead uses it to store malicious code. Research has shown that an attacker could infect a computer with a virus and then flash the BIOS to install a rootkit on the BIOS. Because it is stored on the BIOS and not the hard drive, the rootkit could survive a complete hard drive reinstallation or even a change in the operating system. However, because BIOS settings are manufacturer specific, this BIOS attack would not work on all computers.

PTS:1REF:55

9.How can you reduce the risks introduced by USB devices?

ANS:

To reduce the risk introduced by USB devices, some organizations have a written policy that prohibits such a device from being connected to any computer belonging to the organization. Another approach is to restrict their use through technology. These techniques include:

• Disable the USB in hardware—It is possible to disable the ability of the computer to recognize a USB device through the BIOS.

• Disable the USB through the operating system—Files in the operating system can be removed that will prevent the USB device from being recognized.

• Use third-party software—There are several software solutions that can control USB device permissions.

PTS:1REF:56

10.What are the primary advantages of using NAS devices?

ANS:

There are two primary advantages to using NAS devices on a network. First, they offer the ability to easily expand storage requirements. With a standard print and file server storage is limited by the number of hard drives that can be installed on the server. On the network using NAS, however, a single NAS device can hold many hard disks. If the storage capacity exceeds a single NAS device then another NAS device can be easily added to the network. A second advantage to using NAS is that it allows for the consolidation of storage. In many networks, a single NAS device can replace several file servers.

PTS:1REF:58