CHAPTER 16
IT CONTROLS PART II: SECURITY AND ACCESS
1. REVIEW QUESTIONS
1. a. The operating system must protect itself from users.
2. a. Translates high-level languages into the machine-level language
3. An access control list is assigned to each computer resource such as
4. The virus program can attach itself to 1. an .EXE or .COM program file, 2.
An OVL (overlay) program file,
5. At login the operating system creates an access token that contains key
Chapter 1 Page 2
6. In distributed systems, resources may be controlled (owned) by end users.
7. Event monitoring is an audit log that summarizes key activities related to users,
applications, and system resources. Event logs typically record the IDs of all
8. Keystroke monitoring is the computer equivalent of a telephone wiretap. It is a
9. A vaccine detects and removes viruses from the infected programs or data
10. a. Backup—This feature makes a periodic backup of the entire database.
11. These include a computer criminal intercepting a message transmitted
Chapter 1 Page 3
12. Transmissions between senders and receivers can be disrupted, destroyed, or
13. A combination of hardware and software designed to provide security against
14. A network level firewall accepts or denies access requests based on filtering
rules and then directs the incoming calls to the correct internal receiving node.
15. a. users failing to remember passwords
16. As a countermeasure to DDos attacks is the use of Intrusion Prevention
17. Public key encryption uses a public and private key. The public key is used for
encoding and is distributed to all users. The private key is used for decoding
18. DES and RSA encryption are used together in what is called a digital
envelope. The actual message is encrypted using DES to provide the fastest
19. A digital signature is electronic authentication that cannot be forged. It ensures
that the message or document transmitted originated with the authorized
20. a. Message authentication—unauthorized access control
Chapter 1 Page 4
21. DPI is a technique that searches individual network packets for protocol
non-compliance to decide if a packet can proceed to its destination. DPI can
2. DISCUSSION QUESTIONS
1. UNFORTUNATELY, SOME COMPUTER HACKERS ENJOY THE
CHALLENGE OF CREATING DEVICES, SUCH AS VIRUSES AND LOGIC
BOMBS, TO DAMAGE SYSTEMS. THEY GAIN NOTHING OF MONETARY
Chapter 1 Page 5
2. A backdoor is created so that the programmer may gain future access to the
program without needing a user password (in other words after the
3. In some circumstances keystroke monitoring may be regarded as a violation of
4. When a user attempts to access a resource, the system compares his or her ID
5. A Trojan horse is a program that is often used to capture IDs and passwords
from unsuspecting users. The program is designed to mimic the normal logon
6. The following examples controls and procedure that can reduce the threat from
destructive programs:
Purchase software only from reputable vendors and accept only those products that
are in their original, factory-sealed packages.
Chapter 1 Page 6
Require protocols that explicitly invoke the operating system’s logon procedures in
order to bypass Trojan horses. Some operating systems allow the user to directly
7. Audit trails can be used to support security objectives in three ways: 1.
detecting unauthorized access to the system, 2. facilitating the reconstruction
of events, and 3. promoting personal accountability.
RECONSTRUCTING EVENTS. Audit analysis can be used to reconstruct the steps
that led to events such as system failures, security violations by individuals, or
PERSONAL ACCOUNTABILITY. Audit trails can be used to monitor user activity at
the lowest level of detail. This capability is a preventive control that can be used to
Chapter 1 Page 7
8. Audit logs can generate data in overwhelming detail. Important information can
easily get lost among the superfluous details of daily operation. Protecting
9. A common belief by management of publicly traded firms is that the public will
perceive fraudulent acts which have taken place as a sign of control
weaknesses. The management teams may prefer to handle the computer fraud
10. This subschema is a subset of the total database that defines the user’s
access authority. The database administrator has primary responsibility for
designing these authorization tables. The programmers should not perform this
11. In the flat file environment, data and programs were dependent. User
authorization was tied to each specific application. Under the database file
12. Users may share their the passwords, write-down their passwords, or use
easily guessed passwords. Protection against these include software that allow
Chapter 1 Page 8
13. Under this approach, the user’s password changes continuously. To access the
operating system, the user must provide both a secret reusable personal
identification number (PIN) and the current one-time only password for that
point in time. One technology employs a credit-card-sized device (smart card)
that contains a microprocessor programmed with an algorithm that generates,
14. Distributed data processing, if not properly managed, may result in duplication
of efforts. Two or more individual end-users may develop similar applications
15. Data access represents whether or not a user can access data from a
particular application. Access privileges further define whether the user can
16. The specific objective for auditing the data management is to determine:
17. a. Sample the transaction log for garbled messages and verify that any such
messages were retransmitted.
Chapter 1 Page 9
18. 1) In the case of a smurf attack, the targeted organization can program their firewall
2) In the case of SYN Flood, two things can be done: First, Internet hosts can
program their firewalls to block outbound message packets that contain invalid
19. Risks:
Transmissions between senders and receivers can be disrupted, destroyed, or
corrupted by equipment failures in the communications system. Equipment failure
can also result in the loss of databases and programs stored on the network server.
Controls:
Echo Check. The echo check involves the receiver of the message returning the
message to the sender. The sender compares the returned message with a stored
Parity Check. The parity check incorporates an extra bit (the parity bit) into the
structure of a bit string when it is created or transmitted. The value of the parity bit (1
or 0) is determined by the bit value of the character being transmitted. Parity can be
20. Firewalls can provide protection against unauthorized access by both internal
and external intruders depending on the type of firewall. An organization with a
21. 1) IPS can work inline with a firewall at the perimeter of the network to act as a filer
Chapter 1 Page 10
3) IPS can be employed to protect an organization from becoming part of a botnet by
Chapter 1 Page 11
22. The more individuals who need to know the private key, the greater the
23. RSA (Rivest-Shamir-Adleman) is a highly secure public key cryptography
method. This method is, however, computationally intensive and much slower
24. EEE3 uses three different keys to encrypt the message three times. EDE3
uses one key to encrypt the message. A second key is used to decode it. The
resulting message is garbled because the key used for decoding is different
25. A digital signature is electronic authentication that cannot be forged. It
ensures that the message or document transmitted originated with the
authorized sender and that it was not tampered with after the signature was
is who he or she claims to be. The sender could be an impersonator. To verify
that the sender’s identity requires a digital certificate, which is issued by a
trusted third party called a certification authority (CA). A digital certificate is
used in conjunction with a public key encryption system to authenticate the
sender of a message. The process for certification varies depending on the
26. A digest is a mathematical value calculated from the text content of a message.
The sender uses a one-way hashing algorithm to calculate a digest of the text
Chapter 1 Page 12
27. Sometimes DES and RSA are used together to create a digital envelope that is
both more secure and faster than using RSA encryption alone. The actual
28. An employee may have access to multiple applications that process
incompatible transactions. For example, a single individual may be responsible
for entering all transaction data, including sales orders, cash receipts, invoices,
and disbursements. This degree of authority would be similar, in a manual
29. This method is important in order to prevent intruders from preventing or
delaying messages. An intruder might intercept data such as credit card
30. Backup redundancy should be viewed as an investment in insurance against
31. Business travelers with laptop and notebook computers are just beginning to
realize how carefully they should safeguard their computers while traveling on
subways, planes, cars, and staying in hotels. Theft of these computers is
becoming a serious problem. These computers are being stolen just as often
Chapter 1 Page 13
32. One problem is ensuring that transactions are authorized and valid. Both the
customer and supplier must establish that the transaction being processed is
with a valid trading partner and is an authorized transaction. Another problem is
that, in most situations, the trading partners must agree to give their trading
34. In an EDI environment, the selling firm opens up previously considered private
files, such as inventory and in some cases the master production schedule, to
the customer’s order system so that the inventory status can be checked. If the