Term The policies of the Bell-LaPadula model are Definition *-Property (no write down) and Simple Security Rule (no read up) | Term When information is disclosed to individuals not authorized to see it, you have suffered a Definition LOST OF CONFIDENTIALITY |
---|
What is the first step an administrator can take to reduce possible attacks?
The first step an administrator can take to minimize possible attacks is
to ensure that all patches for the operating system and applications are installed
.
Why is the morris worm significant?
The Morris worm or Internet worm of November 2, 1988, was one of the first computer worms distributed via the Internet, and the
first to gain significant mainstream media attention
. It also resulted in the first felony conviction in the US under the 1986 Computer Fraud and Abuse Act.
How did the Code Red worm spread quizlet?
How did the Code Red worm spread?
It made use of a buffer-overflow condition in Microsoft’s IIS web servers that had been known for a month
.
Is an attempt to learn or make use of information from the system that does not affect system resources?
A “passive attack”
attempts to learn or make use of information from the system but does not affect system resources, compromising confidentiality. A threat is a potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
What is a zero day vulnerability can it be prevented?
Educate users: Many zero-day attacks
capitalize on human error
. Thus, user education is imperative in preventing these exploits. Teach employees and users good security habits, tips and best practices that will help keep them safe online and protect your organization from zero-day exploits and other digital threats.
What is a structured threat?
Structured-threats-and-unstructured-threats meaning
Organized efforts to attack a specific target
; unstructured threats are not organized and do not target a specific host, network, or organization.
Is Internet worm a virus?
A computer worm is
a type of malware
that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.
How bad was the Morris worm?
The Morris worm, named for its creator, Cornell University student Robert Tappan Morris, rapidly infected the limited (by today’s standards) computers connected to the internet. An estimated 6,000 machines, depleted of their resources as the worm depleted computing resources, shut down and were
rendered inoperable
.
What are the implications of the Morris worm?
“The biggest implication of the Morris worm was
that the Internet was very small … and it was considered a friendly place
, a clubhouse,” Allman says. “This [attack] made it clear that there were some people in that clubhouse who didn’t have the best interests of the world in mind …
How did Code Red worm spread?
The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using
a long string of the repeated letter ‘N’ to overflow a buffer
, allowing the worm to execute arbitrary code and infect the machine with the worm.
What is access a computer program or service that circumvents any normal security protections called?
Question Answer | Software code that gives access to a program or a service that circumvents normal security protections. Backdoor | A logical computer network of zombies under the control of an attacker. Botnet |
---|
Which security concept uses the approach of protecting something by hiding it?
Cryptography
is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it. The prefix “crypt-” means “hidden” or “vault” — and the suffix “-graphy” stands for “writing.”
Which kind of security attacks are difficult to detect?
In comparison to active attacks,
passive attacks
are difficult to detect because these attacks do not affect network communications and do not change targeted information. Most of the time encryption of communications is used to prevent passive attacks.
A loss of confidentiality
is the unauthorized disclosure of information. … A loss of integrity is the unauthorized modification or destruction of information.
Is a threat that is carried out and if successful?
An attack
is a threat that is carried out (threat action) and, if successful, leads to an undesirable violation كاھتنا of security. The agent carrying out the attack is referred to as an attacker, or threat agent .