Computer Awareness Study Material – Computer Security

Computer Awareness Study Material – Computer Security

Computer Awareness Study MaterialBanking AwarenessMarketing Aptitude

Computer security is also known as cyber security or IT security. Computer security is a branch of information technology known as information security, which is intended to protect computers. It is the protection of computing systems and the data that they store or access.

Methods to Provide Protection
There are four primary methods to provide protection

1. System Access Control It ensures that unauthorised users do not get into the system by encouraging authorised users to be security conscious.
2. Data Access Control It monitors who can access what data, and for what purpose.Your system might support mandatory access controls with these. The sytem determines access rules based on the security levels of the people, the files, and the other objects in your system.
3. System and Security Administration It performs offline procedures that makes or breaks secure system.
4. System Design It takes advantage of basic hardware and software security characteristics.

Components of Computer Security
Computer security is associated with many core areas. Basic components of computer security system are

1. Confidentiality It ensures that data is not accessed by any unauthorised person.
2. Integrity It ensures that information is not altered by any unauthorised person in such a way that it is not detectable by authorised users.
3. Authentication It ensures that users are the persons they claim to be.
4. Access Control It ensures that users access only those resources that they are allowed to access.
5. Non-Repudiation It ensures that originators of messages cannot deny they are not sender of the message.
6. Availability It ensures that systems work promptly and service is not denied to authorised users.
7. Privacy It ensures that individual has the right to use the information and allows another to use that information.
8. Stenography It is an art of hiding the existance of a message. It aids confidentiality and integrity of the data.
9. Cryptography It is the science of writing information in a ‘hidden’ or ‘secret’ form and is an ancient art. It protects the data in transmit and also the data stored on the disk. Some terms commonly used in cryptography are
   1. Plain Text It is the original message that is an input.
   2. Cipher It is a bit-by-bit or character-by­character transformation without regard to the meaning of the message.
   3. Cipher Text It is the coded message or the encrypted data.
   4. Encryption It is the process of converting plain text to cipher text, using an encryption algorithm.
   5. Decryption It is the reverse of encryption, converting cipher text to plain text.

Sources of Cyber Attack
The most potent and vulnerable threat of computer users is virus attacks. A computer virus is a small software program that spreads from one computer to another and that interferes with computer operation. It is imperative for every computer user to be aware about the software and programs that can help to protect the personal computers from attacks.
The sources of attack can be

1. Downloadable Programs Downloadable files are one of the best possible sources of virus. Any type of executable file like games, screen saver are one of the major sources. If you want to download programs from the Internet then it is necessary to scan every program before downloading them.
2. Cracked Software These softwares are another source of virus attacks. Such cracked forms of illegal files contain virus and bugs that are difficult to detect as well as to remove. Hence, it is always a preferable option to download software from the appropriate source.
3. E-mail Attachments These attachments are the most common source of viruses. You must handle E-mail attachments with extreme care, especially if the E-mail comes from an unknown sender.
4. Internet Majority of all computer users are unaware as when viruses attack computer systems. Almost all computer users click or download everything that comes their way and hence unknowingly invites the possibility of virus attacks.
5. Booting from Unknown CD When the computer system is not working, it is a good practice to remove the CD. If you do not remove the CD, it may start to boot automatically from the disk which enhances the possibility of virus attacks.

Malware:
Threats to Computer Security
Malware stands for malicious software. It is a broad term that refers to a variety of malicious programs that are used to damage computer system, gather sensitive information, or gain access to private computer systems. It includes computer viruses, worms, trojan horses, rootkits, spyware, adware, etc.

Some of them are described
Virus
VIRUS stands for Vital Information Resources Under Siege. Computer viruses or perverse softwares are small programs that can negatively affect the computer. It obtains control of a PC and directs it to perform unusual and often destructive actions. Viruses are copied itself and attached itself to other programs which further spread the infection. The virus can affect or attack any part of the computer software such as the boot block, operating system, system areas, files and application program.

Type of Virus
Some common types of viruses are
Resident Virus It fixes themselves into the system’s memory and get activated whenever the OS runs and infects all the files that are then

1. It hides in the RAM and stays there even after the malicious code is executed, e.g. Randex, Meve, etc.
2. Direct Action Virus It comes into action when the file containing the virus is executed. It infects files in the folder that are specified in the AUTOEXEC.bat file path. e.g. Vienna virus.
3. Overwrite Virus It deletes the information contained in the files that it infects, rendering them partially or totally useless, once they have been infected. e.g. Way, Trj.Reboot, Trivial.88.D, etc.
4. Boot Sector Virus It is also called Master Boot Sector Virus or Master Boot Record Virus. This type of virus affects the boot sector of a hard disk. e.g. Polyboot.B, AntiEXE, etc.
5. Macros Virus It infects files that are created using certain applications or programs that contain macros, like .doc, .xls, .ppt, etc. e.g. Melissa.A.
6. File System Virus It is also called Cluster Virus or Directory Virus. It infects the directory of your computer by changing the path that indicates the location of a file, e.g. Dir-2 virus.
7. Polymorphic Virus It encrypts or encodes itself in an encrypted way, every time it infects a system. This virus then goes on to create a large number of copies, e.g. Elkern, Tuareg, etc.
8. FAT Virus It is used to store all the information about the location of files, unusable space, etc. e.g. Link virus, etc.
9. Multipartite Virus It may spread in multiple ways such as the operating system installed or the existance of certain files, e.g. Flip.
10. Web Scripting Virus Many Websites execute complex code in order to provide interesting content. These sites are sometimes created with purposely infected code. e.g. JS Fortnight.

Some common viruses are tabulated below

Year	Name
1971	Creeper
1982	Elk Cloner
1988	The Morris Internet Worm
1999	Melissa
2000	I Love You
2001	Code Red
2003	SQL Slammer
2003	Blaster
2004	Sasser
2010	Stuxnet
2011	Trojan
2012	Rootkit
2014	Generic PUP
2014	Net Worm

Effects of Virus
There are many different effects that viruses can have on your computer, depending on the types of virus. Some viruses can

1. monitor what you are doing.
2. slow down your computers performance.
3. destroy all data on your local disk.
4. affect on computer networks and the connection to Internet.
5. increase or decrease memory size.
6. display different types of error messages.
7. decrease partition size.
8. alter PC settings.
9. display arrays of annoying advertising.
10. extend boot times.
11. create more than one partition.

Worms
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Worms are hard to detect because they are invisible files.
e.g. Bagle, I love you, Morris, Nimda, etc.

Trojan
A Trojan, or Trojan Horse, is a non-self-replicating type of malware which appears to perform a desirable function but instead facilitates unauthorised access to the user’s computer system. Trojans do not attempt to inject themselves into other files like a computer virus. Trojan Horses may steal information, or harm their host computer systems. Trojans may use drive-by downloads or install via online games or Internet-driven applications in order to reach target computers. Unlike viruses, Trojan horses do not replicate themselves, e.g. Beast, Sub7.Zeus, ZeroAccess Rootkit, etc.

Spyware
It is a program which is installed on a computer system to spy on the system owner’s activity and collects all the information which is misused afterwards. It tracks the user’s behaviour and reports back to a central source.
These are used for either legal or illegal purpose. Spyware can transmit personal information to another person’s computer over the internet.
e.g. CoolWeb Search, FinFisher, Zango, Zlob Trojan, Keyloggers, etc.

Symptoms of Malware Attack
There is a list of symptoms of malware attack which indicates that your system is infected with a computer malware.
Some primary symptoms are

• Odd messages are displaying on the screen.
• Some files are missing.
• System runs slower.
• PC crashes and restarts again and again.
• Drives are not accessible.
• Antivirus software will not run or installed.
• Unexpected sound or music plays.
• The mouse pointer changes its graphic.
• System receives strange E-mails containing odd attachments or viruses.
• PC starts performing functions like opening or closing window, running programs on its own.

Some Other Threats to Computer Security
There are some other threats which are described below

1. Spoofing It is the technique to access the unauthorised data without concerning to the authorised user. It accesses the resources over the network. It is also known as ‘Masquerade’. IP spoofing is a process or technique to enter in another computer by accessing its IP address. It pretends to be a legitimate user and access to its computer via a network.
2. Salami Technique It diverts small amounts of money from a large number of accounts maintained by the system.
3. Hacking It is the act of intruding into someone else’s computer or network. Hacking may result in a Denial of Service (DoS) attack. It prevents authorised users from accessing the resources of the computer. A hacker is someone, who does hacking process.
4. Cracking It is the act of breaking into computers. It is a popular, growing subject on Internet. Cracking tools are widely distributed on the Internet. They include password crackers, trojans, viruses, war- dialers, etc.
5. Phishing It is characterised by attempting to fraudulently acquire sensitive information such as passwords, credit cards details, etc by masquerading as a trustworthy person. Phishing messages usually take the form of fake notifications from banks providers, E-pay systems and other organisation. It is a type of Internet fraud that seeks to acquire a user’s credentials by deception.
6. Spam It is the abuse of messaging systems to send unsolicited bulk messages in the form of E-mails. It is a subset of electronic spam involving nearly identical messages sent to numerous recipients by E-mails.
7. Adware It is any software package which automatically renders advertisements in order to generate revenue for its author. The term is sometimes used to refer the software that displays unwanted advertisements. A software license is a document that provides legally binding guidelines on the use and distribution of software.
8. Rootkit It is a type of malware that is designed to gain administrative level control over a computer system without being detected. Rootkits can change how the operating system functions and in some cases, can temper with the antivirus program and render it infective. Rootkits are also difficult to remove, in some cases, require a complete re-installation of the operating system.

Solutions to Computer Security Threats
Some safeguards (or solutions) to protect a computer system from accidental access, are described below

Antivirus Software
It is a application software that is designed to prevent, search for, detect and remove viruses and other malicious software like worms, trojans, adware and more. It consists of computer programs that attempt to identify threats and eliminate computer viruses and other malware.
Some Popular Antivirus

1. Avast Avg
2. K7 Kaspersky
3. Trend Micro
4. Quick Heal
5. Symantec Norton
6. McAfee

Digital Certificate
It is the attachment to an electronic message used for security purposes. The common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply. It provides a means of proving your identity in electronic transactions.

Digital Signature
It is an electronic form of a signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and also ensure that the original content of the message or document that has been sent is unchanged.

Firewall
It can either be software-based or hardware-based and is used to help in keeping a network secure. Its primary objective is to control the incoming and outgoing network traffic by analysing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set.
A network’s firewall builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external (inter) network, such as the Internet, that is not assumed to be secure and trusted. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users.

There are two forms of firewalls Hardware firewall and software firewall
Password
It is a secret word or a string of characters used for user authentication to prove identity or access approval to gain access to a resource, which should be kept secret from those who are not allowed to get access.
A password is typically somewhere between 4 to 16 characters, depending on how the computer system is setup. When a password is entered, the computer system is careful not to display the characters on the display screen, in case others might see it.
There are two common modes of password as follows

• Weak Password Easily remember just like names, birth dates, phone number, etc.
• Strong Password Difficult to break and a combination of alphabets and symbols.

File Access Permission
Most current file systems have methods of assigning permissions or access rights to specific users and group of users. These systems control the ability of the users to view or make changes to the contents of the file system. File access permission refers to privileges that allow a user to read, write or execute a file.
There are three specific permissions as follows

• Read Permission If you have read permission of a file, you can only see the contents. In case of directory, access means that the user can read the contents.
• Write Permission If you have write permission of a file, you can only modify or remove the contents of a file. In case of directory, you can add or delete contents to the files of the directory.
• Execute Permission If you have execute permission of a file, you can only execute a file. In case of directory, you must have execute access to the bin directory in order to execute it or cd command.

Terms Related to Security

1. Eavesdropping The attacker monitors transmissions for message content.
2. Masquerading The attacker impersonates an authorised user and thereby gain certain unauthorised privilege.
3. Patches It is a piece of software designed to fix problems with a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs and improving the usability and performance.
4. Logic Bomb It is a piece of code intentionally inserted into a computer’s memory that will set off a malicious function when specified conditions are met. They are also called slag code and does not replicate itself
5. Time bomb It is a piece of software, that is used to the explode at a particular time.
6. Application Gateway This applies security mechanisms to specific applications such as File Transfer Protocol (FTP) and Telnet services.
7. Proxy Server It can act as a firewall by responding to input packets in the manner of an application while blocking other packets.
   It hides the true network addresses and used to intercept all messages entering and leaving the network.

QUESTION BANK

1. A ……….. is anything that can cause harm.

1. vulnerability
2. phishing
3. threat
4. spoof
5. None of these

2. A ……….. is a small program embedded inside of a GIF image.

1. Web bug
2. cookie
3. spyware application
4. spam
5. None of these

3. A hacker contacts your phone or E-mails and attempts to acquire your password is called

1. spoofing
2. phishing
3. spamming
4. buging
5. None of these

4. The unauthorised real-time interception of a private communication such as a phone call, instant message known as

1. Replay
2. Eavesdropping
3. Patches
4. Payloads
5. None of these

5. Hackers often gain entry to a network be pretending to be at a legitimate computer

1. spoofing
2. forging
3. IP spoofing
4. All of these
5. None of these

6. The main reason to encrypt a file is to

1. reduce its size
2. secure it for transmission
3. prepare it for backup
4. include it in the start-up sequence
5. None of the above

7. Mechanism to protect network from outside attack is

1. firewall
2. antivirus
3. digital signature
4. formatting
5. None of these

8. …………… is a form of virus explicitly designed to hide itself from detection by antivirus software.

1. Stealth virus
2. Polymorphic virus
3. Parasitic virus
4. Macro virus
5. None of these

9. The first PC virus was developed in

1. 1980
2. 1984
3. 1986
4. 1988
5. 1987

10. Abuse messaging systems to send unsolicited is

1. phishing
2. spam
3. malware
4. firewall
5. adware

11. ………… are often delivered to PC through an E-mail attachment and are often designed to do harm.

1. Viruses
2. Spams
3. Portals
4. E-mail messages
5. None of these

12. The first computer virus is

1. creeper
2. PARAM
3. the famous
4. HARLIE
5. None of these

13. A time bomb occurs during a particular

1. data or time
2. logic and data
3. time
4. All of these
5. None of these

14. First boot sector virus is

1. computed
2. mind
3. brain
4. Elk Cloner
5. None of these

15. Which virus spreads in application software?

1. Macro virus
2. Boot virus
3. File virus
4. Antiyirus
5. None of these

16. Some viruses have a delayed payload, which is sometimes called a

1. time
2. anti-virus
3. bomb
4. All of these
5. None of these

17. An antivirus is a(n)

1. program code
2. computer
3. company name
4. application software
5. None of these

18. It is a self-replicating program that infects computer and spreads by inserting copies of itself into other executable code or documents.

1. Keylogger
2. Worm
3. Virus
4. Cracker
5. None of these

19. Like a virus, it is a self-replicating program. It also propagates through computer network.

1. Spyware
2. Worm
3. Cracker
4. Phishing scam
5. None of these

20. What is an E-mail attachment?

1. A receipt sent by the recipient
2. A separate document from another program sent along with an E-mail message
3. A malicious parasite that feeds off your messages and destroys the contents
4. A list of Cc : or Bcc : recipients
5. A friend to whom E-mail is sent regularly

21. Password enables users to

1. get into the system quickly
2. make efficient use of time
3. retain confidentiality of files
4. simplify file structure
5. None of the above

22. A program designed to destroy data on your computer which can travel to infect other computers, is called a

1. disease
2. tarpedo
3. hurricave
4. virus
5. None of these

23. Antivirus software is an example of

1. business software
2. an operating system
3. a security
4. an office suite
5. None of the above

24. Hackers

1. all have the same motive
2. is another name of users
3. many legally break into computer as long as they do not do any damage
4. are people who are allergic to computers
5. break into other people’s computer

25. Which was the first PC boot sector virus?

1. Creeper
2. Payload
3. Bomb
4. Brain
5. None of these

26. There are viruses that are triggered by the passage of time or on a certain date.

1. Boot-sector viruses
2. Macro viruses
3. Time bombs
4.  Worms
5. None of these

27. It is the process of finding errors in software code

1. Debugging
2. Compiling
3. Testing
4. All of these
5. None of these

28. ………… is the process of finding errors in software code?

1. Compiling
2. Testing
3. Running
4. Debugging
5. None of the above

29. Which one of the following is a cryptographic protocol used to secure http connection?                [RBI Grade B 2009]

1. Stream Control Transmission Protocol(SCTP)
2. Transport Layer Security (TLS)
3. Explicit Congestion Notification (ECN)
4. Resource Reservation Protocol (RRP)
5. None of the above

30. A firewall operated by [SBI Clerk 2010]

1. the pre-purchase phase
2. isolating intranet from extranet
3. screening packets to/from the network and provide controllable filtering of network traffic
4. All of the above
5. None of the above .

31. Which of the following is a criminal activity attempting to acquire sensitive information such as passwords, credit cards, debits by masquerading as a trustworthy person or business in an electronic communication? [IBPS Clerk 2010]

1. Spoofing
2. Phishing
3. Stalking
4. Hacking
5. None of these

32. Which one of the following is a key function of firewall?                   [SBI PO 2010]

1. Monitoring
2. Deleting
3. Copying
4. Moving
5. None of these

33. Junk E-mail is also called  [Union Bank of India 2011]

1. spam
2. spoof
3. sniffer script
4. spool
5. None of these

34. A person who uses his or her expertise to gain access to other people computers to get information illegally or do damage is a     [Allahabad Bank PO 2011]

1. spammer
2. hacker
3. instant messenger
4. All of these
5. None of these

35. Vendor created program modifications are called                        [Allahabad Bank PO 2011]

1. patches
2. antiviruses
3. hales
4. fixes
5. overlaps.

36. The ………… of a threat measures its potential impact on a system. [IBPS Clerk 2011]

1. vulnerabilities
2. counter measures
3. degree of harm
4. susceptibility
5. None of these

37. A digital signature is [SBI Clerk 2011]

1. scanned signature
2. signature in binary form
3. encrypting information
4. handwritten signature
5. None of the above

38. Which of the following a computer’s memory, but unlike a virus, it does not replicate itself ?                [SBI PO 2011]

1. Trojan horse
2. Logic bomb
3. Cracker
4. Firewall
5. None of these

39. Computer virus is [IBPS Clerk 2011]

1. a hardware
2. windows tool
3. a computer program
4. a system software
5. None of the above

40. A program designed to destroy data on your computer which can travel to “infect” other computers is called a [RBI Grade B 2012]

1. disease
2. torpedo
3. hurricane
4. virus
5. infector

41. If your computer rebooting itself then it is likely that            [SBI Clerk 2012]

1. It has a virus
2. It does not have enough memory
3. There is no printer
4. There has been a power surge
5. It need a CD-ROM

42. Viruses trojan horses and worms are  [IBPS Clerk 2012]

1. able to harm computer system
2. unable to detect if present on computer
3. user-friendly applications
4. harmless applications resident on computer
5. None of the above

43. To protect yourself from computer hacker intrusions you should install a    [RBI Grade B 2012]

1. firewall
2. mailer
3. macro
4. script
5. None of these

44. The legal right to use software based on specific restrictions is granted via a  [RBI Grade B 2012]

1. software privacy policy
2. software license
3. software password manager
4. software log
5. None of the above

45. ………. are attempts by individuals to obtain confidential information from you by falsifying their identity. [IBPS PO 2011, IBPS Clerk 2013]

1. Phishing trips
2. Computer viruses
3. Spyware scams
4. Viruses
5. Phishing scams

46. All of the following are examples of real-security and privacy risks except  [SBI PO 2011, IBPS Clerk 2014]

1. hackers
2. spam
3. viruses
4. identify theft
5. None of the above

47. Which of the following refers to dangerous programs that can be ‘caught’ of opening E-mail attachments and downloading software from the Internet? [SBI PO 2014]

1. Utility
2. Virus
3. Honey Pot
4. Spam
5. App

48. Which of the following enables to  determine how often a user visited a Website?  [IBPS Clerk 2014]

1. Hackers
2. Spammers
3. Phish
4. Identity thefts
5. Cookies

49. What is a person called who uses a computer tp cause harm to people or destroy critical systems? [IBPS Clerk 2014]

1. Cyber Terrorist
2. Black-hat-Hacker
3. Cyber Cracker
4. Hacktivist
5. Other than those given as options

50. Verification of a login name and password is known as                   [IBPS Clerk 2014]

1. configuration
2. accessibility
3. authentication
4. logging in
5. Other than those given as options

51. ………. refers to the unauthorised copying and distribution of software.  [IBPS Clerk 2014]

1. Hacking
2. Software piracy
3. Software literacy
4. Cracking
5. Copyright

52. Software such as Viruses, Worms and Trojan Horses that has a malicious content, is  known as              [IBPS Clerk 2014]

1. Malicious software (malware)
2. adware
3. scareware
4. spyware
5. firewall

53. ……… are often delivered to a PC through an mail attachment and are often designed to do harm.         [IBPS PO 2015]

1. Portals
2. Spam
3. Viruses
4. Other than those given as options
5. E-mail messages

54. A computer virus normally attaches itself to another computer program known as a  [IBPS PO 2015]

1. host program
2. target program
3. backdoor program
4. Bluetooth
5. Trojan horse

55. If you are allowing a person on the network based on the credentials to maintain the security of your network, then this act refers to the process of [IBPS PO 2016]

1. Authentication
2. Automation
3. Firewall
4. Encryption
5. Decryption

ANSWERS