0
Computer Security
Computer security is the prevention/detection of, and response to, any unauthorized actions by users of a computer system. Questions about security practices and principles belong here.
1,022 Questions
What is number 1 password be security?
If you want the most often used passwords, it looks like 123456 and password are the top two on the list, that I found.
What can only be encrypted with a public key and decrypted with a private key?
When one key is used for encryption and a different key is used for decryption this is call asymmetric cryptography. A good example of this is PGP (pretty good privacy). PGP is used to secure email. It accomplishes this by generating a pair of keys for each user. After the keys have been generated each user shares one key their public key and keeps their privet key secret. When someone wants to email a person who is using PGP they encrypt their message with the recipient's public key. This ensures that the message cannot be snooped on during transit and that only the person who has the corresponding privet key can decrypt the message.
How do you launch a coordinated DDos attack?
Using software such as LOIC (Low Orbit Ion Cannon), many people can launch an attack against a website, server or router at the same time. This is a coordinated DDoS attack.
DoS and DDoS attacks are illegal under the law.
Which can be used to launch a coordinated DDoS attack?
HOIC (High Orbital Ion Cannon) can be used to launch both DoS and DDoS attacks. DoS and DDoS attacks are against the law, so I advise you that if you don't want to get arrested, you shouldn't execute one. Obviously you will be caught in the act if you do because you are a n00b.
What does it mean when it says 7 characters long and contain at least 1 number?
Characters are letters, numbers or symbols, not including spaces.
You are being asked to create a password that is made up of 7 letters, numbers or symbols that has at least one number in it.
Examples:
- greyparrot3
- mous3_and_chee$e
- 6GummyBears
- Seven_7
What can be used to launch a coordinated DDoS attack?
Basically, you just need a lot of computers. Not four of five, but more like a server farm. You will also need a program to drive each computer, telling it to download over and over.
--Please don't try it.
What is the correct definition of Differential backup?
A differential backup backs up all changes since the last full backup. To restore everything only the last full backup and the last differential backup are needed.
What are the two names of the most popular hashing algorithms?
Both SHA-1 and MD5 are good hashing algorithms. The primary difference
between the two is speed; MD5 is faster to process than SHA.
According to DoD 5400.11-R, May 14, 2007:
C10.6.1. When a loss, theft, or compromise of information occurs (See Chapter 1 of this regulation) the breach shall be reported to: C10.6.1.1. The United States Computer Emergency Readiness Team (US CERT) within one hour of discovering that a breach of personally identifiable information has occurred. Components shall establish procedures to ensure that US CERT reporting is accomplished in accordance with the guidance set forth at www.us-cert.gov. The underlying incident that led to the loss or suspected loss of PII (e.g., computer incident, theft, loss of material, etc.) shall continue to be reported in accordance with established procedures (e.g., to designated computer Network Defense (CND) Service Providers, Chairman of the Joint Chiefs of Staff Manual 6510.01), law enforcement authorities, the chain of command, etc).
C10.6.1.2. The Senior Component Official for Privacy (Reference (a)) within 24 hours of discovering that a breach of personally identifiable information has occurred. The Senior Component Official for Privacy, or their designee, shall notify the Defense Privacy Office of the breach within 48 hours upon being notified that a loss, theft, or compromise has occurred.
In addition, most DoD entities have local policies requiring you to report the loss of the device to your supervisor and local security office.
What is the difference in the protection offered be a BIOS password vs a Login password?
A BIOS password prevents a computer from loading the operating system. A login password is prevents the user from accessing the rest of the operating system such as their programs, internet etc.
How does assigning users to groups simplify the process of administering security?
Assigning users to groups simplifies the administration of security by allowing permissions to be assigned to users based on their groups rather than having to assign permissions to each user.
What is the most insecure hash for storing passwords?
Of the conman ones in use today MD5 is the least secure.
Is kaspersky better than bitdefender?
No..... previously i used bitdefender it works better but it cannot delete the virus in packages and somewhat complex to use and to update I suggest you to use Kaspersky...... for any questions you can ask me at http://umamahesh88.blogspot.com/ UMA MAHESH
What are physical security computer components?
A physical firewall, router, modem. (if this is for a class then you might have to argue this point, a physical firewall is a piece of equipment but it is still software that does everything.)
A lock on the computer case.
What are some of the criteria that can be used to rank security risks?
Risk can be quantified by their likelihood of exploitation, the impact of exploitation. These two factors can be weighted according to what is most important to you. Normally rankings would be based on equal weightings. Impact can be further subdivided into impact in terms of lost time, lost revenue, cost to correct, lost reputation, etc.
What does Bogus Websites mean?
The term "bogus website" is an informal term usually applied to a few different kinds of websites:
1) a website that is set up to mimic a legitimate website of an entity - perhaps a site meant to fool people into thinking they have reached their bank's web site. This kind of bogus web site is frequently used by miscreants who are conducting phishing attacks as a means of deceiving people into disclosing sensitive information that can be exploited for such nefarious purposes as stealing their identity, stealing money from them, stealing corporate information, or planting malware on their computers.
2) a website that is set up as a kind of Trojan Horse where people come thinking they are getting something but the jerk who set it up uses it to conduct a drive-by download of malware to the visitor's computer
3) a website that is set up to fool the user into thinking they are visiting a company or government website but which is actually being used to spread disinformation about the targeted entity. The creator(s) may conduct an attack to misdirect people to their bogus website instead of the correct website. This kind of website would probably fall under the category of either propaganda or hacktivism.
What kind of attack that the attacker is able to access administrator-level resources as a result?
Privilege escalation
When should a technician perform penetration testing?
It varies and depends on the complexity of your systems, but most companies would check their systems with a penetration test at least once a year. Make sure to make it a yearly habit in order to protect youru computer systems from malicious hackers.
What are the roles of Public and Private Key?
A user's private key is kept private and known only to the user. The user's public key is made available to others to use. The private key can be used to encrypt a signature that can be verified by anyone with the public key. Or the public key can be used to encrypt information that can only be decrypted by the possessor of the private key
What does the Logon Hours property of a user account control?
During valid logon hours, users can work as they normally do. They can log on to the network and access network resources. During restricted logon hours, users can't work. They can't log on to the network or make connections to network resources. If users are logged on when their logon time expires, what follows depends on the account policy you've set for them. Generally, one of two things happens to the user:
Forcibly disconnected You can set a policy that tells Windows 2000 to forcibly disconnect Windows 2000 users when their logon hours expire. If this policy is set, remote Windows 2000 users are disconnected from all network resources and logged off the system when their hours expire.
Not disconnected Users aren't disconnected from the network when they enter the restricted hours. Instead, Windows 2000 simply doesn't allow them to make any new network connections.
Access the user's Properties dialog box in Active Directory Users And Computers and then choose the Account tab.
Click the Logon Hours button. Set the valid and invalid logon hours using the Logon Hours dialog box shown. In this dialog box each hour of the day or night is a field that can be turned on and off. To change the setting for an hour, click it. Then select either the Logon Permitted or Logon Denied option button.
Hours that are allowed are filled in with a dark bar.
Hours that are disallowed are blank.
Who are gray hat hackers in India?
One of the new great Grey hat hacker that I know is Gurcharanjit Singh Punjab/India. He is currently doing engineering degree in computers. He's currently not engaged with a particular organization and working independently. He is published many times by UK's most popular magazine EETimes.
What are the characteristics of a strong password?
Actually, it would be considered stronger to use a pass phrase. Use several easy to type words that make up more than 25 characters and use a special character or two like the ones above your number keys.
Uses uppercase, lowercase, numbers
Does not use any part of the user's name
Uses non-alphanumeric characters
