Computer Security

HoneyPot Systems.

According to DoD 5400.11-R, May 14, 2007:

C10.6.1. When a loss, theft, or compromise of information occurs (See Chapter 1 of this regulation) the breach shall be reported to: C10.6.1.1. The United States Computer Emergency Readiness Team (US CERT) within one hour of discovering that a breach of personally identifiable information has occurred. Components shall establish procedures to ensure that US CERT reporting is accomplished in accordance with the guidance set forth at www.us-cert.gov. The underlying incident that led to the loss or suspected loss of PII (e.g., computer incident, theft, loss of material, etc.) shall continue to be reported in accordance with established procedures (e.g., to designated computer Network Defense (CND) Service Providers, Chairman of the Joint Chiefs of Staff Manual 6510.01), law enforcement authorities, the chain of command, etc).

C10.6.1.2. The Senior Component Official for Privacy (Reference (a)) within 24 hours of discovering that a breach of personally identifiable information has occurred. The Senior Component Official for Privacy, or their designee, shall notify the Defense Privacy Office of the breach within 48 hours upon being notified that a loss, theft, or compromise has occurred.

In addition, most DoD entities have local policies requiring you to report the loss of the device to your supervisor and local security office.

A BIOS password prevents a computer from loading the operating system. A login password is prevents the user from accessing the rest of the operating system such as their programs, internet etc.

Assigning users to groups simplifies the administration of security by allowing permissions to be assigned to users based on their groups rather than having to assign permissions to each user.

Of the conman ones in use today MD5 is the least secure.

No..... previously i used bitdefender it works better but it cannot delete the virus in packages and somewhat complex to use and to update I suggest you to use Kaspersky...... for any questions you can ask me at http://umamahesh88.blogspot.com/ UMA MAHESH

A physical firewall, router, modem. (if this is for a class then you might have to argue this point, a physical firewall is a piece of equipment but it is still software that does everything.)

A lock on the computer case.

Risk can be quantified by their likelihood of exploitation, the impact of exploitation. These two factors can be weighted according to what is most important to you. Normally rankings would be based on equal weightings. Impact can be further subdivided into impact in terms of lost time, lost revenue, cost to correct, lost reputation, etc.

The term "bogus website" is an informal term usually applied to a few different kinds of websites:

1) a website that is set up to mimic a legitimate website of an entity - perhaps a site meant to fool people into thinking they have reached their bank's web site. This kind of bogus web site is frequently used by miscreants who are conducting phishing attacks as a means of deceiving people into disclosing sensitive information that can be exploited for such nefarious purposes as stealing their identity, stealing money from them, stealing corporate information, or planting malware on their computers.

2) a website that is set up as a kind of Trojan Horse where people come thinking they are getting something but the jerk who set it up uses it to conduct a drive-by download of malware to the visitor's computer

3) a website that is set up to fool the user into thinking they are visiting a company or government website but which is actually being used to spread disinformation about the targeted entity. The creator(s) may conduct an attack to misdirect people to their bogus website instead of the correct website. This kind of website would probably fall under the category of either propaganda or hacktivism.

A user's private key is kept private and known only to the user. The user's public key is made available to others to use. The private key can be used to encrypt a signature that can be verified by anyone with the public key. Or the public key can be used to encrypt information that can only be decrypted by the possessor of the private key

Privilege escalation

It varies and depends on the complexity of your systems, but most companies would check their systems with a penetration test at least once a year. Make sure to make it a yearly habit in order to protect youru computer systems from malicious hackers.

One of the new great Grey hat hacker that I know is Gurcharanjit Singh Punjab/India. He is currently doing engineering degree in computers. He's currently not engaged with a particular organization and working independently. He is published many times by UK's most popular magazine EETimes.

DBMS stands for DataBase Management System. So it's role is basically to manage the database. More specifically this software controls the storage, organization, retrieval, integrity and security of the data in the database.

It is used to encrypt messages.

The KOV-26 Talon is Type-1 encryptor manufactured and sold by L-3 Communications. It is a PCMCIA card that encrypts traffic sent through it (an in-line Network Encryptor). It is primarily intended for use with mobile computers such as laptops, although it can be used with desktop computers as well. Is is sold with adapters that allow it to connect to Ethernet, WiFi (802.11 b/g), dial-up modem (V.90), and serial (RS-232). It is capable of using a variety of key management protocols.

It can be used to encrypt communications up to and including TS/SCI. As such, it is a COMSEC Controlled Cryptographic Item (CCI) releasable to CCEB Nations and NATO - U.S., U.K., Canada, Australia, and New Zealand.

Modern operating systems can have their interface "locked" so that the user logged in will not have their files looked at while they are away. This is enabled by default on most new operating systems as a security feature, but can be disabled by checking the screen saver or power saver options. You may turn this feature off if you would like, but it's generally considered a good idea to keep it on, as a matter of security.

Password guessing is usually more of an art or a brute force method of cracking a password. As such it doesn't require much sophistication - anyone can guess at passwords - but it is extremely limited and unlikely to correctly guess passwords created with proper complexity.

5220.22-M does not specify a standard, only that media that stored security-clearance required files must be sanitized. The Defense Security Service defines the Clearing and Sanitization Matrix, which actually specifies what actions must be taken for various types of media.

When a computer is in Sleep mode, the programs are ready to run again but do not actually run. Therefore scans cannot be done in Sleep mode with conventional Antivirus software.

A well chosen pass phrase can be used to generate an easy to remember password. The password can be generated by taking just the first letters of each word in the pass phrase and adding characters and numbers (or substituting them - like 4 or @ in place of A and 1 or ! in place of L etc). The resulting password will be fairly easy to remember or recreate but tough to guess.

kau na lang ang sumagot....di ko kasi alam ehhh...

Go to "Tools" then "Internet Options" then go to the "Content" tab and click parental controls