New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here


by: Kayla Peel


Kayla Peel
GPA 3.5

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

module 3 notes for cs 202
Intro to the Internet
Ralph E. Hooper
Study Guide
50 ?




Popular in Intro to the Internet

Popular in ComputerScienence

This 5 page Study Guide was uploaded by Kayla Peel on Wednesday March 30, 2016. The Study Guide belongs to CS 202 at University of Alabama - Tuscaloosa taught by Ralph E. Hooper in Winter 2016. Since its upload, it has received 20 views. For similar materials see Intro to the Internet in ComputerScienence at University of Alabama - Tuscaloosa.

Similar to CS 202 at UA

Popular in ComputerScienence


Reviews for CS 202 MODULE 3 NOTES


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 03/30/16
MODULE 3 NOTES  Security Basics o Security: broadly defined as the protection of assets from unauthorized access,  use, alteration, or destruction. o Threat: any act or object that endangers an asset  Usually classified in 3 categories  Security Threat: occurs when data is disclosed to an unauthorized  party  Integrity Threat: results in unauthorized data modification  Necessity Threat: causes data delays or denials o Countermeasure: a physical or logical procedure that recognizes, reduces, or  eliminates a threat.  The best way to safeguard against a threat is to prevent it from occurring  in the first place  In some cases, one needs to plan for losses in service or theft by  purchasing insurance or installing backup systems  Machine­level Security: refers to actions taken to protect information on a computer that  may or may not be connected to a computer network or the internet o Authentication: A security process in which the identity of a person is verified o Two­step Verification: requires a combo of a password with a verification code  sent to the user’s phone. Typically, only required if the account is accessed from  an unrecognizable computer o Encryption: A security technique that uses high­level mathematical functions and  computer algorithms to encode data so that it is unintelligible to all but the sender  and recipient o Data Backup: a process in which copies of important computer files are stored in  a safe place to guard against data loss  Data may be lost due to hardware failure, human error, software  corruption, hackers, malware, or natural disasters.  Network Security: concerned with addressing vulnerabilities and threats in computer  networks that may or may not be connected to the internet. o Permissions (file system permission): the specific access privileges afforded to  each network user and each system resource in terms of which files, folders, and  drives each use can read, write, and execute. o Interior Threats: network security threats that originate from within a network,  typically from registered users.  Users Mistakes That Threaten Computer Security o Data: entry errors o Errors in computer programming o Improper installation and setup of computer system o Mishandling dangerous computer activity o Uninformed dangerous computer activity o Inadequate planning for and control of equipment malfunctions o Inadequate planning for and control of electrical problems, humidity problems,  and other environmental difficulties  Network usage Policy: a document, agreement, or contract that defines acceptable and  unacceptable uses of computer and network resources for a business or organization. o Network and computer use:  Users are responsible for maintaining the security of their password  Users are responsible for using the network facilities in a manner that is  ethical, legal, and not to the detriment of others  It is against federal law and corporate policy to violate the license on  computer software  Users must request permission of system administration for the installation of software and provide proof of ownership of the software license o Email use:   Employees shall use corporate email system only for corporate business  purposes  Email systems shall not be used for transmission or storage of information  that promotes discrimination   Employees must use judgment on the type of information sent through  email  The office may access an employees email media  The use of network systems to send and forward chain letters and other  inappropriate messages is prohibited o Internet use:   The use of internet access and the web should be restricted to corporate  business purposes  Users shall request the permission of system administration before  installing web plug­in applications  The use of peer­to­peer networks and fire­sharing software is strictly  forbidden  Wireless Security: the unique threats and defenses associated with wireless computer  networks o One of the most serious mistakes that home users make when installing a wireless network is the failure to change the default login for a device  Makes it possible for anyone who already knows the manufacturers  generic default login information to access the wireless network  Methods for Securing Wireless Networks: Default login 1. Change the default login and password for the wireless router or access point 2. Change the default SSID. Be sure to type the name in the desired case, as the  SSID is case sensitive, 3. Obtain the MAC addresses of the wireless devices that will connect to the wirless  network, and then enter their MAC addresses using the configuration for the  wireless router or device 4. Enable MAC address filtering on the wireless router or access point 5. Enable the highest level of security that your wireless devices and wireless router  or access point can manage. Be sure to use the most secure key to the wireless  router or access point offers. If you must use WEP, change the passphrase  occasionally. 6. Make sure that all of your wireless devices can connect to the wireless network  with the settings you’ve implemented. 7. Disable the SSID for your wireless router or access point 8. When not using the wireless network for an extended period of time, such as  when leaving on vacation, power it off.  Understanding Security Threats to Wireless Devices o Over­the­Shoulder Attacks: an unauthorized person uses his or her physical  proximity to your device to attempt to get your login information, passwords, or  other sensitive data while you’re working o Evil Twin Attack (Café latte attack): when a hacker gathers information about an  access point and then uses that information to set up his own computer to  impersonate the access point  When you use a free public hotspot, the data you send is not usually  encrypted or secure and so it is subject to hackers using sniffer programs o Man­in­the­middle Attack (MITM attack): when transmissions that are being sent  between two devices are intercepted by a third party. o Wardriving: a malicious activity that involves driving through a neighborhood  with a wireless­enabled notebook computer with the goals of locating homes and  business that have wireless networks in order to gain access to them  To protect a Bluetooth device from an attack, you can disable the device’s  Bluetooth feature so that its signal is invisible or in undiscoverable mode  Internet Security: the unique threats and defenses associated with computers connected to the internet o Hacker: an individual who subverts computer security with out authorization o Blue­hat hacker: a hacker who takes advantage of security vulnerabilities to gain  unlawful access to private networks for unethical purposes o White­hat hacker: an individual who considers himself/herself to be working for  the common good by hacking into networks in order to call attention to flaws in  security so that they can be fixed o Gray­hat hacker: a hacker of questionable ethics o Script kid or kiddie: a person with little tech knowledge who follows the  instructions of others to hack networks o Hacktivist: a hacker who hacks networks for a social cause or perceived greater  good o Firewall: network hardware or software that examines data packets flowing in and sometimes out of a network or computer in order to filter out packets that are  potentially dangerous o Software patch (security patch): fixes software bugs and flaws and is typically  distributed to software users through online software updates o Malware (malicious software): includes any software designed to damage,  corrupt, or illegally manipulate computer resources. Common forms include  viruses, worms, and spyware. o Antivirus software (virus scan software): uses several teen to find viruses, worms, and spyware on a computer system; remove them if possible; and keep additional  viruses, worms, and spyware from infecting the system o Botnet (botnet army): refers to a collection of computers autonomously or  automatically working together toward some goal; these are often zombie  computers that are synchronized to perform illegal activities on the internet. o Cyber warfare: extends traditional forms of warfare to the internet and the web,  including espionage, psychological warfare, and attacks o Identity Theft: the criminal act of stealing information about a person to assumer  that person’s identity in order to commit fraud or other crimes o Internet Fraud: the crime of deliberately deceiving a person over the internet in  order to damage them or to obtain property or services unlawfully. o Digital Certificate (SSL Certificate): a type of electronic business card that is  attached to internet transaction data to verify the sender of the data o Phishing Scam: combines fraudulent email with faked websites in order to trick a  person into providing private information that can be used for identity theft o Information Security Laws: seek to protect the civil rights of populations from  abuses of information systems and the internet.  U.S. Information Security Laws o Consumer internet privacy protection act of 1997  Requires data collectors to alert people that their personal information is  being shared with other organizations o Children’s online privacy protection act of 2000  Gives parents control over what information is collected from their  children online and how such information may be used o Information protection and security act of 2005  Gives the FTC the ability to regulate the sale of personal information o Notification of risk to personal data act of 2003  Requires business to notify individuals when their personal information is  stolen o Identity theft protection act of 2005  Requires businesses to secure sensitive data data physical and  technologically and to notify consumers nation wide when data is  compromised o Health insurance portability and accountability act (HIPAA) of 1996  Requires those in the health industry to protect the privacy of health  information and provides policies and procedures for doing so. o Sarbanes­Oxley Act (“Sarbox”) of 2002  Fights corporate corruption by imposing stringent reporting requirements  and internal controls on electronic financial records and transactions o Gramm­Leach­Blilley Act (GLBA) of 1999  Requires banks and financial institutions to alert customers of their  policies and practices in disclosing customer information.


Buy Material

Are you sure you want to buy this material for

50 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

Janice Dongeun University of Washington

"I used the money I made selling my notes & study guides to pay for spring break in Olympia, Washington...which was Sweet!"

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Parker Thompson 500 Startups

"It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.