Catatan

Software Piracy

  a) What is Software Piracy? Software Piracy : Definition : Software piracy refers to the unauthorized use, reproduction, distribution, or sale of software. It involves copying, sharing, or using software without proper licensing or permission from the software's copyright holder. Forms of Software Piracy : Illegal Copying : Duplication of software without authorization, such as copying and distributing software through CDs, DVDs, or digital files. Unlicensed Distribution : Sharing software through peer-to-peer networks or online platforms without proper licensing. Cracked Software : Using software that has been tampered with to bypass licensing or activation mechanisms, making it possible to use the software without a valid license. Software Counterfeiting : Producing and selling fake copies of software that appear to be legitimate. Implications : Legal Consequences : Engaging in software piracy can result in legal actions, fines, and penalties for violating copyright laws. Secur...

Next Generation Secure Computing Base (NGSCB)

  a) What is Next Generation Secure Computing Base (NGSCB)? Next Generation Secure Computing Base (NGSCB) : Definition : NGSCB is a Microsoft technology designed to enhance the security and integrity of computing systems by providing a robust platform for running sensitive applications and protecting data. It is an evolution of the concept of Trusted Computing, which focuses on creating a secure computing environment through hardware and software-based protections. Purpose : NGSCB aims to address various security concerns, including malware attacks, unauthorized access, and data breaches, by establishing a trusted environment that ensures the integrity of both the operating system and the applications running on it. Components : NGSCB integrates hardware-based security features with software technologies to create a trusted computing environment. It involves a combination of trusted hardware, secure boot processes, and trusted software components. b) Two Primary System Components o...

SSL and TLS

  a) Protocol Used to Securing the Transport Layer of TCP/IP Protocol : Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Purpose : Both SSL and TLS are cryptographic protocols designed to provide secure communication over networks by encrypting data transmitted between clients and servers. They ensure data integrity, confidentiality, and authentication. Operation : They work at the Transport Layer of the TCP/IP model, typically implemented to secure HTTP traffic (resulting in HTTPS), as well as other protocols like SMTP, POP3, and IMAP when securing email communications. b) Differentiate SSL and TLS in Terms of Security Level 1. SSL (Secure Sockets Layer): Versions : SSL has several versions, including SSL 2.0 and SSL 3.0. SSL 2.0 is deprecated due to significant security flaws and vulnerabilities. Security Level : SSL 3.0 : While SSL 3.0 introduced improvements over SSL 2.0, it is still considered insecure by modern standards. Vulnerabilities such as the POODLE (Padding...

What is an XSS Attack?

  a) What is an XSS Attack? Cross-Site Scripting (XSS) Attack : Definition : An XSS attack is a type of security vulnerability in web applications where an attacker injects malicious scripts into content that is viewed by other users. These scripts are executed in the context of the victim’s browser, potentially compromising the security of the user’s data and interactions with the website. Types : Stored XSS : Malicious script is stored on the server and delivered to users when they request the stored data (e.g., in a comment section or user profile). Reflected XSS : Malicious script is included in the URL or request and immediately reflected back by the server in the response (e.g., in search results or error messages). DOM-Based XSS : Malicious script is executed as a result of manipulating the Document Object Model (DOM) in the browser, without new pages being loaded or server-side code being involved. Impact : XSS attacks can lead to various security issues such as session hij...

Access Token

  a) What is an Access Token? Access Token : Definition : An access token is a data structure in the Windows operating system that contains security information about a user or process. It is used to manage and enforce access control policies for system resources. Components : User’s SID : Security Identifier of the user or process to which the token belongs. Group SIDs : Security Identifiers for the groups to which the user or process belongs. Privileges : Special rights or permissions assigned to the user or process. Token Attributes : Information such as token expiration and session ID. Purpose : The access token is used by the operating system to determine whether a user or process has the necessary permissions to access a resource or perform an action. It is created at logon and assigned to user sessions, processes, and threads to enforce access control and security policies. b) How Windows Operating System Implements Access Control Using SID, Access Tokens, and Access Control...

What is Data Privacy?

  Data Privacy refers to the protection of personal and sensitive information from unauthorized access, use, or disclosure. It focuses on ensuring that individuals have control over their own data and that their personal information is handled in a manner that respects their privacy and complies with relevant laws and regulations. Key Aspects of Data Privacy : Control : Individuals should have control over how their personal data is collected, used, and shared. Consent : Data should be collected and processed only with the individual's informed consent. Transparency : Organizations should be transparent about their data collection practices and how data is used. Rights : Individuals should have the right to access, correct, and delete their personal data. Example : Personal Information : Data privacy involves ensuring that personal details such as names, addresses, and financial information are protected and not misused by organizations or third parties. b) Can Security Mechanisms...

Why learning computer ethics can significantly improve computer security?

  a) Why Learning Computer Ethics Can Significantly Improve Computer Security Awareness of Security Risks : Understanding Consequences : Learning about computer ethics helps users understand the potential consequences of unethical behavior, such as data breaches, identity theft, and damage to systems. This awareness can make users more cautious and responsible in their actions, reducing the likelihood of intentional or unintentional security breaches. Recognizing Threats : Ethical training teaches users to recognize and avoid common security threats, such as phishing attacks or malware. By understanding these risks, users are less likely to fall victim to or inadvertently contribute to security issues. Promotion of Responsible Behavior : Ethical Decision-Making : Education in computer ethics fosters a culture of responsibility and integrity. Users are more likely to follow best practices, such as strong password management, proper handling of sensitive data, and respecting privacy ...