ORQUIA, ANNDHREA S.

BSA -32 Prof. Ardhee Dela Cruz

Chapter 2-Auditing IT Governance and Controls

SHORT ANSWER

1. What is a virus?

- A virus is a program that attaches itself to another legitimate program in order to penetrate
the operating system.

2. List three methods of controlling unauthorized access to telecommunication messages.

a. call-back devices;
b. data encryption;
c. message sequence numbering;
d. message authentication codes;
e. message transaction logs; and
f. request-response technique

3. What are some typical problems with passwords?

a. users failing to remember passwords;
b. failure to change passwords frequently;
c. displaying passwords where others can see them;
d. using simple, easy-to-guess passwords

4. Discuss the key features of the one-time password technique:

- The one-time password was designed to overcome the problems associated with
reusable passwords. The user’s password changes continuously. This technology employs a
credit card-sized smart card that contains a microprocessor programmed with an algorithm that
generates, and electronically displays, a new and unique password every 60 seconds. The card
works in conjunction with special authentication software located on a mainframe or network
server computer. Each user’s card is synchronized to the authentication software, so that at any
point in time both the smart card and the network software are generating the same password
for the same user.

5. What is event monitoring?

- Event monitoring summarizes key activities related to system resources. Event logs
typically record the IDs of all users accessing the system; the time and duration of a user’s

1
 session; programs that were executed during a session; and the files, databases, printers, and
other resources accessed.

6. What are the auditor's concerns in testing EDI controls?

- When testing EDI controls, the auditor's primary concerns are related to ascertaining
that EDI transactions are authorized, validated, and in compliance with organization policy, that
no unauthorized organizations gain access to records, that authorized trading partners have
access only to approved data, and that adequate controls are in place to maintain a complete
audit trail.

7. What can be done to defeat a DDoS Attack?

- Intrusion Prevention Systems (IPS) that employ deep packet inspection (DPI) are a
countermeasure to DDoS attacks.

8. What is deep packet inspection?

- DPI is a technique that searches individual network packets for protocol non-compliance
and can identify and classify malicious packets based on a database of known attack signatures.

9. Explain how smurf attacks can be controlled.

- The targeted organization can program their firewall to ignore all communication from
the attacking site, once the attackers IP address is determined.

10. Explain how SYN Flood attacks can be controlled.

Two things can be done:

First, Internet hosts can program their firewalls to block outbound message packets that
contain invalid internal IP addresses.

Second, security software can scan for half-open connections that have not been
followed by an ACK packet. The clogged ports can then be restored to allow legitimate
connections to use them.

11. Discuss the private key encryption technique and its shortcomings.
- To encode a message, the sender provides the encryption algorithm with the key, which
produces the ciphertext message. This is transmitted to the receiver’s location, where it is
decoded using the same key to produce a cleartext message. Because the same key is used for
coding and decoding, control over the key becomes an important security issue. The more
individuals that need to exchange encrypted data, the greater the chance that the key will

2
 become known to an intruder who could intercept a message and read it, change it, delay it, or
destroy it.

12. Discuss the public key encryption technique.

- This approach uses two different keys: one for encoding messages and the other for
decoding them. The recipient has a private key used for decoding that is kept secret. The
encoding key is public and published for everyone to use. Receivers never need to share private
keys with senders, which reduces the likelihood that they fall into the hands of an intruder. One
of the most trusted public key encryption methods is Rivest-Shamir-Adleman (RSA). This method
is, however, computationally intensive and much slower than private key encryption.

The End!