Professional Documents
Culture Documents
Short Questions
1. Define the followings: Ethics (158), Profiling (161), Liability (165), Due process (165),
Responsibility (163), Accountibility (163).
ans: Ethics refers to the principles of right and wrong that individuals, acting as free moral
agents, use to make choices to guide their behaviors.
The use of computers to combine data from multiple sources and create electronic dossiers of
detailed information on individuals is called profiling.
Responsibility is a key element of ethical action. Responsibility means that you accept the
potential costs, duties, and obligations for the decisions you make.
Accountability is a feature of systems and social institutions. It means that mechanisms are in
place to determine who took responsible action, and who is responsible.
Liability extends the concept of responsibility further to the area of laws. Liability is a feature of
political systems in which a body of laws is in place that permits individuals to recover the
damages done to them by other actors, systems, or organizations.
Due process is a related feature of law governed societies and is a process in which laws are
known and understood, and there is an ability to appeal to higher authorities to ensure that the
laws are applied correctly.
ans: 1. Do unto others as you would have them do unto you (the Golden Rule).
2. If an action is not right for everyone to take, it is not right for anyone (Immanuel Kant’s
Categorical Imperative).
3. If an action cannot be taken repeatedly, it is not right to take at all. This is the slippery slope
rule.
4. Take the action that achieves the higher or greater value (Utilitarian Principle).
5. Take the action that produces the least harm or the least potential cost (Risk Aversion
Principle).
6. Assume that virtually all tangible and intangible objects are owned by someone else unless
there is a specific declaration otherwise. (This is the ethical “no free lunch” rule). If something
someone else has created is useful to you, it has value, and you should assume the creator wants
compensation for this work.
ans: 1. Information rights and obligations. What information rights do individuals and
organizations possess with respect to themselves? What can they protect?
2. Property rights and obligations. How will traditional intellectual property rights be protected
in a digital society in which tracing and accounting for ownership are difficult and ignoring such
property rights is so easy?
3. Accountability and control. Who can and will be held accountable and liable for the harm
done to individual and collective information and property rights?
4. System quality. What standards of data and system quality should we demand to protect
individual rights and the safety of society?
5. Quality of life. What values should be preserved in an information and knowledge based
society? Which institutions should we protect from violation? Which cultural values and
practices are supported by the new information technology?
CHAPTER 7
Short Questions
ans: two or more computing devices connected together for the purpose of sharing resources is
called a computer network.
2. What are the major functions of Hubs, Switches, and Routers in computer networks?
ans: Hub is a device which connects all devices together and broadcasts data to every connected
device.
Switches are devices which connect different devices together and send data only to its
destination.
Router:
ans: Client/server computing is a distributed computing model in which some of the processing
power is located within small, inexpensive client computers, and resides literally on desktops,
laptops, or in handheld devices.
Diagram:
ans: Packet switching is a method of slicing digital messages into parcels called packets, sending
the packets along different communication paths as they become available, and then
reassembling the packets once they arrive at their destinations.
Diagram: check p-293 figure 7.3
5. Define the followings: Protocols (294), TCP/IP (294), Analog signal (295), Digital Signal
(295), Modem (296), LAN (296), CAN (296), MAN (296), WAN (296), Bandwidth (297), IP
Address (299), IPv6 (304), DNS (299), VoIP (306), VPN (309), URL (310), SEO (313),
Shopping Bots (315).
ans: A protocol is a set of rules and procedures governing transmission of information between
two points in a network.
A local area network (LAN) is designed to connect personal computers and other digital
devices within a half-mile or 500-meter radius.
Campus area network (CAN) is a network that spans up to 1,000 meters (a mile); a college
campus or corporate facility.
A metropolitan area network (MAN) is a network that spans a metropolitan area, usually a city
and its major suburbs.
Wide area networks (WAN) span broad geographical distances entire regions, states,
continents, or the entire globe.
The bandwidth is the difference between the highest and lowest frequencies that can be
accommodated on a single channel.
Internet Protocol (IP) address, which currently is a 32-bit number represented by four strings
of numbers ranging from 0 to 255 separated by periods.
IPv6 (Internet Protocol version 6), which contains 128 bit addresses (2 to the power of 128).
Voice over IP (VoIP) technology delivers voice information in digital form using packet
switching.
A virtual private network (VPN) is a secure, encrypted, private network that has been
configured within a public network to take advantage of the economies of scale and management
facilities of large networks, such as the Internet.
The directory path and document name are two more pieces of information within the Web
address that help the browser track down the requested page. Together, the address is called a
uniform resource locator (URL).
Search engine optimization (SEO) is the process of improving the quality and volume of Web
traffic.
Shopping bots use intelligent agent software for searching the Internet for shopping information.
ans: The world’s largest and most widely used network is the Internet. The Internet is a global
“network of networks” that uses universal standards to connect millions of different networks
with nearly 3 billion users in over 230 countries around the world.
Diagram:
7. Draw the diagram of TCP/IP reference model by DOD (294). Briefly describe each layer
in the model. (p-294, 295)
ans: 1. Application layer. The Application layer enables client application programs to access
the other layers and defines the protocols that applications use to exchange data. One of these
application protocols is the Hypertext Transfer Protocol (HTTP), which is used to transfer Web
page files.
2. Transport layer. The Transport layer is responsible for providing the Application layer with
communication and packet services. This layer includes TCP and other protocols.
3. Internet layer. The Internet layer is responsible for addressing, routing, and packaging data
packets called IP datagrams. The Internet Protocol is one of the protocols used in this layer.
4. Network Interface layer. The Network Interface layer is responsible for placing packets on
and receiving them from the network medium, which could be any networking technology.
ans: Radio frequency identification (RFID) systems provide a powerful technology for
tracking the movement of goods throughout the supply chain. RFID systems use tiny tags with
embedded microchips containing data about an item and its location to transmit radio signals
over a short distance to RFID readers.
A microchip holds data including an identification number. The rest of the tag is an antenna that
transmits data to a reader. Has an antenna that constantly transmits. When it senses a tag, it
wakes it up, interrogates it, and decodes the data. Then it transmits the data to a host system over
wired or wireless connections. Processes the data from the tag that have been transmitted by the
reader.
9. (and any diagram drawn in class)
CHAPTER 8
Short Questions
ans: Unauthorized access, Errors, Tapping, Sniffin, Message alteration, Theft and fraud,
Radiation, Hacking, Malware, Theft and fraud, Vandalism, Denial-of-service attacks, Databases,
Theft of data, Copying data, Alteration of data, Hardware failure, Software failure.
ans: Large public networks, such as the Internet, are more vulnerable than internal networks
because they are virtually open to anyone. The Internet is so huge that when abuses do occur,
they can have an enormously widespread impact. When the Internet becomes part of the
corporate network, the organization’s information systems are even more vulnerable to actions
from outsiders. Telephone service based on Internet technology (see Chapter 7) is more
vulnerable than the switched voice network if it does not run over a secure private network. Most
Voice over IP (VoIP) traffic over the public Internet is not encrypted, so anyone with a network
can listen in on conversations. Hackers can intercept conversations or shut down voice service by
flooding servers supporting VoIP with bogus traffic. Vulnerability has also increased from
widespread use of e-mail, instant messaging (IM), and peer-to-peer file-sharing programs. E-mail
may contain attachments that serve as springboards for malicious software or unauthor- ized
access to internal corporate systems. Employees may use e-mail messages to transmit valuable
trade secrets, financial data, or confidential customer information to unauthorized recipients.
Popular IM applications for consumers do not use a secure layer for text messages, so they can
be intercepted and read by outsiders during transmission over the public Internet. Instant
messaging activity over the Internet can in some cases be used as a back door to an otherwise
secure network. Sharing files over peer-to-peer (P2P) networks, such as those for illegal music
sharing, may also transmit malicious software or expose information on either individual or
corporate computers to outsiders.
3. Define the followings: Computer Virus (340), Worms (341), Trojan horse (341), SQL
Injection Attacks (342), Spyware (343), Keyloggers (343), Hacker (343), Cracker (343),
Spoofing (343), Sniffer (343), DDoS (344), Identity Theft (344), Phishing (345), Evil Twins
(345), Pharming (346), Click Fraud (348), Social Engineering (349), Antivirus software
(361).
ans: A computer virus is a rogue software program that attaches itself to other software
programs or data files in order to be executed, usually without user knowledge or permission.
worms, which are independent computer programs that copy themselves from one computer to
other computers over a network.
A Trojan horse is a software program that appears to be benign but then does something other
than expected.
SQL injection attacks take advantage of vulnerabilities in poorly coded Web application
software to introduce malicious program code into a company’s systems and networks.
Some types of spyware also act as malicious software. These small programs install themselves
surreptitiously on computers to monitor user Web surfing activity and serve up advertising.
Keyloggers record every keystroke made on a computer to steal serial numbers for software, to
launch Internet attacks, to gain access to email accounts, to obtain passwords to protected
computer systems, or to pick up personal information such as credit card and or bank account
numbers.
The term cracker is typically used to denote a hacker with criminal intent.
Spoofing may also involve redirecting a Web link to an address different from the intended one,
with the site masquerading as the intended destination.
A sniffer is a type of eavesdropping program that monitors information traveling over a network.
In a denial-of-service (DoS) attack, hackers flood a network server or Web server with many
thousands of false communications or requests for services to crash the network.
Identity theft is a crime in which an imposter obtains key pieces of personal information.
Phishing involves setting up fake Web sites or sending e-mail messages that look like those of
legitimate businesses to ask users for confidential personal data.
Evil twins are wireless networks that pretend to offer trustworthy Wi-Fi connections to the
Internet.
Pharming redirects users to a bogus Web page, even when the individual types the correct Web
page.
Click fraud occurs when an individual or computer program fraudulently clicks on an online ad
without any intention of learning more about the advertiser or making a purchase.
Many employees forget their passwords to access computer systems or allow coworkers to use
them, which compromises the system. Malicious intruders seeking system access sometimes
trick employees into revealing their passwords by pretending to be legitimate members of the
company in need of information. This practice is called social engineering.
Antivirus software prevents, detects, and removes malware, including computer viruses,
computer worms, Trojan horses, spyware, and adware.
ans: Perpetrators of DDoS attacks often use thousands of “zombie” PCs infected with malicious
software without their owners’ knowledge and organized into a botnet.
Hackers create these botnets by infecting other people’s computers with bot malware that opens a
back door through which an attacker can give instructions. The infected computer then becomes
a slave, or zombie, serving a master computer belonging to someone else. Once hackers infect
enough computers, they can use the amassed resources of the botnet to launch DDoS attacks,
phishing campaigns, or unsolicited “spam” email.
Diagram:
5. What is Authentication (358)? Briefly describe different types of authentication methods.
(358, 359)
ans: To gain access to a system, a user must be authorized and authenticated. Authentication
refers to the ability to know that a person is who he or she claims to be.
A token is a physical device, similar to an identification card, that is designed to prove the
identity of a single user.
Biometric authentication uses systems that read and interpret individ- ual human traits, such as
fingerprints, irises, and voices, in order to grant or deny access.
ans: Encryption is the process of transforming plain text or data into cipher text that cannot be
read by anyone other than the sender and the intended receiver. Data are encrypted by using a
secret numerical code, called an encryption key, that transforms plain data into cipher text. The
message must be decrypted by the receiver. Two methods for encrypting network traffic on
the Web are SSL and S-HTTP.
A public key encryption system can be viewed as a series of public and private keys that lock
data when they are transmitted and unlock the data when they are received. The sender locates
the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in
encrypted form over the Internet or a private network. When the encrypted message arrives, the
recipient uses his or her private key to decrypt the data and read the message.
Diagram: check p-363 figure 8.6
ans: Firewalls prevent unauthorized users from accessing private networks. A firewall is a
combination of hardware and software that controls the flow of incoming and outgoing network
traffic.
Packet filtering examines selected fields in the headers of data packets flowing back and forth
between the trusted network and the Internet, examining individual packets in isolation. This
filtering technology can miss many types of attacks.
Stateful inspection provides additional security by determining whether packets are part of an
ongoing dialogue between a sender and a receiver. It sets up state tables to track information over
multiple packets. Packets are accepted or rejected based on whether they are part of an approved
conversation or whether they are attempting to establish a legitimate connection.
Network Address Translation (NAT) can provide another layer of protection when static packet
filtering and stateful inspection are employed. NAT conceals the IP addresses of the
organization’s internal host computer(s) to prevent sniffer programs outside the firewall from
ascertaining them and using that information to penetrate internal systems.
Application proxy filtering examines the application content of packets. A proxy server stops
data packets originating outside the organization, inspects them, and passes a proxy to the other
side of the firewall.
8. (and any diagram drawn in class)
BIG DATA(Ch- 4)
Case-1 (Page- 173)
Questions
ans: your behavior is being tracked, and you are being targeted on the Web as you move from
site to site in order to expose you to certain “targeted” ads. It’s Big Data’s dark side.
2. What is PLUS?
ans: Plus, Google’s social networking tool, knows about your friendships on Gmail, the places
you go on maps, and how you spend your time on the more than two million websites in
Google’s ad network. It is able to gather this information even though relatively few people use
Plus for their social network.
3. Is tracking anonymous?
ans: By tracking they can develop a very clear picture of who you are, and use that information
to show you ads that might be of interest to you. This would make the marketing process more
efficient, and more profitable for all the parties involved.
ans: While search engine marketing is arguably the most effective form of advertising in history,
untargeted banner display ad marketing is highly inefficient because it displays ads to everyone
regardless of their interests. As a result, these firms cannot charge much for display ads.
ans: You’re also being tracked closely when you use your mobile phone to access the Internet,
visit your Facebook page, get Twitter feeds, watch video, and listen to music.
6. Location data has extraordinary commercial value. Why?
ans: Location data gathered from cell phones has extraordinary commercial value because
advertising companies can send you highly targeted advertisements, coupons, and flash bargains,
based on where you are located. Both Apple’s iPhone and Google’s Android phones collect
personal, private location data, and both firms are building massive databases that can pinpoint
your location.
ans: Expect those eyes to follow your movements even more in the future as behavioral targeting
becomes even more precise. New software is being developed to help advertisers track users
across devices by establishing cross-screen identities.
Questions
ans: Manual tracking was time consuming and inaccurate, and the plant often lost track of tire
components altogether.
ans: Radio frequency identification (RFID) tags, AeroScout MobileView software, mobile
computers, and Global Data Sciences’ material inventory tracking system software.
ans: Continental found a solution in a new real-time location system based on a Wi-Fi wireless
network using radio frequency identification (RFID) tags.
4. What are the benefits the company got after solving the issue?
ans: The Sarreguemines tire factory has increased production from 33,000 to 38,000 tires per
day. Wastage of tire components has been reduced by 20 percent.
MONITORING EMPLOYEES (Ch- 7)
CASE- 3 (Page- 307)
Questions
1. Should managers monitor employee e-mail and Internet usage? Why or why not?
ans: Reason for monitoring: the loss of time, employee productivity, clogging network
connectivity, leakage of confidential information, adverse publicity and lawsuits.
Reason for not monitoring: invasion of privacy results in insecure, uncomfortable feelings, and
feelings of not being trusted.
2. Should managers inform employees that their Web behavior is being monitored? Or
should managers monitor secretly? Why or why not?
Important Notes:
(lec 8 - lec 12)