Unit 1
Reading 1:
2.1
-> 1. Larry Robert -> known as the founder of the Internet, developed the project
which was called ARPANET from its inception
-> 2. By means of badges, keys, and the facial recognition of authorized personnel
by security guards
-> 3. In 1987, It focused on a project undertaken by ARPA to discover the
vulnerabilities of operating system security
-> 4. When the MULTICS system implemented multiple security levels and
passwords, the UNIX system did not
-> 5. In 1990s, since its inception as a tool for sharing Defense Department
information
-> 6. The growing need to maintain national security eventually
-> 7. After the Internet was commercialized
-> 8. The growing threat of cyber attacks
Reading 2:
2.1
-> 1. Information security includes the broad areas of information security
management, computer and data security, and network security
-> 2. Because the threats to the confidentiality, integrity and availability growing to
be a vast collection of events
-> 3. Security is “the quality or state of being to be free from danger”
Information security as the protection of information and its critical elements,
including the systems and hardware that use, store, and transmit that information
->4. Information has 7 fundamental characteristics: availability, integrity,
possessions, confidentiality,
Utility, accuracy, authenticity
�5. since the development of the mainframe -> it is based on three characteristics of
information that give it value to organizations: confidentiality, integrity and
availability
6. physical security, personnel security, operations security, communications
security, network security and information security
7. attack: an intentional or unintentional act that can cause damage to or otherwise
compromise information and/or the systems that support it. Attacks can be active
or passive, intentional or unintentional, and direct or indirect
8. vulnerability is a weakness or fault in a system or protection mechanism that
opens it to attack or damage. Some examples of vulnerabilities are a flaw in a
software package, an unprotected system port, and an unlocked door
Reading 3:
Unit 2
Reading 1:
1. Because most software is licensed to a particular purchaser, its use is
restricted to a single user or to a designated user in an organization
2. Trojan horses
3. To damage, destroy, or deny service to the target systems
4. Virus, worm, Trojan horses, back door or trap door, …
5. IP is defined as “ the ownership of ideas and control over the tangible or
vitual representation of those ideas. Use of another person’s intellectual
property may or may not involve royalty payments or permission, but should
always include proper credit to the source. ”
6. An expert hacker is usually a master of sereval programming languages,
networking protocols, and operating systems and also exhibits a mastery of
the technical environment of the chosen targeted system
7. Hackers are “people who use and create computer software to gain access
to information illegally” . Two skill levels among hackers. The first is the
expert hacker, or elite hacker and the novice or unskilled hacker.
8. Is via e-mail attachment files
Reading 2:
1. Because employees use data in everyday activities to conduct the
organization’s business
� 2. Force of nature, human error or failure, information extortion, theft,
technical hardware failure or error, technical software failure or errors,
missing, inadequate, or incomplete organizational policy or planning,
missing, inadequate, or incomplete controls, sabotage or vandalism ad
technological and technological obsolescence
The biggest is human error or failure
3. Quite easily by means of a wide variety of measures, from locked doors to
trained security personnel and the installation of alarm systems
4. Because when someone steals a physical object, the loss is easily detected; if
it has any importance at all, its absence is noted. When electronic
information is stolen, the crime is not always readily apparent. If thieves are
clever and cover their tracks carefully, no one may ever know of the crime
until it is far too late
Reading 3:
1. A cracking attack is a component of many dictionary attacks. It is used when
a copy of the Security Account Manager (SAM) data file.
2. Is an attack in which a coordinate stream of requests is launched against a
target from many locations at the same time.
3. Since it is often used to obtain passwords to commonly used accounts.
4. Active web scripts with the intent to destroy or steal information. The
malicious code attack
5. Because very often the programmer who puts it in place also makes the
access exempt from the usual audit logging features of the system.
6. Because if attackers can narrow the fields of target accounts, they can devote
more time and resources to these accounts.
7. Because the attacker sends a large number of connection or information
requests to a target.
8. Is an identified weakness in a controlled system, where controls are not
present or are no longer effective.
�Reading 3 – attacks(1)
+> compromise : hòa giải , thỏa hiệp
+> accomplished
+> state-of-the-art
+> covert : giấu giếm
+> spyware : phần mềm gián điệp
+> elapsed time : thời gian đã trôi qua
+> preceded : trước đó
+> metaphor : ẩn dụ
+> perceived hostility : nhận thấy sự thù địch
Reading 4 – attacks(2)
+> forged : làm giả
+> hijacking attack : tấn công cướp máy bay
+> eavesdrop : nghe lén
+> divert data : chuyển hướng dữ liệu
+> unsolicited : không được yêu cầu
+> trivial nuisance : sự phiền toái nhỏ nhặt
+> sniffer : người bị nghẹt mũi, đánh hơi
+> hierarchy : hệ thống phân cấp
+> tactic : chiến thuật
+> cajole : nịnh hót
+> beg to sway
+> sprear phising : lừa đảo phát tán
+> pharming : dược phẩm ?
�Reading 4:
1. Phising is an attempt to gain personal or financial information from an
individual, posing as a legitimate entity. A variant is spear phising
2. By causing it to transform the legitimate host name into the invalid site’s IP
address
3. Threaten, cajole or beg
4. In the well-known man-in-the-middle or TCP hijacking
5. So that the invalid URL typed by users is modified to that of the illegitimate
6. Hackers use a variety of techniques to obtain trusted IP addresses, and then
modify the packet headers to insert these forged addresses
7. In the timing attack
UNIT 3
Reading 1:
1. A firewall in an information security program is similar to a building’s
firewall in that prevents specific types of information from moving between
the outside world, known as the untrusted network, and the inside world
known as the trusted network
(A firewall is an information security program is similar a building’s firewall
in that prevents specific types of information from moving between the
outside world – known as the unstrusted network)
2. The term firewall originally derive from a wall intended to confine a fire
within a line of adjacent buidings
3.
4. The functions of stateful filters are maintaining knowledge of specific
conversation between endpoints by remembering which port number the two IP
addresses are using at layer 4 (transport layer) of the OSI model for their
conversation, allowing examination of the overall exchange between the nodes
5. Firewall can be categorized by processing mode, development era, or
structure
6. The predecessors to firewall for network security are Second-generation
firewalls perform the work of their first-generation predecessors.
7. The most important benefit of application layer filtering is that can
understand certain applications and protocols ( such as FTP, HTTP, DNS )
� 8. The benefits of firewalls in aircraft and automobiles is an insulated metal
barrier that keeps the hot and dangerous moving parts of the motor separate
from the inflammable interior where the passengers sit
Reading 3:
1. Packet-filtering routers, screened host firewalls, dual-homed firewalls, and
screened subnet firewalls
2. Because many of these routers can be configured to reject packets that the
organization does not want to allow into the network
3. Screened host firewalls combine the packet-filtering router with a separate,
dedicated firewall, such as an application proxy server
4. SOCKS
t
�Unit 1: Reading 3
1. When it is in the same state in which it was created, placed, stored or
transferred
2. If information has been intentionally or unintentionally modified
3. When it is protected from disclosure or exposure to unauthorized individuals
or systems
4. 7 characteristics. They are availability, accuracy, authenticity,
confidentiality, integrity, possession, utility
5. Because the integrity of information is threatened
6. Because information is of no value or use if users cannot verify its integrity
7. When the information is exposed to corruption, damage, destruction, or
other disruption of its authentic state
8. A number of measures, including Information classification, Secure
document storage, application of general security policies, education of
information custodians and end user
UNIT 3:
Reading 2:
1. A commercial-grade firewall system consists of application software that
is configured for firewall application and run on a general-purpose
computer
2. Because the firewall rule sets are stored in nonvolatile memory
3. Most small office or residential-grade firewalls are either simplified
dedicated appliances running on computing devices or application
software installed directly on the user’s computer
4. One of the most effective methods of improving computing security in
the SOHO setting is by means of a SOHO or residential-grade firewall
5. Method of protecting the residential user is to install a software firewall
directly on the user’s system
6. They are operating systems
7. Because as more and more small businesses and residences obtain fast
Internet connections with digital subscriber lines (DSL) or cable modem
connections
Reading 1:
1. A firewall in an information security program is similar to a building’s
firewall in that it prevents specific types of information from moving
� between the outside world – known as the untrusted network (for
example, the Internet) and the inside world, known as the trusted network
2. The term firewall originally derive from a wall intended to confine a fire
within a line of adjacent buildings
3. A firewall in an information security program is similar to a building’s
firewall in that is prevents specific types of information from moving
between the outside world-known as the untrusted network and the inside
network – known as the trusted network
4. The most important benefit of application layer filtering is that can
understand certain applications and protocols ( such as File Transfer
Protocol – FTP, Domain Name System – DNS or Hypertext Transfer
Protocol - HTTP )
5. The benefit of firewalls in aircraft and automobiles is an insulated metal
barrier that keeps the hot and dangerous moving parts of the motor
separate from the inflammable interior where the passengers sit
3/3/2025
Unit 3: reading 2
1. The commercial-grade firewall system consists of application
software that is configured for the firewall application and run on a
general-purpose computer
2. Because the firewall rule sets are stored in nonvolatile memory
3. Most small office or residential-grade firewalls are either simplified
dedicated appliances running on computing devices or application
software installed directly on the user’s computer
4. One of the most effective methods of improving computing security in
the SOHO settings is by means of a SOHO or residential-grade
firewall.
5. Method of protecting the residential user is to install a software
firewall directly on the user’s system
6. They are operating systems
7. Because as more and more small businesses and residences obtain fast
Internet connections with digital subscriber lines (DSL) or cable
modem connections
Unit 3 – reading 2
� 1. A commercial-grade firewall system consists of application software
that is configured for the firewall application and run on a general
purpose-computer
2. Because the firewall rule sets are stored in nonvolatile memory
3. Most small office or residential-grade firewalls are either simplified
dedicated appliances running on computing devices or application
software installed directly on the user’s computer
4. The most effective methods of improving computing security in the
SOHO setting is by means of a SOHO or residential-grade firewall
5. Method for protecting the residential user is to install a software
firewall directly on the user’s system
6. They are operating systems
7. Because as more and more small businesses and residences obtain fast
Internet connections with digital subscriber lines (DSL) or cable
modem connections
Unit 3 – reading 1
1. A firewall in an information security program is similar to a building’s
firewall in that it prevents specific types of information from moving
between the outside world – known as untrusted network and the inside
world – known as trusted network
2. The term firewall originally derives from a wall intended to confine a fire
within a line of adjacent buildings
3. A firewall in an information security program is similar to a building’s
firewall in that it prevents specific types of information from moving
between the outside world – known as the untrusted network and the inside
world – known as the trusted network
4. The functions of stateful filters are maintaining knowledge of specific
conversations between endpoints by remembering which port number the
two IP addresses are using at layer 4 (transport layer) of the OSI model for
their conversation, allowing examination of the overall exchange between
the nodes
5. Firewalls can be categorized by processing mode, development era, or
structure
6. The predecessors to firewalls for network security are Second-generation
firewalls perform the work of their first-generation predecessors
� 7. The most important benefit of application layer filtering is that it can
understand certain applications and protocols (such as File Transfer Protocol
– FTP, Domain Name System – DNS or Hypertext Transfer Protocol -
HTTP)
8. The benefits of firewalls in aircraft and automobiles is an insulated metal
barrier that keeps the hot and dangerous moving parts of the motor separate
from the inflammable interior where the passengers sit
Unit 3 – reading 1
+> A firewall in an information security program is similar to building’s
firewall in that it prevents specific types of information moving between the
outside world – known as the untrusted network and the inside world – known
as the trusted network
+> Firewalls can be categorized by processing mode, development ear, or
structure
+> The benefits of firewalls in aircraft and automobiles is an insulated metal
barrier that keeps the hot and dangerous moving parts of the motor separate
from the inflammable interior where the passengers sit
