All Q and A

8/2/2019 All Q and A

1/29

1.

a)During the interview for a post as an IT security analyst for a large IT

corporation part of the interview process is to write a description of the role

of a penetration tester. Provide this description as if you were the

interviewee.

(13 marks)

A penetration test , occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have anauthorized means of accessing the organization's systems) and malicious insiders (who have somelevel of authorized access). The process involves an active analysis of the system for any potentialvulnerabilities that could result from poor or improper system configuration, both known andunknown hardware or software flaws, or operational weaknesses in process or technicalcountermeasures. This analysis is carried out from the position of a potential attacker and caninvolve active exploitation of security vulnerabilities.

Security issues uncovered through the penetration test are presented to the system's owner.Effective penetration tests will couple this information with an accurate assessment of the potentialimpacts to the organization and outline a range of technical and procedural countermeasures toreduce risks.

Penetration tests are valuable for several reasons:

1. Determining the feasibility of a particular set of attack vectors

2. Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence

3. Identifying vulnerabilities that may be difficult or impossible to detect with automatednetwork or application vulnerability scanning software

4. Assessing the magnitude of potential business and operational impacts of successful attacks

5. Testing the ability of network defenders to successfully detect and respond to the attacks

6. Providing evidence to support increased investments in security personnel and technology

b)Discuss the importance of having a well-written set of procedures and

policies with respect to network security.

(4 marks)

Many information policies in small businesses fail because they do not consider the importance of peopleas a key part of policy. It is not enough to focus on information technology itself. Procedures must becreated that respect your employees as they interact with any part of the information systems they areusing.


2/29

Communications PoliciesThe core step to implementing a successful information policy is ensuring that staff members understandthe steps they are taking as well as the reasons for taking those steps. If the employees believe your information security policies are too restrictive or that they are being treated as if their time and effort are notvalued, they will subvert the security system to ease their own workflow.

Password ImplementationPassword security policies should be set only as restrictive as they need to be. A password security policythat requires passwords be rotated too often or a policy that complicates passwords (such as requiringmixed case and numerals), can needlessly annoy staff and increase the likelihood of subversion. Staff members may write down their passwords in insecure locations or choose passwords that are too simplebecause they are unable to remember them.

Physical AccessComputers, networks and other information technology are only as secure as available physical access tothem. Nearly any commercial technology can have its security overridden by a knowledgeable person whohas the capability to modify its hardware.

Network interactionsYour networks should be separated into public and private zones. Information that is truly private shouldnever have physical connections to the Internet or any other public network. Users that must have acombination of public and private access, such as simultaneous connections to the Internet and to anIntranet, must choose not to copy, or be restricted from copying, files to their local computers.

Encryption All sensitive documents should be encrypted before they are stored on hard drives or sent over anynetwork. Encryption methods will fail if they are too onerous for your users, therefore your file should beencrypted automatically by the software being used.

c)An organisation does not have adequate and well-written procedures andpolicies to deal with things like access control, passwords and unauthorised

software download and use. Outline some of the problems that the

organisation will face and why it will be almost impossible to overcome

them.

(8 marks)

2.


3/29

a)Certain TCP ports are required to be open to allow services to work

across a distributed system. Unmanaged open ports can create a number

of security threats. Explain what some of these threats are and how they

may be mitigated (without closing the system down completely).(8 marks)

Once a hacker finds a computer with open ports they probe further to see if software behind each open port

contains buffer overflows, outdated software or misconfigurations.

If a hacker finds one of these vulnerabilities they may attack your computer. Here is a partial list of the

things a hacker could do to your computer if it has vulnerabilities:

1. View Your Passwords - If a hacker has access to your computer theymay have access to files stored on your computer where passwords are kept.

Sometimes passwords are stored in normal text and sometimes they are

encrypted. Either way, a hacker can probably crack the passwords you use on

your system so they can continue to access your computer.

If you access your company network from home then this becomes especially

dangerous. The passwords you type to access your company network may be

stored on your home PC. A hacker may be able to break into your corporate

network because your home PC was not secure.

2. Watch Everything You Do - If a hacker installs remote control softwarethen you are no longer safe. Remote control software allows a hacker to view

everything on your computer as you do. If you view your personal banking

information on your computer then so does the hacker. Also, remote control

software allows a hacker to record keystrokes typed into your computer. So your

passwords are no longer safe and should be changed.

3. Install a Zombie - Zombie software allows a hacker to "make" yourcomputer attack other computers on the Internet. Once Zombie software is

installed on your computer you will not know it is running. If Zombie software

were installed on your computer right now you could be attacking the website of

a large corporation. The corporation will trace the attack back to your computer

and you will plead ignorance. In European countries you are now liable for

damages to others if a hacker is using your computer for attack purposes.


4/29

4. Copy Files From Your Hard Drive - If you have network shares set toREAD for the group EVERYONE then a hacker may be able to copy your data. If

you have personal accounting data or confidential files on your computer then a

hacker may have already copied that data. Accounting software, word

processing, spreadsheet, and most applications don't use good password

encryption schemes. Most passwords for these applications can be cracked easily.

5. Copy Files To Your Hard Drive - If you have network shares set toREAD/WRITE for the group EVERYONE then a hacker may be able to copy files to

your computer. Why is that a problem? This is how hackers install remote control

software. Or they may decide to copy viruses to your computer, or ruin the

configuration of your computer,

-Firewall, Block unwanted ports and updating the security patches for

software (this will help to block the hacker from attacking on vulnerability inthe software through the ports they use), IDS, IPS

b)Explain the term port scanning and identify countermeasures that may

be used against port scanning techniques.

(5 marks)

A basic understanding of port scanning , what it is how it helps anattacker identify open ports and the services running on those ports.Once an attacker has a 'footprint' of an organisation they will move tothe second pre-attack phase, scanning. In the scanning phase theattacker will attempt to send probe packets to the targetorganisations IP address or addresses in an attempt to identify openports and the services running on those ports. Port scanning isanother important part of the process for an attacker as they need tofind out what is actually running on these ports so that they can tryto identify vulnerabilities. You should also know the terms fullconnect scan, half-open scan and stealth scan and how scans can beprevented using standard countermeasures firewalls, IDS, IPS etc.

For example, if the question were, what is a stealth scan? Your answer would include the following points, A stealth

scan is one that effectively does not complete the TCP 3-

way handshake , instead electing to send the initial SYN

and await the response . Should the response from the


5/29

target be SYN/ACK , the port is open , if not the port is

closed or filtered . The advantage to this type of scan is

that it will not be recorded in many application logs as

the connection was never made . The bold parts show

how to gain the marks for a question as they are making the

salient points.

c)What types of activities are considered to be footprinting and why is it

such an essential step during the steps to intrusion?

(6 marks)

Footprinting can be thought of as the first pre-attack phase duringthe steps to intrusion. Footprinting is the process of using (mainly)passive systematic intelligence gathering techniques which include acombination of digital and non-digital methods. These include surfingthe target organisation website, searching forums, digests, blogs and

job websites to identify technical or organisational structures withinthe target organisation. Non-digital techniques include readingnewspapers, magazines, job adverts or any other company literature.Less passive techniques would be anything type of social engineeringor perhaps deliberately applying for a job to probe the interviewersabout say a technical position and the skills required.

d)Denial of Service (DoS) attacks come in many different shapes and

forms. Give a brief outline of two types of DoS attack and why they are so

successful.

(6 marks)

Ping of death

Ping of death is caused by an attacker deliberately sending a ping packet,normally 64 bytes, that is larger than the 65,535 bytes. Many computer systems

cannot handle an IP packet larger than the maximum IP packet size of 65,535,

and often causes computer systems crash. It is illegal to send a ping packet of

size greater than 65,535, but a packet of such size can be sent if it is fragmented.


6/29

When a receiving computer reassembles the packet, a buffer overflow occurs,

which often causes computer to crash. This exploit has affected a wide variety of

systems including Unix, Linux, Mac, Windows and routers; but the fixes have

been applied since 1997 making this exploit mostly historical.

Ping of flood

Ping of flood is caused by an attacker overwhelming the victim's network with

ICMP Echo Request (ping) packets. This is a fairly easy attack to perform without

extensive network knowledge as many ping utilities support this operation. A

flood of ping traffic can consume significant bandwidth on low to mid-speed

networks bringing down a network to a crawl.

Smurf Attack

Smurf attach exploits the target by sending repeated ping request to broadcast

address of the target network. The ping request packet often uses forged IP

address (return address), which is the target site that is to receive the denial of

service attack. The result will be lots of ping replies flooding back to the innocent,

spoofed host. If number of hosts replying to the ping request is large enough, the

network will no longer be able to receive real traffic.

SYN Floods

When establishing a session between TCP client and server, a hand-shaking

message exchange occurs between a server and client. A session setup packet

contains a SYN field that identifies the sequence in the message exchange. An

attacker may send a flood of connection request and do not respond to the

replies, which leaves the request packets in the buffer so that legitimate

connection request can't be accommodated.

3.a)What does the CIA triangle mean and how does this model fit with the

principles of information/computer security that we understand?

(8 marks)

CIA is confidentiality , integrity and availability.


7/29

ConfidentialityConfidentiality refers to limiting information access and disclosure to authorized users -- "the right people" --

and preventing access by or disclosure to unauthorized ones -- "the wrong people."

Authentication methods like user-IDs and passwords, that uniquely identify data systems' users and control

access to data systems' resources, underpin the goal of confidentiality.

Confidentiality is related to the broader concept of data privacy -- limiting access to individuals' personal

information

IntegrityIntegrity refers to the trustworthiness of information resources.

It includes the concept of "data integrity" -- namely, that data have not been changed inappropriately,

whether by accident or deliberately malign activity. It also includes "origin" or "source integrity" -- that is, that

the data actually came from the person or entity you think it did, rather than an imposter.

Integrity can even include the notion that the person or entity in question entered the right information -- that

is, that the information reflected the actual circumstances (in statistics, this is the concept of "validity") and

that under the same circumstances would generate identical data (what statisticians call "reliability").On a more restrictive view, however, integrity of an information system includes only preservation without

corruption of whatever was transmitted or entered into the system, right or wrong.

Availability Availability refers, unsurprisingly, to the availability of information resources. An information system that is

not available when you need it is almost as bad as none at all. It may be much worse, depending on how

reliant the organization has become on a functioning computer and communications infrastructure.

Availability, like other aspects of security, may be affected by purely technical issues (e.g., a malfunctioning

part of a computer or communications device), natural phenomena (e.g., wind or water), or human causes

(accidental or deliberate).

While the relative risks associated with these categories depend on the particular context, the general rule is

that humans are the weakest link. (Again, that's why your ability and willingness to use our data systems

securely is critical.)

b)There are many techniques used to authenticate messages. With this in

mind, discuss the use of message digests in ensuring authenticity.

(3 marks)There are two terms that you should note here hash function and message digest. Hash function

is a one way mathematical function applied to a message. Result of the hash function is unique to

each message called Message Digest. A message digest is a single large number typically between

128 to 256 bits in length. Thus, we can have up to 2 256 different messages each having

a unique message digest associated with it. This gives rise to almost an

incalculable figure. We can safely assume that each different message

that can possibly be typed would have a unique message digest on


8/29

applying a hash function. A hash function is said to be one way because

we cannot go back to the original text on applying the hash function to a

message digest. Basically, the concept of hash function and message

digest is used to confirm the integrity of a message.

c)What is the difference between message integrity and non-repudiation

and is it sensible to compare them?

(4 marks)The message integrity is the validity of a transmitted message. It deals with methods that

ensure that the contents of a message have not been tampered with and altered. The most

common approach is to use a one-way hash function that combines all the bytes in the

message with a secret key and produces a message digest that is impossible to reverse.

Integrity checking is one component of an information security program.

Neither authentication nor integrity protections prevent replay attacks. A malicious user can capture asigned and encrypted message and post it multiple times. Therefore a party can repudiate having sent thesame message multiple times.

Making each message unique using timestamps and/or nonce addresses this and is therefore used for non-repudiation in combination with signing and encryption.

d)There are many alternatives to current IT systems that utilise passwords

as the only type of access mechanism. Discuss some of the alternatives to

using passwords and provide a justification for one in particular to be used

to replace a password only system.

(10 marks)

Section B

4.a)Describe a system that can facilitate a private network over public

infrastructure. Your description should include the advantages and

disadvantages of such a system. A diagram should be used in order to aid

your description.


9/29

(9 marks)

A Virtual Private Network (VPN) is a network technology that creates a secure

network connection over a public network such as the Internet or a private network

owned by a service provider.

Advantages of VPN

The Low Cost

One way a VPN lowers costs is by eliminating the need for expensive long-distance leased lines.

With VPNs, an organization needs only a relatively short dedicated connection to the service

provider. This connection could be a local leased line (much less expensive than a long-distance

one), or it could be a local broadband connection such as DSL service.

Another way VPNs reduce costs is by lessening the need for long-distance telephone charges for

remote access. Recall that to provide remote access service, VPN clients need only call into the

nearest service provider's access point. In some cases this may require a long distance call, but

in many cases a local call will suffice.

A third, more subtle way that VPNs may lower costs is through offloading of the support burden.With VPNs, the service provider rather than the organization must support dial-up access for

example. Service providers can in theory charge much less for their support than it costs a

company internally because the public provider's cost is shared amongst potentially thousands

of customers.

Scalability and VPNs

The cost to an organization of traditional leased lines may be reasonable at first but can increase

exponentially as the organization grows. A company with two branch offices, for example, can

deploy just one dedicated line to connect the two locations. If a third branch office needs to

come online, just two additional lines will be required to directly connect that location to theother two.

However, as an organization grows and more companies must be added to the network, the

number of leased lines required increases dramatically. Four branch offices require six lines for

full connectivity, five offices require ten lines, and so on. Mathematicans call this phenomenon a

combinatorial explosion , and in a traditional WAN this explosion limits the flexibility for growth.
http://homepages.uel.ac.uk/library/glossary/bldef-dsl.htmhttp://homepages.uel.ac.uk/library/glossary/bldef-dsl.htmhttp://homepages.uel.ac.uk/library/glossary/bldef-dsl.htmhttp://homepages.uel.ac.uk/library/glossary/bldef-dsl.htm


10/29

VPNs that utilize the Internet avoid this problem by simply tapping into the geographically-

distributed access already available.

Disadvantages of VPNs

With the hype that has surrounded VPNs historically, the potential pitfalls or "weak spots" in the

VPN model can be easy to forget. These four concerns with VPN solutions are often raised.

1. VPNs require an in-depth understanding of public network security issues and proper

deployment of precautions.

2. The availability and performance of an organization's wide-area VPN (over the Internet in

particular) depends on factors largely outside of their control.

3. VPN technologies from different vendors may not work well together due to immature

standards.

4. VPNs need to accomodate protocols other than IP and existing ("legacy") internal network

technology.

Generally speaking, these four factors comprise the "hidden costs" of a VPN solution. Whereas

VPN advocates tout cost savings as the primary advantage of this technology, detractors cite

hidden costs as the primary disadvantage of VPNs.

b)Illustrate how a system, as described above, can be implemented using

IPsec. A diagram should be used in order to aid your description.

(9 marks)

c)What is an Access Control List? Provide an example of an extended

ACL.

(4 marks)

The Cisco Access Control List (ACL) is are used for filtering traffic based on a

given filtering criteria on a router or switch interface. Based on the conditions

supplied by the ACL, a packet is allowed or blocked from further movement.

Extended Access Control Lists: Extended IP ACLs allow you to permit or deny

traffic from specific IP addresses to a specific destination IP address and port. It

also allows you to have granular control by specifying controls for different types

of protocols such as ICMP, TCP, UDP, etc within the ACL statements. Extended


11/29

IP ACLs range from 100 to 199. In Cisco IOS Software Release 12.0.1, extended

ACLs began to use additional numbers (2000 to 2699).

Example of Extended Access Lists :

access-list 110 permit tcp 92.128.2.0 0.0.0.255 any eq 80

d)Study the standard ACL below and explain its purpose. Which interface

was it applied to and in which direction.

Router(config)access-list 99 deny ip 192.168.14.1 0.0.0.255

Router(config)access-list 99 permit any

Router(config)int fa0/0Router(config-if))ip access-group 99 in

(3 marks)

5.

a)There are two main types of cryptography, describe each briefly before

comparing and contrasting them.

(9 marks)Symmetric cryptography uses the same secret (private) key to encrypt and decrypt its data

whereas asymmetric uses both a public and private key. Symmetric requires that the secret key

be known by the party encrypting the data and the party decrypting the data. Asymmetric

allows for distribution of your public key to anyone with which they can encrypt the data they

want to send securely and then it can only be decoded by the person having the private key.

This eliminates the need of having to give someone the secret key (as with symmetric

encryption) and risk having it compromised.

The issue with asymmetric is that it is about 1000 times slower than symmetric encryption

which makes it impractical when trying to encrypt large amounts of data. Also to get the same

security strength as symmetric, asymmetric must use strong a stronger key than symmetric.


12/29

b)Argue the advantages of using say DES over PGP for lots of short

messages and explain in outline why this is the case.

(9 marks)

DES has some basic advantages over asymmetric encryptiontechniques:

DES is well understood algorithm providing a clear picture of

where DES can and cannot be used.

Quick processing on the senders machine.

Wide availability DES is available for many platforms

Can be used to keep data on a network secure.

Often accepted by governmental organisations as a standard

for encryption

Asymmetric encryption in comparison to DES is often:

Slower to encrypt messages

Not good for large numbers of small messages

Not good for small numbers of very large messages

c)Explain how cryptography can help meet more than one of the principles

of computer security.

(7 marks)

Encryption in this instance providing confidentiality and integrity at the same

time .

Section A1.

a)What role do port numbers play at the transport layer with respect to the following

TCP services:

a.Telnet (3)

b.HTTP (3)


13/29

c.DNS (3)

d.SNMP (3)

Your answer should cover:

1.how the service operates,

2.what the designated port is for each service,

3.how the source and destination discriminate between multiple conversations from the

same source.

(3 marks per protocol, 1 mark for each of the points above)

(12 marks)

b)Why would an attacker footprint an organisation prior to attacking it?

(3 marks)Footprinting is the process of using (mainly) passive systematicintelligence gathering techniques which include a combination of digital and non-digital methods. These include surfing the targetorganisation website, searching forums, digests, blogs and jobwebsites to identify technical or organisational structures within thetarget organisation. Non-digital techniques include readingnewspapers, magazines, job adverts or any other company literature.Less passive techniques would be anything type of social engineeringor perhaps deliberately applying for a job to probe the interviewers

about say a technical position and the skills required.

2.

a)Explain what an amplification attack is and give an example of such an attack

including how it works and countermeasures that can be put in place against it.

(12 marks)

b)Define the term SQL injection and provide a simple example such an attack.

(7 marks)

c)Why might an attacker try to telnet to a URL even when they have no intention of

breaking into the system this way?


14/29

(6 marks)

3.

a)What does the CIA triangle mean and what mechanisms can be used to enforce

them?

(10 marks)

b)With respect to the following attacks, briefly describe each of the following before

providing a contemporary example:

i. Buffer Overflow Attack (5)

ii. Denial of Service Attack (5)

iii. XSS Attack (5)

(15 marks)

Section B

4.

a)Provide a brief description of the Computer Misuse Act 1990. For each of the three

sections, provide an example of an activity that would breach this legislation.

(9 marks)

b)Why is patching so important in terms of operating systems?

(2 marks)

c)How might a hacker find out what rules are in place in a firewall?


15/29

(3 marks)

d)Compare and contrast a NIDS to a host based IDS.

(11 marks)

5.

a)What are the two main types of cryptography? What are the advantages and

disadvantages of both?

(11 marks)

b)Wired networks are 'generally' considered to be more secure that wireless networks.Why is this the case.

(2 marks)

c)Two commonly used security protocols for WiFi are WEP and WPA. Describe each

protocol before highlighting any known vulnerability there may be in it. (You are not

expected to discuss complex algorithmic or cryptographic issues, merely to provide abrief outline of how the vulnerability affects the protocol.)

(12 marks)

Section A


16/29

1.

a)During the interview for a post as a IT security analyst for a large IT corporation. Part

of the interview process is to write a description of the steps to intrusion. Provide this

description as if you were the interviewee.

(13 marks)

b)Discuss the importance of a well-written Acceptable Use Policy as a technique in the

pursuit of network security.

(4 marks)

c)If the Acceptable Use Policy defines policy, what technical mechanisms are used to

enforce the policy?(8 marks)

2.

a)Umanaged TCP ports can create a number of security threats. Explain what some of

these threats are and how they may be mitigated.

(8 marks)

b)Examine the output from the scanning tool shown in Figure 1 and describe what

services are running and what security implications these may have for this particular

network.


17/29

Figure 1. Output of Scanning Tool

(7 marks)

c)Footprinting is considered to be the most challenging but possibly the most important

step during an attempt to carry out an intrusion. Critically discuss the above statement.

(6 marks)

d)Review the impact of the February 2007 attack on Internet DNS Root Servers. What

would be the impact on the Internet if all 13 DNS Root Servers were brought down by a

DoS attack?

(4 marks)

3.


18/29

a)What are the three principles of computer security and what mechanisms can be

used in achieving these principles?

(10 marks)

b)Explain the role of a digital signature in information security.

(3 marks)

c)What is the difference between Authentication and Identification?

(2 marks)

d)You are requested to write a report on password only security systems for your ITSecurity Manager (with a view to replacing them with something more secure).

Compare and contrast the alternatives to password only systems and select what you

think is most feasible as a replacement.

(10 marks)

Section B

4.

a)Describe how a Virtual Private Network (VPN) can be implemented using Secure

Socket Layer\ Transport Layer Security (SSL\TLS). A diagram should be used in order

to aid your description.

(9 marks)

b)Illustrate how a VPN, as described above, can be implemented using IPSec. A

diagram should be used in order to aid your description.

(9 marks)

c)What is an Access Control List? Provide an example of a standard ACL.


19/29

(2 marks)

d)Study the extended ACL below and explain its purpose.

access-list 101 permit tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 80

access-list 101 permit tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 443

access-list 101 deny ip 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0

(5 marks)

5.

a)Compare and contrast symmetric and asymmetric cryptography.

(10 marks)

b)Argue some of the advantages of using DES encryption over asymmetric encryption.

(10 marks)

c)Cryptography is generally considered to be the broadest security technique

available. Explain what this statement means with respect to the principles of

information security.

(5 marks)

Section A

1.

a)During the interview for a post as an IT security analyst for a large IT corporation part

of the interview process is to write a description of the role of a penetration tester.

Provide this description as if you were the interviewee.

(13 marks)


20/29

b)Discuss the importance of having a well-written set of procedures and policies with

respect to network security.

(4 marks)

c)An organisation does not have adequate and well-written procedures and policies to

deal with things like access control, passwords and unauthorised software download

and use. Outline some of the problems that the organisation will face and explain why it

will be almost impossible to overcome them.

(8 marks)

2.a)Unmanaged open ports can create a number of security threats.

What are some of these threats are and how might they may be mitigated?

(11 marks)

b)Critically discuss the term port scanning and identify countermeasures that may be

used against port scanning.

(9 marks)

c)Escalation of privileges during an attack is a commonly used technique. Explain what

this means and why an attacker would wish to escalate privileges.

(5 marks)

3.

a)What does the CIA triangle mean and how does this model fit with the principles of

information/computer security that we understand?

(10 marks)


21/29

b)Briefly describe the following computer access systems before comparing and

contrasting them: secure token , biometric, multi-modal biometric and hybrid.

(15 marks)

Section B

4.

a)Describe the UK legislation that prevents unauthorised access to computer systems.

Give examples of activities that would breach this legislation.

(9 marks)

b)Discuss the importance of keeping an operating system patched with up-to-date

security patches.

(2 marks)

c)What is the specific technique that a hacker may use to find out what rules are in

place in a firewall?(3 marks)

d)Critically discuss NIDS (Network Based Intrusion Detection Systems).

(11 marks)

5.

a)There are two main types of cryptography, describe each briefly before comparing

and contrasting them.

(10 marks)


22/29

b)Critically discuss 'codes' as a system for protecting systems as opposed to a cipher-

based security system.

(10 marks)

c)Explain how cryptography can help meet more than one of the principles of computer

security.

(5 marks)

1.

a)Write a description of the role of a penetration tester. Give consideration to the types

of thing that a penetration tester will be able to do steps to intrusion etc(13 marks)

b)Discuss the importance of having a well-written set of procedures and policies with

respect to network security. An example may be an Acceptable Use Policy (AUP).

(4 marks)

c)Outline some of the problems that an organisation will face if it does not haveadequate and well-written procedures and policies to deal with things like access

control, passwords and unauthorised software download and use. Explain why it will be

almost impossible to overcome them.

(8 marks)

2.

a)What are some of the threats posed by unmanaged ports and how might they may be

mitigated?

(11 marks)

b)What is port scanning and how can you prevent attackers scanning your network.


23/29

(9 marks)

c)Explain what it means to escalate privileges during an attack and why an attacker

would wish to escalate privileges.

(5 marks)

3.

a)Describe in detail what is meant by the CIA triangle.

(10 marks)

b)Briefly describe four computer access systems before comparing and contrasting

them.

(15 marks)

Section B

4.

a)The CMA 1990 prevents unauthorised access to a computer system. Describe this

Act and give some examples of activities would breach this legislation.

(9 marks)

b)Why is patching an operating system such an important job?

(2 marks)

c)Explain what it means to carry out firewalking?

(3 marks)

d)What is a NIDS (Network Based Intrusion Detection Systems)? How does it work?


24/29

(11 marks)

5.

a)Compare and contrast the two main types of cryptography.

(10 marks)

b)When might a code be a better choice than a cipher? Compare and contrast codes

and ciphers.

(10 marks)

c)How many principles of computer security can cryptography can help meet?

(5 marks)

1.

a)How would you describe the four steps to intrusion to a non-technical manager?

(12 marks)

b)Describe why a poorly written on non-existent Acceptable Use Policy will cause a

major problem for security.

(6 marks)

c)The Acceptable Use Policy defines policy, how is this policy therefore enforced?

(7 marks)


25/29

2.

a)Ports are an essential part of the way TCP works. Explain how ports facilitate

different communications for a single IP address.

(8 marks)

b)Examine the output from the scanning tool shown in Figure 1 and describe what

services are running and what security implications these may have for this particular

network.

Figure 1. Output of Scanning Tool

(7 marks)

c)Footprinting is considered to be the perhaps the most important step of intrusion. Why

is this the case?

(6 marks)


26/29

d)What would be the impact on the Internet if all of the DNS Root Servers had their

performance significantly impeded by a DoS attack?

(4 marks)

3.

a)The three principles of computer security are confidentiality, integrity and availability.

Describe each principle and provide an explanation of why trying to ensure one principle

can have an adverse affect on another.

(10 marks)

b)Give an example of a mechanism used to ensure the integrity of information.(3 marks)

c)What is the difference between Authentication and Authorisation?

(2 marks)

d)There are many techniques that can be used to crack passwords. Provide adescription of the different contemporary techniques an tools that may be used crack

passwords.

(10 marks)

Section B

4.

a)What exactly is a VPN and under what circumstances would an organisation decide to

implement a VPN?

(9 marks)


27/29

b)Give examples of two different technologies that can be used to implement a VPN.

(9 marks)

c)Explain the difference between a standard and extended Access Control List (ACL).

(2 marks)

d)Study the extended ACL below and explain its purpose.

access-list 101 deny tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 23

access-list 101 deny tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 21

access-list 101 permit ip 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0

(5 marks)

5.

a)Give examples of when you may decide to use asymmetric cryptography instead of

symmetric cryptography.

(10 marks)

A system that requires two seperate keys; One to lock (encrypt) and the other to unlock

(decrypt).

One key will be published (public) and the other will be kept private.It can work in two ways - 1 if the encryption key is public then the system will enable

private communication from the sender to the unlocking keys's owner. 2 if the decryption

key is public then the system verifies the signature of the documents locked by the

private keys owner.

How it works? For example, it is easy to compute the product of two given numbers, but it iscomputationally much harder to find the two factors given only their product. Given both the

product and one of the factors, it is easy to compute the second factor, which demonstrates the factthat the hard direction of the computation can be made easy when access to some secret key isgiven. The function used, the algorithm, is known universally. This knowledge does not enable thedecryption of the message. The only added information that is necessary and sufficient for decryption is the recipient's secret key.


28/29


29/29

c)Cryptography is a 'broad' tool that can be used to do more than just keep data

confidential. Describe some of these other characteristics.

(5 marks)

To reduce the size of data that needs to be transfered.

All Q and A

Documents

Transcript of All Q and A