~~X9~ I~-- · I~--".. c ..Q) 0" Q) a u E 0 -~ U) Q) 0 a ..~ Q)~ c ' a c U.->
All Q and A
-
Upload
mohamed-roshan -
Category
Documents
-
view
225 -
download
0
Transcript of All Q and A
-
8/2/2019 All Q and A
1/29
1.
a)During the interview for a post as an IT security analyst for a large IT
corporation part of the interview process is to write a description of the role
of a penetration tester. Provide this description as if you were the
interviewee.
(13 marks)
A penetration test , occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have anauthorized means of accessing the organization's systems) and malicious insiders (who have somelevel of authorized access). The process involves an active analysis of the system for any potentialvulnerabilities that could result from poor or improper system configuration, both known andunknown hardware or software flaws, or operational weaknesses in process or technicalcountermeasures. This analysis is carried out from the position of a potential attacker and caninvolve active exploitation of security vulnerabilities.
Security issues uncovered through the penetration test are presented to the system's owner.Effective penetration tests will couple this information with an accurate assessment of the potentialimpacts to the organization and outline a range of technical and procedural countermeasures toreduce risks.
Penetration tests are valuable for several reasons:
1. Determining the feasibility of a particular set of attack vectors
2. Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
3. Identifying vulnerabilities that may be difficult or impossible to detect with automatednetwork or application vulnerability scanning software
4. Assessing the magnitude of potential business and operational impacts of successful attacks
5. Testing the ability of network defenders to successfully detect and respond to the attacks
6. Providing evidence to support increased investments in security personnel and technology
b)Discuss the importance of having a well-written set of procedures and
policies with respect to network security.
(4 marks)
Many information policies in small businesses fail because they do not consider the importance of peopleas a key part of policy. It is not enough to focus on information technology itself. Procedures must becreated that respect your employees as they interact with any part of the information systems they areusing.
-
8/2/2019 All Q and A
2/29
Communications PoliciesThe core step to implementing a successful information policy is ensuring that staff members understandthe steps they are taking as well as the reasons for taking those steps. If the employees believe your information security policies are too restrictive or that they are being treated as if their time and effort are notvalued, they will subvert the security system to ease their own workflow.
Password ImplementationPassword security policies should be set only as restrictive as they need to be. A password security policythat requires passwords be rotated too often or a policy that complicates passwords (such as requiringmixed case and numerals), can needlessly annoy staff and increase the likelihood of subversion. Staff members may write down their passwords in insecure locations or choose passwords that are too simplebecause they are unable to remember them.
Physical AccessComputers, networks and other information technology are only as secure as available physical access tothem. Nearly any commercial technology can have its security overridden by a knowledgeable person whohas the capability to modify its hardware.
Network interactionsYour networks should be separated into public and private zones. Information that is truly private shouldnever have physical connections to the Internet or any other public network. Users that must have acombination of public and private access, such as simultaneous connections to the Internet and to anIntranet, must choose not to copy, or be restricted from copying, files to their local computers.
Encryption All sensitive documents should be encrypted before they are stored on hard drives or sent over anynetwork. Encryption methods will fail if they are too onerous for your users, therefore your file should beencrypted automatically by the software being used.
c)An organisation does not have adequate and well-written procedures andpolicies to deal with things like access control, passwords and unauthorised
software download and use. Outline some of the problems that the
organisation will face and why it will be almost impossible to overcome
them.
(8 marks)
2.
-
8/2/2019 All Q and A
3/29
a)Certain TCP ports are required to be open to allow services to work
across a distributed system. Unmanaged open ports can create a number
of security threats. Explain what some of these threats are and how they
may be mitigated (without closing the system down completely).(8 marks)
Once a hacker finds a computer with open ports they probe further to see if software behind each open port
contains buffer overflows, outdated software or misconfigurations.
If a hacker finds one of these vulnerabilities they may attack your computer. Here is a partial list of the
things a hacker could do to your computer if it has vulnerabilities:
1. View Your Passwords - If a hacker has access to your computer theymay have access to files stored on your computer where passwords are kept.
Sometimes passwords are stored in normal text and sometimes they are
encrypted. Either way, a hacker can probably crack the passwords you use on
your system so they can continue to access your computer.
If you access your company network from home then this becomes especially
dangerous. The passwords you type to access your company network may be
stored on your home PC. A hacker may be able to break into your corporate
network because your home PC was not secure.
2. Watch Everything You Do - If a hacker installs remote control softwarethen you are no longer safe. Remote control software allows a hacker to view
everything on your computer as you do. If you view your personal banking
information on your computer then so does the hacker. Also, remote control
software allows a hacker to record keystrokes typed into your computer. So your
passwords are no longer safe and should be changed.
3. Install a Zombie - Zombie software allows a hacker to "make" yourcomputer attack other computers on the Internet. Once Zombie software is
installed on your computer you will not know it is running. If Zombie software
were installed on your computer right now you could be attacking the website of
a large corporation. The corporation will trace the attack back to your computer
and you will plead ignorance. In European countries you are now liable for
damages to others if a hacker is using your computer for attack purposes.
-
8/2/2019 All Q and A
4/29
4. Copy Files From Your Hard Drive - If you have network shares set toREAD for the group EVERYONE then a hacker may be able to copy your data. If
you have personal accounting data or confidential files on your computer then a
hacker may have already copied that data. Accounting software, word
processing, spreadsheet, and most applications don't use good password
encryption schemes. Most passwords for these applications can be cracked easily.
5. Copy Files To Your Hard Drive - If you have network shares set toREAD/WRITE for the group EVERYONE then a hacker may be able to copy files to
your computer. Why is that a problem? This is how hackers install remote control
software. Or they may decide to copy viruses to your computer, or ruin the
configuration of your computer,
-Firewall, Block unwanted ports and updating the security patches for
software (this will help to block the hacker from attacking on vulnerability inthe software through the ports they use), IDS, IPS
b)Explain the term port scanning and identify countermeasures that may
be used against port scanning techniques.
(5 marks)
A basic understanding of port scanning , what it is how it helps anattacker identify open ports and the services running on those ports.Once an attacker has a 'footprint' of an organisation they will move tothe second pre-attack phase, scanning. In the scanning phase theattacker will attempt to send probe packets to the targetorganisations IP address or addresses in an attempt to identify openports and the services running on those ports. Port scanning isanother important part of the process for an attacker as they need tofind out what is actually running on these ports so that they can tryto identify vulnerabilities. You should also know the terms fullconnect scan, half-open scan and stealth scan and how scans can beprevented using standard countermeasures firewalls, IDS, IPS etc.
For example, if the question were, what is a stealth scan? Your answer would include the following points, A stealth
scan is one that effectively does not complete the TCP 3-
way handshake , instead electing to send the initial SYN
and await the response . Should the response from the
-
8/2/2019 All Q and A
5/29
target be SYN/ACK , the port is open , if not the port is
closed or filtered . The advantage to this type of scan is
that it will not be recorded in many application logs as
the connection was never made . The bold parts show
how to gain the marks for a question as they are making the
salient points.
c)What types of activities are considered to be footprinting and why is it
such an essential step during the steps to intrusion?
(6 marks)
Footprinting can be thought of as the first pre-attack phase duringthe steps to intrusion. Footprinting is the process of using (mainly)passive systematic intelligence gathering techniques which include acombination of digital and non-digital methods. These include surfingthe target organisation website, searching forums, digests, blogs and
job websites to identify technical or organisational structures withinthe target organisation. Non-digital techniques include readingnewspapers, magazines, job adverts or any other company literature.Less passive techniques would be anything type of social engineeringor perhaps deliberately applying for a job to probe the interviewersabout say a technical position and the skills required.
d)Denial of Service (DoS) attacks come in many different shapes and
forms. Give a brief outline of two types of DoS attack and why they are so
successful.
(6 marks)
Ping of death
Ping of death is caused by an attacker deliberately sending a ping packet,normally 64 bytes, that is larger than the 65,535 bytes. Many computer systems
cannot handle an IP packet larger than the maximum IP packet size of 65,535,
and often causes computer systems crash. It is illegal to send a ping packet of
size greater than 65,535, but a packet of such size can be sent if it is fragmented.
-
8/2/2019 All Q and A
6/29
When a receiving computer reassembles the packet, a buffer overflow occurs,
which often causes computer to crash. This exploit has affected a wide variety of
systems including Unix, Linux, Mac, Windows and routers; but the fixes have
been applied since 1997 making this exploit mostly historical.
Ping of flood
Ping of flood is caused by an attacker overwhelming the victim's network with
ICMP Echo Request (ping) packets. This is a fairly easy attack to perform without
extensive network knowledge as many ping utilities support this operation. A
flood of ping traffic can consume significant bandwidth on low to mid-speed
networks bringing down a network to a crawl.
Smurf Attack
Smurf attach exploits the target by sending repeated ping request to broadcast
address of the target network. The ping request packet often uses forged IP
address (return address), which is the target site that is to receive the denial of
service attack. The result will be lots of ping replies flooding back to the innocent,
spoofed host. If number of hosts replying to the ping request is large enough, the
network will no longer be able to receive real traffic.
SYN Floods
When establishing a session between TCP client and server, a hand-shaking
message exchange occurs between a server and client. A session setup packet
contains a SYN field that identifies the sequence in the message exchange. An
attacker may send a flood of connection request and do not respond to the
replies, which leaves the request packets in the buffer so that legitimate
connection request can't be accommodated.
3.a)What does the CIA triangle mean and how does this model fit with the
principles of information/computer security that we understand?
(8 marks)
CIA is confidentiality , integrity and availability.
-
8/2/2019 All Q and A
7/29
ConfidentialityConfidentiality refers to limiting information access and disclosure to authorized users -- "the right people" --
and preventing access by or disclosure to unauthorized ones -- "the wrong people."
Authentication methods like user-IDs and passwords, that uniquely identify data systems' users and control
access to data systems' resources, underpin the goal of confidentiality.
Confidentiality is related to the broader concept of data privacy -- limiting access to individuals' personal
information
IntegrityIntegrity refers to the trustworthiness of information resources.
It includes the concept of "data integrity" -- namely, that data have not been changed inappropriately,
whether by accident or deliberately malign activity. It also includes "origin" or "source integrity" -- that is, that
the data actually came from the person or entity you think it did, rather than an imposter.
Integrity can even include the notion that the person or entity in question entered the right information -- that
is, that the information reflected the actual circumstances (in statistics, this is the concept of "validity") and
that under the same circumstances would generate identical data (what statisticians call "reliability").On a more restrictive view, however, integrity of an information system includes only preservation without
corruption of whatever was transmitted or entered into the system, right or wrong.
Availability Availability refers, unsurprisingly, to the availability of information resources. An information system that is
not available when you need it is almost as bad as none at all. It may be much worse, depending on how
reliant the organization has become on a functioning computer and communications infrastructure.
Availability, like other aspects of security, may be affected by purely technical issues (e.g., a malfunctioning
part of a computer or communications device), natural phenomena (e.g., wind or water), or human causes
(accidental or deliberate).
While the relative risks associated with these categories depend on the particular context, the general rule is
that humans are the weakest link. (Again, that's why your ability and willingness to use our data systems
securely is critical.)
b)There are many techniques used to authenticate messages. With this in
mind, discuss the use of message digests in ensuring authenticity.
(3 marks)There are two terms that you should note here hash function and message digest. Hash function
is a one way mathematical function applied to a message. Result of the hash function is unique to
each message called Message Digest. A message digest is a single large number typically between
128 to 256 bits in length. Thus, we can have up to 2 256 different messages each having
a unique message digest associated with it. This gives rise to almost an
incalculable figure. We can safely assume that each different message
that can possibly be typed would have a unique message digest on
-
8/2/2019 All Q and A
8/29
applying a hash function. A hash function is said to be one way because
we cannot go back to the original text on applying the hash function to a
message digest. Basically, the concept of hash function and message
digest is used to confirm the integrity of a message.
c)What is the difference between message integrity and non-repudiation
and is it sensible to compare them?
(4 marks)The message integrity is the validity of a transmitted message. It deals with methods that
ensure that the contents of a message have not been tampered with and altered. The most
common approach is to use a one-way hash function that combines all the bytes in the
message with a secret key and produces a message digest that is impossible to reverse.
Integrity checking is one component of an information security program.
Neither authentication nor integrity protections prevent replay attacks. A malicious user can capture asigned and encrypted message and post it multiple times. Therefore a party can repudiate having sent thesame message multiple times.
Making each message unique using timestamps and/or nonce addresses this and is therefore used for non-repudiation in combination with signing and encryption.
d)There are many alternatives to current IT systems that utilise passwords
as the only type of access mechanism. Discuss some of the alternatives to
using passwords and provide a justification for one in particular to be used
to replace a password only system.
(10 marks)
Section B
4.a)Describe a system that can facilitate a private network over public
infrastructure. Your description should include the advantages and
disadvantages of such a system. A diagram should be used in order to aid
your description.
-
8/2/2019 All Q and A
9/29
(9 marks)
A Virtual Private Network (VPN) is a network technology that creates a secure
network connection over a public network such as the Internet or a private network
owned by a service provider.
Advantages of VPN
The Low Cost
One way a VPN lowers costs is by eliminating the need for expensive long-distance leased lines.
With VPNs, an organization needs only a relatively short dedicated connection to the service
provider. This connection could be a local leased line (much less expensive than a long-distance
one), or it could be a local broadband connection such as DSL service.
Another way VPNs reduce costs is by lessening the need for long-distance telephone charges for
remote access. Recall that to provide remote access service, VPN clients need only call into the
nearest service provider's access point. In some cases this may require a long distance call, but
in many cases a local call will suffice.
A third, more subtle way that VPNs may lower costs is through offloading of the support burden.With VPNs, the service provider rather than the organization must support dial-up access for
example. Service providers can in theory charge much less for their support than it costs a
company internally because the public provider's cost is shared amongst potentially thousands
of customers.
Scalability and VPNs
The cost to an organization of traditional leased lines may be reasonable at first but can increase
exponentially as the organization grows. A company with two branch offices, for example, can
deploy just one dedicated line to connect the two locations. If a third branch office needs to
come online, just two additional lines will be required to directly connect that location to theother two.
However, as an organization grows and more companies must be added to the network, the
number of leased lines required increases dramatically. Four branch offices require six lines for
full connectivity, five offices require ten lines, and so on. Mathematicans call this phenomenon a
combinatorial explosion , and in a traditional WAN this explosion limits the flexibility for growth.
http://homepages.uel.ac.uk/library/glossary/bldef-dsl.htmhttp://homepages.uel.ac.uk/library/glossary/bldef-dsl.htmhttp://homepages.uel.ac.uk/library/glossary/bldef-dsl.htmhttp://homepages.uel.ac.uk/library/glossary/bldef-dsl.htm -
8/2/2019 All Q and A
10/29
VPNs that utilize the Internet avoid this problem by simply tapping into the geographically-
distributed access already available.
Disadvantages of VPNs
With the hype that has surrounded VPNs historically, the potential pitfalls or "weak spots" in the
VPN model can be easy to forget. These four concerns with VPN solutions are often raised.
1. VPNs require an in-depth understanding of public network security issues and proper
deployment of precautions.
2. The availability and performance of an organization's wide-area VPN (over the Internet in
particular) depends on factors largely outside of their control.
3. VPN technologies from different vendors may not work well together due to immature
standards.
4. VPNs need to accomodate protocols other than IP and existing ("legacy") internal network
technology.
Generally speaking, these four factors comprise the "hidden costs" of a VPN solution. Whereas
VPN advocates tout cost savings as the primary advantage of this technology, detractors cite
hidden costs as the primary disadvantage of VPNs.
b)Illustrate how a system, as described above, can be implemented using
IPsec. A diagram should be used in order to aid your description.
(9 marks)
c)What is an Access Control List? Provide an example of an extended
ACL.
(4 marks)
The Cisco Access Control List (ACL) is are used for filtering traffic based on a
given filtering criteria on a router or switch interface. Based on the conditions
supplied by the ACL, a packet is allowed or blocked from further movement.
Extended Access Control Lists: Extended IP ACLs allow you to permit or deny
traffic from specific IP addresses to a specific destination IP address and port. It
also allows you to have granular control by specifying controls for different types
of protocols such as ICMP, TCP, UDP, etc within the ACL statements. Extended
-
8/2/2019 All Q and A
11/29
IP ACLs range from 100 to 199. In Cisco IOS Software Release 12.0.1, extended
ACLs began to use additional numbers (2000 to 2699).
Example of Extended Access Lists :
access-list 110 permit tcp 92.128.2.0 0.0.0.255 any eq 80
d)Study the standard ACL below and explain its purpose. Which interface
was it applied to and in which direction.
Router(config)access-list 99 deny ip 192.168.14.1 0.0.0.255
Router(config)access-list 99 permit any
Router(config)int fa0/0Router(config-if))ip access-group 99 in
(3 marks)
5.
a)There are two main types of cryptography, describe each briefly before
comparing and contrasting them.
(9 marks)Symmetric cryptography uses the same secret (private) key to encrypt and decrypt its data
whereas asymmetric uses both a public and private key. Symmetric requires that the secret key
be known by the party encrypting the data and the party decrypting the data. Asymmetric
allows for distribution of your public key to anyone with which they can encrypt the data they
want to send securely and then it can only be decoded by the person having the private key.
This eliminates the need of having to give someone the secret key (as with symmetric
encryption) and risk having it compromised.
The issue with asymmetric is that it is about 1000 times slower than symmetric encryption
which makes it impractical when trying to encrypt large amounts of data. Also to get the same
security strength as symmetric, asymmetric must use strong a stronger key than symmetric.
-
8/2/2019 All Q and A
12/29
b)Argue the advantages of using say DES over PGP for lots of short
messages and explain in outline why this is the case.
(9 marks)
DES has some basic advantages over asymmetric encryptiontechniques:
DES is well understood algorithm providing a clear picture of
where DES can and cannot be used.
Quick processing on the senders machine.
Wide availability DES is available for many platforms
Can be used to keep data on a network secure.
Often accepted by governmental organisations as a standard
for encryption
Asymmetric encryption in comparison to DES is often:
Slower to encrypt messages
Not good for large numbers of small messages
Not good for small numbers of very large messages
c)Explain how cryptography can help meet more than one of the principles
of computer security.
(7 marks)
Encryption in this instance providing confidentiality and integrity at the same
time .
Section A1.
a)What role do port numbers play at the transport layer with respect to the following
TCP services:
a.Telnet (3)
b.HTTP (3)
-
8/2/2019 All Q and A
13/29
c.DNS (3)
d.SNMP (3)
Your answer should cover:
1.how the service operates,
2.what the designated port is for each service,
3.how the source and destination discriminate between multiple conversations from the
same source.
(3 marks per protocol, 1 mark for each of the points above)
(12 marks)
b)Why would an attacker footprint an organisation prior to attacking it?
(3 marks)Footprinting is the process of using (mainly) passive systematicintelligence gathering techniques which include a combination of digital and non-digital methods. These include surfing the targetorganisation website, searching forums, digests, blogs and jobwebsites to identify technical or organisational structures within thetarget organisation. Non-digital techniques include readingnewspapers, magazines, job adverts or any other company literature.Less passive techniques would be anything type of social engineeringor perhaps deliberately applying for a job to probe the interviewers
about say a technical position and the skills required.
2.
a)Explain what an amplification attack is and give an example of such an attack
including how it works and countermeasures that can be put in place against it.
(12 marks)
b)Define the term SQL injection and provide a simple example such an attack.
(7 marks)
c)Why might an attacker try to telnet to a URL even when they have no intention of
breaking into the system this way?
-
8/2/2019 All Q and A
14/29
(6 marks)
3.
a)What does the CIA triangle mean and what mechanisms can be used to enforce
them?
(10 marks)
b)With respect to the following attacks, briefly describe each of the following before
providing a contemporary example:
i. Buffer Overflow Attack (5)
ii. Denial of Service Attack (5)
iii. XSS Attack (5)
(15 marks)
Section B
4.
a)Provide a brief description of the Computer Misuse Act 1990. For each of the three
sections, provide an example of an activity that would breach this legislation.
(9 marks)
b)Why is patching so important in terms of operating systems?
(2 marks)
c)How might a hacker find out what rules are in place in a firewall?
-
8/2/2019 All Q and A
15/29
(3 marks)
d)Compare and contrast a NIDS to a host based IDS.
(11 marks)
5.
a)What are the two main types of cryptography? What are the advantages and
disadvantages of both?
(11 marks)
b)Wired networks are 'generally' considered to be more secure that wireless networks.Why is this the case.
(2 marks)
c)Two commonly used security protocols for WiFi are WEP and WPA. Describe each
protocol before highlighting any known vulnerability there may be in it. (You are not
expected to discuss complex algorithmic or cryptographic issues, merely to provide abrief outline of how the vulnerability affects the protocol.)
(12 marks)
Section A
-
8/2/2019 All Q and A
16/29
1.
a)During the interview for a post as a IT security analyst for a large IT corporation. Part
of the interview process is to write a description of the steps to intrusion. Provide this
description as if you were the interviewee.
(13 marks)
b)Discuss the importance of a well-written Acceptable Use Policy as a technique in the
pursuit of network security.
(4 marks)
c)If the Acceptable Use Policy defines policy, what technical mechanisms are used to
enforce the policy?(8 marks)
2.
a)Umanaged TCP ports can create a number of security threats. Explain what some of
these threats are and how they may be mitigated.
(8 marks)
b)Examine the output from the scanning tool shown in Figure 1 and describe what
services are running and what security implications these may have for this particular
network.
-
8/2/2019 All Q and A
17/29
Figure 1. Output of Scanning Tool
(7 marks)
c)Footprinting is considered to be the most challenging but possibly the most important
step during an attempt to carry out an intrusion. Critically discuss the above statement.
(6 marks)
d)Review the impact of the February 2007 attack on Internet DNS Root Servers. What
would be the impact on the Internet if all 13 DNS Root Servers were brought down by a
DoS attack?
(4 marks)
3.
-
8/2/2019 All Q and A
18/29
a)What are the three principles of computer security and what mechanisms can be
used in achieving these principles?
(10 marks)
b)Explain the role of a digital signature in information security.
(3 marks)
c)What is the difference between Authentication and Identification?
(2 marks)
d)You are requested to write a report on password only security systems for your ITSecurity Manager (with a view to replacing them with something more secure).
Compare and contrast the alternatives to password only systems and select what you
think is most feasible as a replacement.
(10 marks)
Section B
4.
a)Describe how a Virtual Private Network (VPN) can be implemented using Secure
Socket Layer\ Transport Layer Security (SSL\TLS). A diagram should be used in order
to aid your description.
(9 marks)
b)Illustrate how a VPN, as described above, can be implemented using IPSec. A
diagram should be used in order to aid your description.
(9 marks)
c)What is an Access Control List? Provide an example of a standard ACL.
-
8/2/2019 All Q and A
19/29
(2 marks)
d)Study the extended ACL below and explain its purpose.
access-list 101 permit tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 80
access-list 101 permit tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 443
access-list 101 deny ip 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0
(5 marks)
5.
a)Compare and contrast symmetric and asymmetric cryptography.
(10 marks)
b)Argue some of the advantages of using DES encryption over asymmetric encryption.
(10 marks)
c)Cryptography is generally considered to be the broadest security technique
available. Explain what this statement means with respect to the principles of
information security.
(5 marks)
Section A
1.
a)During the interview for a post as an IT security analyst for a large IT corporation part
of the interview process is to write a description of the role of a penetration tester.
Provide this description as if you were the interviewee.
(13 marks)
-
8/2/2019 All Q and A
20/29
b)Discuss the importance of having a well-written set of procedures and policies with
respect to network security.
(4 marks)
c)An organisation does not have adequate and well-written procedures and policies to
deal with things like access control, passwords and unauthorised software download
and use. Outline some of the problems that the organisation will face and explain why it
will be almost impossible to overcome them.
(8 marks)
2.a)Unmanaged open ports can create a number of security threats.
What are some of these threats are and how might they may be mitigated?
(11 marks)
b)Critically discuss the term port scanning and identify countermeasures that may be
used against port scanning.
(9 marks)
c)Escalation of privileges during an attack is a commonly used technique. Explain what
this means and why an attacker would wish to escalate privileges.
(5 marks)
3.
a)What does the CIA triangle mean and how does this model fit with the principles of
information/computer security that we understand?
(10 marks)
-
8/2/2019 All Q and A
21/29
b)Briefly describe the following computer access systems before comparing and
contrasting them: secure token , biometric, multi-modal biometric and hybrid.
(15 marks)
Section B
4.
a)Describe the UK legislation that prevents unauthorised access to computer systems.
Give examples of activities that would breach this legislation.
(9 marks)
b)Discuss the importance of keeping an operating system patched with up-to-date
security patches.
(2 marks)
c)What is the specific technique that a hacker may use to find out what rules are in
place in a firewall?(3 marks)
d)Critically discuss NIDS (Network Based Intrusion Detection Systems).
(11 marks)
5.
a)There are two main types of cryptography, describe each briefly before comparing
and contrasting them.
(10 marks)
-
8/2/2019 All Q and A
22/29
b)Critically discuss 'codes' as a system for protecting systems as opposed to a cipher-
based security system.
(10 marks)
c)Explain how cryptography can help meet more than one of the principles of computer
security.
(5 marks)
1.
a)Write a description of the role of a penetration tester. Give consideration to the types
of thing that a penetration tester will be able to do steps to intrusion etc(13 marks)
b)Discuss the importance of having a well-written set of procedures and policies with
respect to network security. An example may be an Acceptable Use Policy (AUP).
(4 marks)
c)Outline some of the problems that an organisation will face if it does not haveadequate and well-written procedures and policies to deal with things like access
control, passwords and unauthorised software download and use. Explain why it will be
almost impossible to overcome them.
(8 marks)
2.
a)What are some of the threats posed by unmanaged ports and how might they may be
mitigated?
(11 marks)
b)What is port scanning and how can you prevent attackers scanning your network.
-
8/2/2019 All Q and A
23/29
(9 marks)
c)Explain what it means to escalate privileges during an attack and why an attacker
would wish to escalate privileges.
(5 marks)
3.
a)Describe in detail what is meant by the CIA triangle.
(10 marks)
b)Briefly describe four computer access systems before comparing and contrasting
them.
(15 marks)
Section B
4.
a)The CMA 1990 prevents unauthorised access to a computer system. Describe this
Act and give some examples of activities would breach this legislation.
(9 marks)
b)Why is patching an operating system such an important job?
(2 marks)
c)Explain what it means to carry out firewalking?
(3 marks)
d)What is a NIDS (Network Based Intrusion Detection Systems)? How does it work?
-
8/2/2019 All Q and A
24/29
(11 marks)
5.
a)Compare and contrast the two main types of cryptography.
(10 marks)
b)When might a code be a better choice than a cipher? Compare and contrast codes
and ciphers.
(10 marks)
c)How many principles of computer security can cryptography can help meet?
(5 marks)
1.
a)How would you describe the four steps to intrusion to a non-technical manager?
(12 marks)
b)Describe why a poorly written on non-existent Acceptable Use Policy will cause a
major problem for security.
(6 marks)
c)The Acceptable Use Policy defines policy, how is this policy therefore enforced?
(7 marks)
-
8/2/2019 All Q and A
25/29
2.
a)Ports are an essential part of the way TCP works. Explain how ports facilitate
different communications for a single IP address.
(8 marks)
b)Examine the output from the scanning tool shown in Figure 1 and describe what
services are running and what security implications these may have for this particular
network.
Figure 1. Output of Scanning Tool
(7 marks)
c)Footprinting is considered to be the perhaps the most important step of intrusion. Why
is this the case?
(6 marks)
-
8/2/2019 All Q and A
26/29
d)What would be the impact on the Internet if all of the DNS Root Servers had their
performance significantly impeded by a DoS attack?
(4 marks)
3.
a)The three principles of computer security are confidentiality, integrity and availability.
Describe each principle and provide an explanation of why trying to ensure one principle
can have an adverse affect on another.
(10 marks)
b)Give an example of a mechanism used to ensure the integrity of information.(3 marks)
c)What is the difference between Authentication and Authorisation?
(2 marks)
d)There are many techniques that can be used to crack passwords. Provide adescription of the different contemporary techniques an tools that may be used crack
passwords.
(10 marks)
Section B
4.
a)What exactly is a VPN and under what circumstances would an organisation decide to
implement a VPN?
(9 marks)
-
8/2/2019 All Q and A
27/29
b)Give examples of two different technologies that can be used to implement a VPN.
(9 marks)
c)Explain the difference between a standard and extended Access Control List (ACL).
(2 marks)
d)Study the extended ACL below and explain its purpose.
access-list 101 deny tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 23
access-list 101 deny tcp 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0 eq 21
access-list 101 permit ip 0.0.0.0 255.255.255.255 192.168.35.1 0.0.0.0
(5 marks)
5.
a)Give examples of when you may decide to use asymmetric cryptography instead of
symmetric cryptography.
(10 marks)
A system that requires two seperate keys; One to lock (encrypt) and the other to unlock
(decrypt).
One key will be published (public) and the other will be kept private.It can work in two ways - 1 if the encryption key is public then the system will enable
private communication from the sender to the unlocking keys's owner. 2 if the decryption
key is public then the system verifies the signature of the documents locked by the
private keys owner.
How it works? For example, it is easy to compute the product of two given numbers, but it iscomputationally much harder to find the two factors given only their product. Given both the
product and one of the factors, it is easy to compute the second factor, which demonstrates the factthat the hard direction of the computation can be made easy when access to some secret key isgiven. The function used, the algorithm, is known universally. This knowledge does not enable thedecryption of the message. The only added information that is necessary and sufficient for decryption is the recipient's secret key.
-
8/2/2019 All Q and A
28/29
-
8/2/2019 All Q and A
29/29
c)Cryptography is a 'broad' tool that can be used to do more than just keep data
confidential. Describe some of these other characteristics.
(5 marks)
To reduce the size of data that needs to be transfered.