Chapter 8

Question 1

What is the importance behind information security?

Answer 1

Keep information safe

Control access to authorized people only

Question 2

What are physical aspects of security?

Answer 2

lock doors

maintain control of devices

Question 3

What are some aspects of online security?

Answer 3

Secure assembly language
Secure operating system
Secure network

Question 4

Are threats online more or less dangerous than threats to physical items?

Answer 4

Online threats are often more dangerous

Question 5

What are hackers generally after

Answer 5

easily accessible data

Question 6

What is the purpose of identification?

Answer 6

establishing identity

Question 7

What two pieces of information are generally required for authentication

Answer 7

Usernames and Passwords

Question 8

How are password files usually secured

Answer 8

Using a hash function and one way encryption

Question 9

What is an example of a hashfunction/one way encryption

Answer 9

Example: password = badboy2
Replace letters by numbers: 2 1 4 2 15 25 2
Add digits: 2 + 1 + 4 + 2 + 15 + 25 + 2 = 51
Remainder of sum/7: 51 mod 7 = 2
Add 1 and multiply by 9: (2 + 1) × 9 = 27
Reverse digits and convert to letters: 72 = gb

Question 10

Is storing passwords in plaintext considered secure?

Answer 10

no

Question 11

What occurs on login during the authentication process

Answer 11

Read username and password
Look up entry for username in a password file
Hash input password and compare

Question 12

What is the more secure method of password storage

Answer 12

Keep password creation time
Add creation time to password before hashing
Identical passwords won’t hash to identical values

Question 13

What are three common ways that passwords are targeted and attacked

Answer 13

• Guess password, brute force or from knowledge
• Steal password file and use password cracking software
• Social engineering: get a person to tell their password

Question 14

What are some common ways to guess someones password or brute force it

Answer 14

Try common passwords (e.g,123456)
Try personal references (e.g., pet name)
Try all possible passwords (computationally difficult)

Question 15

How does password cracking software work

Answer 15

Tries words and word combinations, millions of password possibilities per second

Question 16

How do you use social engineering to attack someones password

Answer 16

get a person to tell password

Question 17

What are some other authorization authentication methods

Answer 17

Answer personal information question
Biometric information (fingerprint or retinal scans)
One-time password scheme
Dual authentication

Question 18

Describe the one-time password scheme

Answer 18

User enters ID and a partial password
System or user device generates last half of the password
Last half of the password is good for only a few seconds

Question 19

Describe dual authentication

Answer 19

Temporary code or password is sent to a trusted device

Question 20

What is authorization

Answer 20

set of permitted actions for each authorized person

Question 21

What type of control access is maintained in the operating system

Answer 21

Read access (read a file)
Write access (modify a file)
Execute access (run a program)
Delete access (remove a file)

Question 22

What type of access does a system administrator or superuser have

Answer 22

They have universal access and can set up authorization

Question 23

What is malware

Answer 23

malicious software arriving from the network

Question 24

What is a virus

Answer 24

program embedded within another program or file, replicates itself and attacks other files

Question 25

What is a worm

Answer 25

program that can send copies of itself to other nodes on the network

Question 26

What is a trojan horse

Answer 26

program that seems beneficial but hides malicious code within it

Question 27

What is a keystroke logger trojan horse

Answer 27

Records all keys typed

Question 28

What is a keystroke drive-by-exploit/drive by download

Answer 28

Trojan horse downloaded by simply visiting an infected website

Question 29

What does DOS stand for

Answer 29

Denial of service

Question 30

What occurs during a denial of service attack

Answer 30

many computers try to access the same URL at the same time

Question 31

Why is a denial of service attack a problem

Answer 31

Clogs the network, prevents legitimate access, and causes the server to crash Distributed DoS uses thousands of computers

Question 32

What is the use of a zombie army in a denial of service

Answer 32

Uses a zombie army (botnet): many innocent computers infected with malware

Question 33

What is phishing

Answer 33

Obtain sensitive information by impersonating legitimate sources

Question 34

What is the most common phishing technique

Answer 34

By email

Question 35

What are "white hats"

Answer 35

White hats are security experts and those who work to help protect systems from attackers.

Question 36

What are "black hats"

Answer 36

Black hats are individuals or groups who work toward getting around security to steal information, get money, or do other nefarious, immoral, and illegal acts.

Question 37

What is cryptography

Answer 37

science of “secret writing”

Question 38

What is encryption and decryption

Answer 38

Convert from plaintext to ciphertext and back again

Question 39

What is a symmetric encryption algorithm

Answer 39

A secret key shared by the sender and the receiver | Same key is used to encrypt and decrypt

Question 40

What are the two types of keys used in asymmetric encryption algorithm

Answer 40

Uses two keys: public and private

Question 41

What is the public key used for in asymmetric encryption algorithms

Answer 41

The public key (generally known) is used to encrypt

Question 42

What is the private key used for in asymmetric encryption algorithms

Answer 42

The private key (known only to the receiver) is to decrypt

Question 43

What is the caesar cipher (Shift cipher)

Answer 43

Map characters to others a fixed distance away in the alphabet - shift 3 characters forwards Example: AE, BF, CG…UY, VZ, WA

Question 44

How does a stream cipher work

Answer 44

encode each character as it comes

Question 45

How does a substitution cipher work

Answer 45

Similar to a caesar cipher but implements other mapping techniques

Question 46

What are the pros of a substitution cipher

Answer 46

Easy and fast, can do it character by character

Question 47

What are the cons of a substitution cipher

Answer 47

Letter frequency, double letters, still pertain and make it easy to break

Question 48

What is a block cipher

Answer 48

Block of plaintext encoded into a block of ciphertext | Each character contributes to multiple characters

Question 49

Describe a (matrix based) block cipher

Answer 49

Group characters into blocks n characters long Find invertible n by n matrix, M, and its inverse, M′ as keys Map characters to letters A1, B2, etc. Wrap values 26 and above back to zero: 260, 271, etc.

Question 50

What is the algorithm for encoding

Answer 50

Apply S mapping to plaintext block. Multiply result times M, applying wraparound. Apply S’ to the result.

Question 51

What is the algorithm for decoding

Answer 51

Apply S mapping to ciphertext block. Multiply result times M’, applying wraparound. Apply S’ to the result.

Question 52

What is the data encryption standard

Answer 52

Symmetric encryption algorithm

Question 53

What type of data was the data encryption standard designed for

Answer 53

Digital data

Question 54

What type of encryption standard was designed for plain text?

Answer 54

Binary String

Question 55

What does the Data encryption standard use as a key

Answer 55

Uses 64-bit binary key (56 bits actually used)

Question 56

How many rounds of manipulations does the data encryption standard perform

Answer 56

Sixteen rounds of the same series of manipulations

Question 57

How does decryption work with the data encryption standard

Answer 57

Decryption uses the same algorithm; keys in reverse

Question 58

Describe the efficiency, speed and drawbacks of using the data encryption standard

Answer 58

Fast and effective but requires shared key | 56 bits is too small for modern technology

Question 59

What is similar and different about the advanced encryption standard

Answer 59

uses a similar approach; longer keys than the data encryption standard

Question 60

What are the manipulations that occur during the data encryption standard

Answer 60

``` Split string Duplicating some bits Omit some bits Permute bit order Combine bit strings with XOR (exclusive OR) ```

Question 61

How do you create a RSA key for public key systems

Answer 61

Pick 2 large prime numbers: p and q Compute n = p× q, and m = (p - 1)× (q - 1) Choose large number e at random so that e and m are relatively prime (no common factors except 1) Find unique value d, between 0 and m, such that (e × d) modulo m = 1 Public key = (n, e); Private key = d

Question 62

Describe the process of RSA encryption

Answer 62

Given public key (n, e) Convert message to integer P Calculate C = Pe modulo n

Question 63

Describe the process of RSA decryption

Answer 63

Given private key d | Calculate Cd modulo n

Question 64

What does ecommerce require

Answer 64

Ecommerce requires secure transmission of names, passwords, and credit card numbers

Question 65

What are the web protocols involved in ecommerce

Answer 65

SSL (Secure Sockets Layer) and TLS (Transport Layer Security)

Question 66

What occurs when SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are used

Answer 66

Client-server applications Server provides certificate of authentication and server’s public key Client sends its DES key, encrypted using RSA Data is sent encrypted by the (now shared) DES key

Question 67

What are the general steps for web transmission security?

Answer 67

1. client initiate TLS/SSL, request RSA/DES encryption 2. Authentication certificate, acknowledge RSA/DES and server public key by web server 3. client sends DES key, encrypted with server's public key 4. Web server sends acknowledgement encrypted with DES key 5. SECURE DATA EXCHANGE BETWEEN CLIENT AND WEB SERVER

Question 68

What is an embedded computer

Answer 68

special-purpose, limited computers in other systems

Question 69

What are some examples of embedded computers

Answer 69

Examples: automobiles, smart appliances, remote controls, and patient monitoring systems

Question 70

What is the new trend with embedded computers

Answer 70

Connect embedded computers to a network to allow for the transmission of data and receive updates

Question 71

What could occur if embedded systems were targeted

Answer 71

Targeting embedded systems could cause chaos | Change thermostats, disrupt patient care, or disable aircraft or automobiles

Question 72

What is the most common asymmetric algorithm?

Answer 72

RSA is the most common asymmetric algorithm

Question 73

What are DES, AES based on (mathematically)

Answer 73

XOR (its true if an odd number are true, if it is an even number it isn't true)