Computer network Security

Question 1

Define Security ?

Answer 1

Security is about protecting assets from threats.

Question 2

Who is an Owner in terms of security ?

Answer 2

An owner is someone who values assets and seeks to protect assets.

Question 3

Who is a threat agent ?

Answer 3

A threat agent is someone who values assets and seeks to abuse it.

Question 4

What are threats ?

Answer 4

Threats are potential for a(n) asset(s) to be abused.

Question 5

What are countermeasures ?

Answer 5

Counter measures help reduce vulnerabilities.

Question 6

What are vulnerabilities ?

Question 7

Risk is measured in

Answer 7

occurrence likelihood and impact

Question 8

What is security analysis ?

Answer 8

surveys the threats that pose risks and proposes a policy and solution at an appropriate cost.

Question 9

List all phases of security analysis ?

Answer 9

theat model -> risk assessment->security policy -> cost of countermeasures -> security solution.

Question 10

Explain the forces/factors acting against a system’s security

Answer 10

Computer Software Complexity
Human Factor
Expertise of Attackers and the Threat’s they pose.

Question 11

List all the profiles of Attackers you can and give examples.

Answer 11

Script Kiddies, Hobbist Hackers, Determined Hackers, Proffessional consultant, security services experts

Question 12

When should you consider the profile of the attacker when doing security analysis ?

Answer 12

Risk Assessment.

Question 13

What are the security properties to ensure.

Answer 13

CIAAAA

Question 14

How do i ensure confidentiality ?

Answer 14

include encryption, hashing, and access control list.

Question 15

________________ allows for two parties to confirm that they share the same information without sharing additional information.

Answer 15

private set intersection.

Question 16

What is Integrity ?

Answer 16

Information has not been altered or changed in an unauthorised or malicious way.

Question 17

Ways to ensure integrity ?

Answer 17

backups, message authentication codes, checksums, data correcting code, cryptography based hashing functions and digital signatures.

Question 18

What is availability ?

Answer 18

Information and Services are accessible and modifiable in a timely fashion by those authorised to do so.

Question 19

Ways to ensure availability ?

Answer 19

use of a firewall, keep a redundant server. invest in a intrusion detection system.

Question 20

What is assurance ?

Answer 20

How trust is provided and managed in a computer system.

Question 21

How do you manage and provide trust in a computer system.

Answer 21

policies, permissions, and protection.

Question 22

What is accountability ?

Answer 22

Actions are traceable to the party/ individual responsible.

Question 23

why is keeping a secure audit trail important ?

Answer 23

so actions affecting the security of a system can be tracked back to the responsible party.

Question 24

___________________ is a stronger form of accountability.

Answer 24

non-repudiation

Question 25

What are the ways to secure an audit trails ?

Answer 25

ensure that the persisted audit logs are store in isolation. an isolated remote server, printer, or make use of an append-only file.

Question 26

What is authentication ?

Answer 26

Data and Services should only be available to authorised identities.

Question 27

List Common attacks and their examples

Answer 27

Eavesdropping, Masquerading, repudiation, Correlation and backtrace , Denial of Service, Alteration,

Question 28

Protection Countermeasures categories.

Answer 28

Prevention, Detection and Response..

Question 29

What is Steganography ?

Answer 29

Study of hidden writing.

Question 30

What is Steganalysis ?

Answer 30

The identification of discovery of hidden writing.

Question 31

What is Cryptology ?

Answer 31

Cryptography + Cryptanalysis

Question 32

What is cryptanalysis ?

Answer 32

breaking ciphers.

Question 33

What is cryptography ?

Answer 33

secret writing with ciphers.

Question 34

What is encryption ?

Answer 34

transforming plaintext to ciphertext.

Question 35

What is decryption ?

Answer 35

recovering plaintext from ciphertext.

Question 36

What is a Symmetric Cipher ?

Answer 36

A symmetric cipher is a cipher that makes use of the same key for encryption and decryption.

Question 37

What are the two types of symmetric ciphers ?

Answer 37

block cipher and the stream cipher.

Question 38

Explain the two types of symmetric ciphers and give examples o f some you know.

Answer 38

block and stream cipher

block -> caesar cipher
stream cipher -> one time pad or vernam cipher/ RC4.

Question 39

List the types of Stream Ciphers you know.

Answer 39

Periodic, Non-Periodic, Synchronous and self-Synchronous.