Security

Question 1

Masquerading attack

Answer 1

Pretending to be another entity

Question 1

What are the four main types of security violations?

Answer 1

1. Breach of confidentiality (unauthorised data access)
2. Breach of integrity (unauthorised data modification)
3. Breach of availability (unauthorised data destruction)
4. Theft of service (unauthorised resource use)

Question 2

Replay attack

Answer 2

Maliciously resending valid data

Question 3

Man-in-the-middle

Answer 3

Intercepting and altering communications

Question 4

At which 4 levels must security be implemented?

Answer 4

1. Physical (data centres, hardware)
2. Human (prevent social engineering)
3. Operating System (protection mechanisms)
4. Network (secure communications)

Question 5

Threats: Trojan Horse

Answer 5

Disguised malware e.g. fake login

Question 6

Threats: Logic Bomb

Answer 6

Triggers under specific conditions

Question 7

Threats: Buffer Overflow

Answer 7

Overwrites memory to exploit

Question 8

Threats: Virus

Answer 8

Self-replicating code infects files

Question 9

Symmetric Encryption

Answer 9

Uses one shared skey to encrypt/decrypt

Question 10

Asymmetric Encryption

Answer 10

Uses public key (encrypt) and private key (decrypt)

Question 11

How does RSA encryption work?

Answer 11

1. Generate primes p and q; compute N=p*q
2. Public key: (ke, N)
3. Private key: (kd, N)

Question 12

Worms

Answer 12

Self-replicating malware e.g. Morris worm

Question 13

DoS attacks

Answer 13

Overloads systems to deny service e.g. traffic floods

Question 14

Plaintext

Answer 14

Original message

Question 15

Ciphertext

Answer 15

Encrypted message

Question 16

Cipher

Answer 16

Algorithm for encryption/decryption

Question 17

Why is cryptography essential in networks?

Answer 17

Prevents eavesdropping/spoofing by ensuring:
- Confidentiality (only authorised parties read data)
- Authentication (verify sender/receiver)