theory

Question 1

client

Answer 1

is an entity that consists of an operating system and a collection of
programs to perform a set of functions.

Question 2

server

Answer 2

is a passive machine it only responds to inquiries or requests from
clients and does not initiate any communication on its own.

Question 3

Computer Security Concepts:

Answer 3

1-Identification: Users are identified to a computer or an application through a user identifier or user-id.
2-Authentication is the process used to verify the identity claimed by the user.
3-Authorization is the process of assigning access rights to each user (ID).
4-Access control pertains to the process of enforcing access rights for network resources.
5-Confidentiality is the process used to protect secret information from unauthorized disclosure.
6-Data integrity allows detection of unauthorized modification of data.
7-non-repudiation is the capability to provide proof of the origin of data or proof of the delivery of data.
8-Denial of Service attack is one in which the attacker takes over or consumes a resource so that no one else can use it.

Question 4

Authentication

Answer 4

is the process of verifying something, Such as a user’s
identity, a network address, or the integrity of a data string. Furthermore,
authentication establishes an association between two entities.

Question 5

users can be authenticated based on one or more of the following

Answer 5

Something the user knows: Users are often given a secret to such as a password. and should be known only to the user and the system.

Something the user has : User may be given item such as keys, badges or other devices. These devices, in turn, help the system to authenticate the users.

Something the user is: Every user has some unique physiological and behavioral characteristics that can be recorded and compared.

Question 6

Token Cards

Answer 6

the user is given a token card that shares a secret key with the
system. This key is called the shared secret key. The card displays a number that changes over time and uses the shared secret key.

Question 7

one-time password

Answer 7

is based on generating passwords that can be used only
once.

Question 8

asymmetric key encryption

Answer 8

is the basis of the public key schemes.

Question 9

symmetric key encryption scheme

Answer 9

uses the same key for encryption and
decryption.

Question 10

private key

Answer 10

(known only to the user)

Question 11

public key

Answer 11

(known to every one)

Question 12

difficulties encountered Workstation Security ?

Answer 12

1.1- Workstation Access: solve it by access control
1.2- Workstation Monitoring: solve it by Intrusion Detection
1.3- Viruses: solve it by antivirus

Question 13

Workstation Monitoring:

hint: two parts

Answer 13

consists of tracking and investigating the history of significant events. We divide this discussion into two parts, audit trail and intrusion analysis.

Question 14

• 2.1- audit trail

hint: significant events

Answer 14

There are several significant events that should be recorded for potential review at a later time.

Question 15

• 2.2- Audit Requirements

Answer 15

*Automatically collects information on all the security – sensitive activities.
* Stores the information using a standard record format.
* Creates and saves the audit records automatically without requiring any action by the administrator.
* Protects the audit records log under some security scheme.
* Minimally affects the normal computer system operation and performance.

Question 16

Audit System Design

hint: steps

Answer 16

Implementation of an audit system can be achieved in several steps. In short, it consists of determining what events must be audited, creating the software to record those events, and then saving these records in a protected log.

Question 17

Intrusion Detection:

Answer 17

is the process of detecting and identifying unauthorized or unusual activity on the system By using the audit records,

the intrusion detection system should identify any undesirable activity.

Question 18

Design Intrusion detection

hint: s o a

Answer 18

consists of subjects, objects, audit records

Question 19

Profiles (in respects to audits)

Answer 19

the description of normal behavior of subjects with respect to the objects.
Three candidate profiles are described:

*-A-Logon and Session Activity: The subject is the user, the object is the user’s logon location, and action is log on or log off.
*- B-Command or Program Execution

the audit records show the subject as a user, the object as the name of the program, and the action is execute.

*- C-File Access Activity: the subject is a user, the object is the name of a file, and the action is read, write, create, delete, or append

Question 20

Anomaly Records *:

Answer 20

An anomaly record is created when the audit records
show some abnormal behavior compared to that in the profiles

Question 21

Viruses

Answer 21

The scientifically correct definition for a computer virus is self-
reproducing automation.

Question 22

Bacteria

Answer 22

are programs that duplicate themselves

Question 23

Worms

Answer 23

is an independent program that can replicate itself and often
spreads to different sites over a network.

Question 24

Trapdoors

Answer 24

is an undocumented entry point into software that
circumvents the normal system protection

Question 25

Logic Bombs

Answer 25

A software logic bomb or a time bomb is a fragment of
software that is set to inflict damage when a certain set of conditions exist.

Question 26

Trojan Horses

Answer 26

In the context of computer security, Trojan horses refer to malicious programs or files that appear harmless or useful but contain hidden code or functionality designed to exploit or damage a computer system without the user’s knowledge

Question 27

Designing a Virus

Answer 27

Consider a virus that is designed to infect an
assembly language program.
1- Locate the first executable instruction in the target program.

2- Replace that instruction with an instruction to jump to the memory location next to the last instruction of the target program.

3- Insert the virus code for execution at the end of the target program.

4- Insert an instruction at the end of the virus program to simulate the original first instruction of the target program that the virus replaced in step 2.

5- Add another instruction at the end of the virus code to jump back to the second instruction of the target program.

Question 28

difficulties encountered Distributed Security Services

hint: e h d

Answer 28

1- data confidentiality during transfer: Solution - encryption.
2- Detecting changes to data during transfer: Solution - hash function.
3- Preventing unauthorized access to data: Solution - digital signatures.

Question 29

Encryption

Answer 29

is the process of transforming data into an unintelligible form
in such a way that the original data can be obtained only by using the
decryption process and the encryption key.

Question 30

Transposition

Answer 30

A given text can be transposed in several
ways. Consider the word PRIVATE. This word
can be transposed to VRIPTEA, In order to decrypt this word, the recipient will attempt different positions of the
letters until an intelligible word is found.

Question 31

Substitution

Answer 31

A method of encryption in which a given text is encrypted by substituting each letter with another letter.

Question 32

Data confidentiality

Answer 32

implies that confidential data is not disclosed to an
unauthorized user.

Question 33

Data integrity

Answer 33

requires that no unauthorized user can modify the data.

Question 34

What is Hash function

Answer 34

A hashing algorithm is a cryptographic hash function.
It is a mathematical algorithm that maps data of arbitrary size to a hash of
a fixed size.

Question 35

One-way hash function requirements

Answer 35

1- The one-way hash function H can be applied to a data block M of arbitrary size.
2- The resulting message digest, d, is of fixed size, the message digest size is usually
128 bits or 160 bits.
3- The one-way hash function H is easy to implement in both hardware and software.
4- Given the message digest d, it is very hard to find the original message M.
5- Given the message M, it is very hard to find a data block N such that
H (N) = H (M).
6- It is very hard to find any two data blocks x and y such that: H (x) = H (y).

Question 36

Digital signature

Answer 36

provides proof of authenticity and origination of data.
note that:
different from encryption, since encryption provides confidentiality.

Question 37

Access Control

Answer 37

enforces the access rights when a subject requests to access
an object

Question 38

Access control is based on 3 types of information

Answer 38

1. Subjects: is capable of accessing an object.
2. Objects: is an entity to which access can be controlled.
3. Access Rights: define the ways in which a subject can access the object

Question 39

Access rights are specified for each pair of subjects and objects.

hint: acl cl

Answer 39

2- Access Control List (ACL) =>for a given object defines the access rights for each subject.
3- Capability List (CL) =>for a subject specifies the rights to access each object.

Question 40

firewall

Answer 40

A firewall provides controlled access between a private network and the Interne.
A firewall determines whether a data packet or a connection request should be
permitted to pass through the firewall or be discarded

Question 41

encrypted message ->

Answer 41

provides confidentiality

Question 42

encrypted message + message digest ->

Answer 42

provides data integrity and conedentiality

Question 43

message + message digest ->

Answer 43

provides data integrity

Question 44

encrypted message + encrypted digital signature ->

Answer 44

proved data integrity, authenticity, and confidentiality

Question 45

message + encrypted digital signature ->

Answer 45

provides data integrity and authenticity