Chapter 15 Review w/ Answers

Chapter 15 Review w/ Answers
CIS343|510

Name _________________

Place all answers on answer sheet provided.

Identify each of the computer & network security requirements described below:

1. Requires that computer system assets are available to authorized parties.

availability

2. Requires that information in a computer system only be accessible for

reading by authorized parties.

secrecy

3. Requires that computer system assets can be modified only by

authorized parties.

integrity

One approach to the conceptualization of system security is to view information as flowing from source to destination. Draw diagrams to illustrate the flows of information named below, most of which are security threats.

4. Normal

See Stallings, Fig. 15.2, page 627

5. Interruption

6. Interception

7. Modification

8. Fabrication

Each of the properties of information flow in a secure system is compromised by a particular type of security threat. Identify the threat that compromised each of the properties listed below.

9. Confidentiality

Interception

10. Authenticity

Fabrication

11. Integrity

Modification

12. Availability

Interruption

Identify the security threat that is realized and the asset upon which a breach of security is carried out by each of the events described below:

13. Existing files are modified or new files are fabricated.

data; integrity

14. An unauthorized read of data is performed.

data; secrecy

15. An analysis of statistical data reveals underlying data.

data; secrecy

16. A working program is modified, causing it to do some unintended task.

software; integrity

17. False messages are fabricated.

communication lines; integrity

18. Equipment is disabled.

hardware; availability

19. The traffic pattern of messages is observed.

communication lines; secrecy

Identify the active attack on a data stream described below:

20. Passive capture of a data unit with subsequent retransmission to produce

an unauthorized effect.

replay

21. One entity pretends to be a different entity.

masquerade

22. Preventing or inhibiting the normal use or management of

communication facilities.

denial of service

23. Some portion of a legitimate message is altered or the messages are

delayed or reordered to produce an unauthorized effect.

modification of messages

24. T/F: The ID/password system is a notoriously unreliable method of user

access control.

True

Identify each of the classes of intruder described below.

25. An individual who seizes supervisory control of a system and uses that

control to evade auditing and access controls.

clandestine user

26. A legitimate user who accesses data, programs, or resources for which

such access is not authorized.

misfeasor

27. And individual who is not authorized to use the computer and who

penetrates a system’s access controls to exploit a legitimate user’s account.

masquerader

29. T/F: One of the strong motivations for the popularity of client/server

architectures is that they offer superior security as compared to

traditional architectures.

False

30. The two most serious weapons in the intruder armory are: (1)

sophisticated _____ and (2) a willingness to spend _____ probing for

weaknesses.

knowledge of how to intrude

countless hours

31. CERT stands for _____.

Computer Emergency Response Team

Due to the overlap of typical intruder and typical user behavior, deciding how to interpret observed behavior is a tricky problem.

32. Too loose an interpretation of intruder behavior will lead to too many

_____, or authorized users mis-identified as intruders.

false positives

33. Too tight an interpretation will lead to too many _____, or intruders not

identified as such.

false negatives

Identfy the approaches to intrusion detection described below.

34. Collection of data relating to the behavior of legitimate users over a

period of time. Apply statistical tests to determine whether presented

behavior is legitimate.

statistical anomaly detection

35. Define a set of rules to determine when behavior is that of an intruder.

rule-based detection

Identify each of the malicious programs described below.

36. Secret routine embedded within a useful program.

Trojan horse

37. Program that consumes system resources by replicating itself.

bacteria

38. Code embedded within a program that causes a copy of itself to be

inserted in one or more other programs.

virus

39. Code embedded in a computer program that checks for a certain set of

conditions; when conditions are met, performs unauthorized actions.

logic bomb

40. Program that can replicate itself and send copies from computer to

computer across network connections.

worm

41. Secret undocumented entry point into a program.

trapdoor

42. State the two parts of the requirement for multilevel security.

No read up; no write down

Identify the desired properties of a reference monitor described below.

43. The reference monitor and database are protected from unauthorized

modification.

isolation

44. The reference monitor’s correctness must be provable.

verifiability

45. The security rules are enforced on every access.

complete mediation

46. A system for which mathematical proof of correctness can be provided is known as a _____.

trusted system