Chapter 15 Review w/ Answers

Chapter 15 Review
CIS343|510
Identify each of the computer & network security requirements described below:

1. Requires that computer system assets are available to authorized parties.

2. Requires that information in a computer system only be accessible for

reading by authorized parties.

3. Requires that computer system assets can be modified only by

authorized parties.

One approach to the conceptualization of system security is to view information as flowing from source to destination. Draw diagrams to illustrate the flows of information named below, most of which are security threats.

4. Normal

5. Interruption

6. Interception

7. Modification

8. Fabrication

Each of the properties of information flow in a secure system is compromised by a particular type of security threat. Identify the threat that compromised each of the properties listed below.

9. Confidentiality

10. Authenticity

11. Integrity

12. Availability

Identify the security threat that is realized and the asset upon which a breach of security is carried out by each of the events described below:

13. Existing files are modified or new files are fabricated.

14. An unauthorized read of data is performed.

15. An analysis of statistical data reveals underlying data.

16. A working program is modified, causing it to do some unintended task.

17. False messages are fabricated.

18. Equipment is disabled.

19. The traffic pattern of messages is observed.

Identify the active attack on a data stream described below:

20. Passive capture of a data unit with subsequent retransmission to produce

an unauthorized effect.

21. One entity pretends to be a different entity.

22. Preventing or inhibiting the normal use or management of

communication facilities.

23. Some portion of a legitimate message is altered or the messages are

delayed or reordered to produce an unauthorized effect.

24. T/F: The ID/password system is a notoriously unreliable method of user

access control.

Identify each of the classes of intruder described below.

25. An individual who seizes supervisory control of a system and uses that

control to evade auditing and access controls.

26. A legitimate user who accesses data, programs, or resources for which

such access is not authorized.

27. And individual who is not authorized to use the computer and who

penetrates a system’s access controls to exploit a legitimate user’s account.

29. T/F: One of the strong motivations for the popularity of client/server

architectures is that they offer superior security as compared to

traditional architectures.

30. The two most serious weapons in the intruder armory are: (1)

sophisticated _____ and (2) a willingness to spend _____ probing for

weaknesses.

31. CERT stands for _____.

Due to the overlap of typical intruder and typical user behavior, deciding how to interpret observed behavior is a tricky problem.

32. Too loose an interpretation of intruder behavior will lead to too many

_____, or authorized users mis-identified as intruders.

33. Too tight an interpretation will lead to too many _____, or intruders not

identified as such.

Identfy the approaches to intrusion detection described below.

34. Collection of data relating to the behavior of legitimate users over a

period of time. Apply statistical tests to determine whether presented

behavior is legitimate.

35. Define a set of rules to determine when behavior is that of an intruder.

Identify each of the malicious programs described below.

36. Secret routine embedded within a useful program.

37. Program that consumes system resources by replicating itself.

38. Code embedded within a program that causes a copy of itself to be

inserted in one or more other programs.

39. Code embedded in a computer program that checks for a certain set of

conditions; when conditions are met, performs unauthorized actions.

40. Program that can replicate itself and send copies from computer to

computer across network connections.

41. Secret undocumented entry point into a program.

42. State the two parts of the requirement for multilevel security.

Identify the desired properties of a reference monitor described below.

43. The reference monitor and database are protected from unauthorized

modification.

44. The reference monitor’s correctness must be provable.

45. The security rules are enforced on every access.

46. A system for which mathematical proof of correctness can be provided is known as a _____.