INFA 610

Foundations of Information Security and Assurance

Final Exam

Part 1: Short discussion, determine if each of the following questions is true or false and defend your position in a brief discussion if you think it is necessary. Write your answer, T or F, to each question in the following Answer Table.   (10 questions at 1.5 points each, 15 points totally)

1. T F Deleting the browsing history and cookies in a computer system can be the way to completely delete the recently visited sites.

 

2. T F A Denial-of-Service attack does not require the attacker to penetrate the target’s security defenses.

 

3. T F The biggest advantage of public-key cryptography over secret-key cryptography is in the area of key management/key distribution.

 

4. T F When it comes to the ethics of a particular situation, there is only one right answer.

 

5. T F A one-time pad is a safe house used only once by an undercover agent.

 

6. T F In terms of privacy laws, companies have advantage over the government in terms of the types of data that a company can collect.

 

7. T F Consider data that is stored over time in a mandatory access control based system. The contents of files containing highly classified (“top secret”) information are not necessarily more trustworthy than material stored in files marked unclassified

 

8. T F A hash algorithm uses a one-way cryptographic function, whereas both secret-key and public-key systems use two-way (i.e., reversible) cryptographic functions.

 

9. T F 3DES (Triple DES) requires the use of three independent keys.

 

10. T F Intrusion Detection Systems (IDS) provide no protection from internal threats.

 

Part 2: Multiple Choice Questions. In some cases you may need to select more than one of the options. If you select “None of the above” you need to list the correct answer. (Do not simply select either all of the above or none of the above). (Scored as 3 points for each question, no guarantee of partial credit for partially correct answers.) Write your answers in the following Answer Table. (10 questions at 3 points each, 30 points totally)

1. Broad categories of payloads that malware may carry include which of the following:

Corruption of system or data files;
Theft of service in order to make the system a zombie agent of attack as part of a botnet;
Theft of information from the system, especially of logins, passwords or other personal details by keylogging or spyware programs;
Stealthing where the malware hides it presence on the system from attempts to detect and block it;
All of the above.

2. Denial of service attacks include:

DNS spoofing

Smurf attack

Ping of death

SYN flood

All of the above.

 

3. If person A uses AES to transmit an encrypted message to person B, which key or keys will A have to use:

A’s private key

A’s public key

B’s private key

B’s public key

None of the keys listed above.

 

4. The basic step(s) should be used to secure an operating system:

Harden and configure the operating system to adequately address the identified security needs of the system.

Install and register the operating system.

Installing and configure additional security controls, such as anti-virus, host-based firewalls, and intrusion detection systems (IDS), if needed.

Test the security of the basic operating system to ensure that the steps taken adequately address its security needs.

All of the above.

 

5. Choose the right statement(s):

On change-controlled system, you should run automatic updates to prevent security patches from introducing instability.

A malicious driver can potentially bypass many security controls to install malware.

It is critical that the operating system be kept as up to date as possible, with all critical security related patched installed.

The operating system planning process should consider the categories of users on the system, and the privileges they have.

All of the above.

 

6. Countermeasures against subdomain DNS cache poisoning include which of the following:

SPR

DNSSEC uses RRSIG and DNSKEY records

Firewalls

DNSSEC employing a chain of trust

All of the above.

 

7. SELinux implements different types of MAC: ________________________.

Role Based Access Controls and Type Enforcement,

Multi Level Security,

Multi Task Level Security,

User Based Access Controls and Format Enforcement

None of the above.

 

8. Protection of a software program that uses a unique, novel algorithm could be legally protected by:

A patent

A copyright

A notary

Ethical standards

All of the above.

 

9. Security threats include which of the following:

Hurricanes

Disgruntled employees

Unlocked doors

Un-patched software programs

All of the above.

 

10. Methods to avoid SQL injection include which of the following:
Providing functions to escape special characters
Techniques for the automatic detection of database language in legacy code.
Built-in functions that strip input of dangerous characters.
Techniques for the automatic detection of SQL language in legacy code.
All of the above.

Part 3: Short Answer Questions. (5 questions, 5 points each, 25 points totally)

1. You discover that your computing system has been infected by a piece of malicious code. You have no idea when the infection occurred. You do have backups performed every week since the system was put into operation but, of course, there have been numerous changes to the system over time. How could you use the backups to construct a “clean” version of your system? (5 points)

2. What are the server-side attacks? What are the techniques a developer can employ to minimize these attacks?

3. What are some of the individual rights associated with information privacy? Do expectations of privacy change depending on the individual’s environment? If so, how? (5 points)

4. The table below shows the authentication protocol, wherein pwd is Albert’s password and K is a key derived from pwd. Can an attacker that can eavesdrop messages (but not intercept or spoof messages) obtain pwd by off-line password guessing? If you answer no, explain briefly. If you answer yes, describe the attack. (5 points)

5. Why is a firewall a good place to implement a VPN? Why not implement it at the actual server(s) being accessed? (5 points)

Part 4: Essay Questions.

1. (15.0 points) One hundred years ago, Louis Brandeis and Samuel Warren warned us that, “Numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the housetops.’” Cryptography is an enabling technology for self-help privacy. Conversely, cryptography can be used to conceal criminal conspiracies and activities, including espionage.

(a) How does cryptography help or hinder protection of privacy and public safety?

(b) What policies are needed and appropriate in a networked world regarding the use of cryptography?

(c) What new threats do computer systems and networks pose to personal privacy? In other words, what threats are enabled or enhanced by computer systems and networks? Note: Your total answer to all three questions (a-c) should be restricted to two (2) pages (double spaced, font size=12). In addition to the answer, you must cite all sources of information if any.

 

2. (15 points) Rick is a very talented programmer who has developed a revolutionary method for a new intrusion detection system (IDS). It is an elegant new algorithm that will flawlessly detect intrusion attacks and respond almost instantly. He understands that if it works it could be worth a great deal of money. Steven is a friend of his whom he enjoys discussing his ideas with. Steven is a successful entrepreneur, and Rick is concerned that he may lose any intellectual rights if Steven was to develop his idea without including him. Please discuss the legal and ethical issues in such a relationship. What should each of these individuals do to ensure ethical barriers are not broken? Maximum length: two (2) pages (double spaced, font size=12). In addition to the answer, you must cite all sources of information if any.