Network Systems Design EC 343 Tutorial 7 Introduction to Security 1. 2. 3. 4. 5. What is Computer Security?

y? What is Network Security and the 3 main security properties that it attempts to protect? What is a risk? Briefly explain whether security is an engineering or management problem. There is a good body of knowledge in Computer Security and a history of carefully designed secure systems, but still we hear about many kinds of attacks and cyber-terrorism everyday. Is this statement accurate? If not explain why you think this statement is inaccurate. If you think that this statement is accurate, explain what are the reasons for this dilemma. Who/what is an adversary? Give some examples. What is a threat? What is a threat model? And what does threat model help in establishing? What is a vulnerability? Also provide some sources of vulnerabilities. What is an attack and the 3 major types of attacks? What is the meaning of been compromised? Who/what are participants? Explain who/what is a trusted third party with an example. What do you mean by trust? And what does trust model describes? Briefly explain the terms, a. Reliability. b. Survivability. c. Privacy. d. Assurance. Briefly explain what is a security model and why is it extremely important that any design should include a security model. What is a countermeasure? Also briefly explain the 3 countermeasures that we can take with respect to network attacks. Briefly explain confidentiality. Also provide examples for confidentiality violations. Briefly explain integrity. Also provide examples for integrity violations. Briefly explain availability. Also provide examples for availability violations. Briefly explain accountability. Also provide examples for accountability violations. Briefly explain authentication. Also provide examples for authentication violations. What are the drawbacks of passwords? What are the 3 main opposing forces that fail security? What are the engineering and management aspects that can lead to security failures? Briefly explain the two approaches to deal with the complexity of modern systems and provide protection? What are some reasons that motivate attackers? List and briefly explain the 5 types of attackers. What are the main human factors that affect security?

6. 7. 8. 9. 10. 11. 12. 13. 14. 15.

16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29.

30. What are some reasons that hesitates modern organizations from investing in security of their solutions? 31. What are the 5 major steps in implementing a security solution? 32. What are the two major aspects that an Information Security Management System (ISMS) defines in terms of an organizations security? 33. Define the terms, a. Cryptography b. Cryptanalysis c. Cryptology d. Encryption e. Decryption f. Cipher 34. What are the goals of cryptography? 35. What is a trap-door one way function? 36. What are security protocols and their possible objectives? 37. What are the 3 types of authentication protocols? Also provide possible authentication mechanisms for each type. 38. What is a multi-factor authentication protocol? 39. Briefly explain the 4 types of firewalls. 40. What are major problems/limitations with firewalls? 41. What is an email filter and what are the possible outcomes of an email as it is filtered by an email filter? 42. What are some filtering criteria available in email filters? 43. In your own words, briefly explain why logging and auditing is important with respect to implementing a secure network environment? 44. What are possible sources of information for further forensics of an attack? 45. Briefly explain the 3 types of intrusion detection mechanisms? 46. Briefly explain what you should and should not do in case you identify a security hole in a wellknown and widely used system.