CSC650 Osboring

= CSC 650 Spring 06 Final Review... = Fill in as many questions as you guys can so that we can all save time and study together! Thanks =) To edit just click on the edit link on the side of the question the type in ur answers...

Question 1
What security problems are there with the WEP (Wired Equivalent Privacy) component of the 802.11 wireless standard? Answer: Weak encryption

Question 2
Provide a definition of "software vulnerabilities" that is based on the definitions for "software" and "vulnerability" provided during class lectures. answer...

Question 3
Describe Virtual Private Networks (VPN), include an example of how they can be used to improve the security of a distributed work environment. answer... Not Covered, no need to study!

Question 4
Compare and contrast the defence technique "policy" with "procedure". Do add more...

Question 5
'''Provide a brief description of the four 'Firewall' design patterns described during class lectures. As part of each description provide an illustration of the design pattern.''' answer...

Question 6
What security problems did Version 2 of SNMP (Simple Network Management Protocol) have that were corrected by Version 3 of the protocol? answer...

Question 7
Describe at least five important attributes of the Advanced Encryption Standard (AES) crypto-system. answer...

Question 8
What steps are involved in planning and creating a secure networked system? answer...

Question 1
'''Describe at least five significant attributes of Rivest-Shamir-Adelman (RSA) Encryption. Include an example that shows how this form of encryption can be used to create a digital signature.''' Answer here...

Question 2
Describe "Overlap" and provide two examples of how this technique can be used to create useful defense techniques. Answer ...

Question 3
'''Describe Virtual Private Networks (VPN), include some details on how they can be used to improve the security of highly distributed systems. '''    Answer...

Question 4
Describe the multilevel security model used by the USA government and military. 1. Top Secret 2. Secret 3. Confidential 4. Classified 5. Unclassified

Question 5
'''Describe the concept of a 'Firewall'. List and describe the different firewall design components used with the       firewall design patterns presented in class.''' Answer here ...

Question 6
Compare and contrast the software vulnerabilities, 'trapdoor' and 'trojan horse'. Answer here ...

Question 7
What steps can be taken to make Local Area Networking (LAN) secure? 1. Use switches instead of hubs to connect the network infrastructure. Hubs broadcast network traffic across all systems connected to it whereas switches only send to the intended MAC address.

2. Even better than a normal switch, use a managed switch so that it can be configured to disable a port if a cable becomes disconnected. Ensure that the only possible way of reactivating that network port is to   have a network administrator reset it. This ensures that unintended parties do not get access to the LAN by disconnecting an allowed system from the network.

3. If connected to the internet or another "outside" network, ensure the bridging of the different networks only happens on one segment. This allows for a much easier configuration between foreign networks. The adapter/system bridging the networks together should be configurable so that only certain traffic will be   allowed behind the network, pretty much, use a firewall.

Question 1
What are the major components of security and secure networked systems? Answer here...

Question 2
What steps can be taken to make Wireless Networking secure? 1. MAC Address Filtering

2. Use WEP (Wired Equivilent Protocol) or WPA (Wi-Fi Protected Access) <-- Preferred if supported

3. Change default administrator password on router(s) / access point(s)

4. Change default SSID on router(s) / access point(s)

5. If possible, don't use wireless at all.

Question 3
Compare and contrast the software vulnerabilities, Answer...

Question 4
Describe the 'dominance' relation of the multilevel security model used by the USA government and military. answer...

Question 5
'''List and describe the different components found in the firewall design patterns presented in class. Draw a picture of the only design pattern that requires use of all of these components.''' Answer here ...

Question 6
Describe IPSec, include some details on how it improves network security. Answer here ...

Question 1
Describe how to shop online safely Answer here...

Question 2
Compare and contrast DES encryption with RSA encryption.Include with your analysis a brief description of each,    their strengths, and their weaknesses

Developed during the early 1970s 64-bit block 56-bit key Open design
 * DES Encryption ***

Pros:

Cons:

Asymmetric, 2 keys Public key Simplifies distribution of keys Private Key, Other key is kept secret Up to 4096 bit key.
 * RSA Encryption ***

Pros: Good for : - key exchange - authentication - signatures - signed certificates

Cons:

Question 3
'''Briefly describe each of the following software vulnerabilities. virus, worm, trojan horse, trapdoor, covert channel, salami''' Answer...

Question 4
Briefly describe the multilevel security model used by the USA government and military. answer...

Question 5
'''Which of the firewall design patterns presented in class provide support for a 'DMZ' local area network? Draw a    small picture of these patterns and label the physical components.''' Answer here ...

Question 6
Fully describe "Controls" and provide four examples of how these techniques can be used to enhance the usefulness    of other defense techniques. Answer here ...

Question 1
'''Describe 'encryption' and include two examples of how they are used in network systems to block vulnerabilities. Each of your examples must be derived from a different student oral presentations.''' Answer here...

Question 2
'''What are the four main firewall design patterns? Draw a small picture of each and label the physical components.''' Answer ...

Question 3
For each of the firewall design patterns in the previous question, how many packet filters require configuration for each design? Answer...

Question 4
'''Describe "RSA" encryption. Include a list of its main attributes.''' answer...

Question 5
'''Describe the "Security Planning" process. Include a list of key components of this process.''' Answer here ...

Question 6
Fully describe "Controls" and provide four examples of how these techniques can be used to enhance its usefulness. Answer here ...

Question 1
'''Describe 'controls' and include four examples of how they are used in network systems to block vulnerabilities. Each of your examples must be derived from different student oral presentations.''' Answer here...

Question 2
'''What is a 'firewall'? As part of your answer create an example firewall using two packet filtering routers with one ethernet switch between the routers. Provide an initial draft description of one of the router communications port TCP/IP packet filters. (just one packet filer from one router I/O port)''' Answer ...

Question 3
Compare and contrast 'computer viruses' with 'network worms'. Answer...

Question 4
Describe "Regular Review" and how this activity aids in the creation and maintenance of security. answer...

Question 5
Compare and contrast DES encryption with RSA encryption.Include the strengths and weaknesses of these encryption algorithms in your analysis. Answer here ...

Question 6
Fully describe "Overlap" and provide two examples of how this defense technique can be used to enhance the usefulness of other defense techniques. Answer here ...