NT-DoS

113 Spoofing attack is a) an application that captures TCP/IP data packets, which can maliciously be used to capture passwords and other data while it is in transit either within the computer or over the network. b) a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining illegitimate access. c) a toolkit for hiding the fact that a computer’s security has been compromised, is a general description of a set of programs which work to subvert control of an operating system from its legitimate (in accordance with established rules) operators. d) None of these

(b) Cross-site request forgery (CSRF) attacks and defenses. What is a CSRF attack and why do the attacks happen? Solution: Give an example of attack scenario of CSRF and its consequence. Describe a solution to prevent the attack. Solution:

Question 2: Access Control A significant cause of security breaches is inappropriate entitlements. This can be caused by incorrect initial access rights settings, accumulation of entitlements over time, or even improper access rights for a user that were intentionally set by a rogue collaborating administrator. Entitlement accumulation can result from a lack of maintenance when an employee changes positions and maintains all of his or her old access rights. One frequent mistake many organizations make is terminating administrators while not immediately de-provisioning their accounts and removing all access rights. i. Discuss the why the mistakes identified are seen as problems ii. Propose your solution to these problems. Support you answers with concepts learnt in class.

c) You are in charge of designing a secure Internet Banking System. While designing the system, you need to consider several aspects of information security, such as: i) user authentication, ii) bank server authentication, iii) distribution of the public key (if using an asymmetric cipher), iv) distribution of the symmetric key (if using a symmetric cipher), v) confidentiality of the communication between the user and the bank server, vi) integrity of the communication between the user and the bank server, vii) non-repudiation. To address these design goals, you may need to use a combination of different types of cryptographic/security primitives. Symmetric Asymmetric Message authentication Digital encryption signatures exchange Hash Public key Key Digital Certificate Ciphers functions cades (MAC) Stream Block ciphers ciphers Figure 3: Basic cryptographic building blocks Select appropriate primitives that you propose to address each of the above security goals and provide necessary…

101. A vulnerability scanner is a) a prepared application that takes advantage of a known weakness. b) a tool used to quickly check computers on a network for known weaknesses. c) an application that captures TCP/IP data packets, which can maliciously be used to capture passwords and other data while it is in transit either within the computer or over the network. d) a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining illegitimate access.

b) Describe THREE (3) principles required to apply the access control.

To what extent can a single individual organize the launch of a DDoS attack?

For each of the following requirements, identify the best choice of degree ofdurability in a remote backup system:a. Data loss must be avoided, but some loss of availabilitymay be tolerated.b. Transaction commit must be accomplished quickly, even at the cost ofloss of some committed transactions in a disaster.c. A high degree of availability and durability is required, but a longer runningtime for the transaction commit protocol is acceptable.

One of the most basic concepts in the field of Information Security is the CIA Triad or CIA Triangle.  This was mentioned briefly in Chapter 1 of your text.  CIA stands for Confidentiality, Integrity, and Availability.  Denial of Service (DoS) attacks challenge the "Availability" of a system or data.  This could be temporary (e.g., a SYN Flood Attack that renders a web server unavailable during the attack) or permanent (e.g., the deletion or destruction of the data).  The latter of these has become increasingly common in the case of "ransomware" which is malware that encrypts all of the data on an infected system and the administrator is notified that if they don't pay a ransom by a certain date that the key to decrypt the data will be permanently deleted.  (NOTE: This is conspicuously absent from the books discussion on malware but is a MAJOR issue right now.)  While the temporary attacks may be less destructive, they are often done against systems that generate a lot of money (such…

For each of the following requirements, identify the best choice of degree of durability in a remote backup system: a. Data loss must be avoided, but some loss of availability may be tolerated. b. Transaction commit must be accomplished quickly, even at the cost of loss of some committed transactions in a disaster. c. A high degree of availability and durability is required, but a longer running time for the transaction commit protocol is acceptable.

True or False  1. authentication exchange is the use of a trusted third party to assure certain properties of a data exchange 2. a loss of integrity is the unauthorized modification or destruction of information 3. the denial of service prevents or inhibits the normal use or management of communication facilities

This type of Access Control Model uses labels to identify both subjects, and objects. It provides the highest level of security when compared to other models, and is usually by the military to ensure that data is protected in mission-critical systems: m Select one: O a. Mandatory Access Control (MAC) O b. Discretionary Access Control (DAC) Role-based Access Control (RBAC) O. C. O d. Rule-based Access Control (RBAC) e. Non-Discretionary Access Control (Non-DAC)

Describe an access control situation using one of the four techniques. What makes this choice unique?

Take into consideration the various types of access control mentioned below, and choose some example scenarios. This is an example. • Discretionary Access Control (DAC), • Mandatory Access Control (MAC), • Role-Based Access Control (RBAC), • Attribute-Based Access Control (ABAC), • Rule-Based Access Control (RBAC), • Risk-Adaptive Access Control (RAC), • Identity-Based Access Control (IBAC), • Organization-Based Access Control (OBAC), •

Have an idea about all types of Access control models (Provided below) and pick out some example scenarios where these can be applied. An example is provided. • Discretionary Access Control (DAC) • Mandatory Access Control (MAC) • Role-Based Access Control (RBAC) • Attribute-based Access Control (ABAC) • Rule-Based Access Control • Risk – Adaptive Access control • Identity-Based Access Control • Organization Based Access Control

There are several approaches to access control, each with its own strengths and weaknesses. For at least three or more of the following, Mandatory access control (MAC), discretionary access control (DAC), Role-based access control (RBAC), and Rule-based access control (RBAC), and Attribute-based access control (ABAC), provide  examples from web searches, in which each is used and why?

A technique known as Mandatory Access Control (MAC) enables data owners to establish and manage access control policies on their own terms. Choose one: Is this true or false?

1. Lipner's model: we have security levels and integrity levels assigned as follows. In security level, the AM > SL; in integrity level, the ISP > IO > ISL. Please complete the access control matrix to show the rights (read and write) that each subject has over each object. Assume that discretionary access controls allow anyone access Subjects Security Level Integrity Level (SL, { SP }) (SL, { SD }) Ordinary users (ISL, { IP }) Application developers (ISL, { ID }) System programmers (SL, { SSD }) (ISL, { ID }) System managers and (AM, { SP, SD, SSD }) (ISL, { IP, ID}) auditors System controllers (SL, { SP, SD }) (ISP, { IP, ID}) Objects Security Level Integrity Level Development code/test data (SL, { SD }) (ISL, { IP} ) (SL, { SP }) (SL, { SP }) (SL, Ø) (SL, Ø ) (SL, { SSD }) (10, { IP }) (ISL, { IP }) (10, { ID }) Production code Production data Software tools System programs (ISP, { IP, ID }) System programs in (ISL, { ID }) modification System and application logs (АМ, ( арpropriate…

Within the context of Network/Information security, AAA stands for: a. Authentication, Authorization, Accounting b. Accessibility, Availability, Accountability c. Accounting, Accreditation, Authorization d. Authorization, Access Control, Availability

A health care centre suffers from very low information security in terms of maturity across many elements of infosec and information assurance, including cyber resilience and application of cybersecurity good practice. Patients expect a high level of protection of their data; however, data breaches can put the reputation of the institute at risk. It is highly recommended that a certain level of filtering is imposed for the network to be secure so as to sustain from threats and attacks. Let us assume that you are hired by the health care centre to develop an information security plan to identify the possible threats to the organization. For example, it is necessary to identify the important services (e.g., website, booking portal, electronic health equipments…) that the healthcare centre is running. The criteria that you need to address based on the given scenario is summarized into two parts: Part A: 1. Assessing the current risk of the entire business 2. Treat the Risk as much as…

How do avoiding and preventing deadlock differ?

"Why are authorization lists so sensitive to unauthorised alteration that they need to be encrypted and protected? What kind of damage could take place if these files were altered in an unanticipated or unexpected way?

SCENARIO 1: You have just completed a routine security audit on the company’s information systems, and you found several areas of vulnerability. For example, file permissions have not been updated in some time, no comprehensive password policy exists, and network traffic is not fully encrypted. You noted these areas, among others, in a report to your supervisor. The report included specific recommendations to fix the problems. Your supervisor responded by saying that budgets are tight right now, and she could not approve your requests to resolve these issues. As an IT professional, you are very uncomfortable with the risk level, but you have been unable to sway your supervisor. When you discussed the situation with a colleague, he said, “Why worry about it? If it’s good enough for her, it should be good enough for you.” What do you think of your colleague’s advice, and why? Is this an ethical question? If you are still is uncomfortable, what are your options? SCENARIO 2: You work for a…

What is DDOS attack?  If two conties have conflicts, affects of DDOS on the country being attacked and country attacking BOTH.    **NOTE: It has to be in your own words.

Question 5 (practical): A government agency where you are currently employed has claimed that one of their servers has been slowed. The primary responsibility of this server is to provide web-based access to internal users. They captured network traffic after some investigation to aid in the analysis of any suspicious activities. In addition, they agency asked you as the cybersecurity expert to do this job by analyzing the captured network traffic. You should examine the file "MCBS.pcap". Then you may be required to answer the following questions. a) Type of attack b) IP address of sender c) IP address of recipient/server d) Which port number(s) used? e) Any suggestion to mitigate?

The distinction between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS) is as follows: NIPS can react to an assault far faster than other types of defenses. Attacks are more useful when they are detected by an NIDS. b Because it makes use of protocol analysis, an NIPS is considerably slower. Due to the fact that NIDS and NIPS are both equal, there is no difference.

Assume that a self-driving, software-driven (for example the “Tesla”) car connects to conventional computer networks for communication and update purposes. (a) Explain how the Separation of Duty principle could be applied to prevent an attacker from installing a malware program on the software within the car. Include any limitations to your approach. (b) Next, Bob has a special mobile application that communicates wirelessly with his car using keystream xor encrypted messages, and Bob’s spouse happens to use the same application on a separate device. Notably, the application uses the same keystream bits for both Bob and his spouse, since they both use the car. Explain any attacks you can conceive against their car keys/car.