Security in Computing IT
1 like2,631 views
1. The document discusses various topics related to security in computing and IT, including confidentiality, integrity, different types of attacks, access control, and security vulnerabilities. 2. It addresses questions about security terms like confidentiality and integrity, types of attacks like worms and SQL injection, encryption techniques, authentication methods, access control matrices, and security risks from cross-site scripting and Bluetooth. 3. Recommendations are provided for implementing secure authentication, external affirmation, addressing the cross-site scripting risk, and describing memory protection methods and network intrusion detection systems.
Security in Computing IT
- 1. Security in Computing and IT 1. Differentiate the following security terms with suitable examples: a. Confidentiality (1 Mark). b. Integrity (1 Mark). 2. Worms usually do a sweep scan technique to identify the potential victims to attack. in an IPv4 environment, how many potential victim addresses can be searched? (3 marks). 3. Decrypt the following cipher text using Caesar ciphering (with n=3 for rotation): "UHWXUA WR URPH" (3 marks). 4. Explain in detail an example in real-life whereby authentication using proof by knowledge and prrof by possession is implemented together. (5 marks). 5. Give an example of a Statistical Inference attack in a database. (3 Marks). 6. Briefly describe what the following figure illustrates: (4 Marks) Security Functionality Security 7. Differentiate between logic bomb and Trojan horse. Name one famous logic bomb and one famous trapdoor. (5 marks). 8. Below is an attack done by a hacker on a website's login page (the hacker keyed in the following in the username input box): SELECT * FROM customer WHERE username = ' ' OR 1' ' a. Explain what kind of attack is the hacker using (1 Mark). b. Assuming that the hacker's attack is successful, what is the outcome of the attack? (2 Marks). c. How can this kind of attack be prevented? (2 Marks).
- 2. Security in Computing and IT 9. You are required to implement an open source CRM system in your organization. The system is accessible via the Internet as well as internally. a. The management team requires you to implement a simple yet secure authentication mechanism to verify the identity of its users. Explain in detail your suggestion for the authentication mechanism. (4 Marks). b. The management team is also looking into the possibility of external affirmation to authenticate the legitimacy of the online communication with its suppliers. What would you suggest to make this possible? (4 marks). c. The backend database resides on a Linux platform; In order to save cost. However, the CEO of your organization is having trouble understanding how the access control mechanism works. Draw a simple access control matrix which consists of the following information in order to help the CEO understand how the mechanism works: i. The system administrator has all access control rights to the web server's configuration directory and customer table in the database. ii. The database administrator has all access control rights to the customer table in the database only. iii. Customers have read access to the customer table in the database only. (2 Marks). d. Another major concern of the management team is the fact that the system is accessible from the internet. They are very concerned with the following web application security risk (as determined by OWASP): cross-site scripting. Provide a brief security assessment for this risk. your assessment must include the following : brief description of the security risk, threat agents, attack vectors, security weakness, technical and prevention methods. (10 marks). 10. Briefly describe one memory protection method that an operating system should have (2 marks). 11. What is a Network Intrusion Detection System? (2 marks). 12. Briefly describe three Bluetooth vulnerabilities (3 Marks). 13. Mr. 'A' posted the following message on his Facebook Update section: "Working to troubleshoot a major software bug we just found." How can this information become a potential security and/or social threat? (3 Marks).