42 Questions
Who developed the hacking exercises?
Professor Sreekanth Malladi
Who contributed project assignments from Columbia University?
Henning Schulzrinne
What is the total number of books written by William Stallings, including revised editions?
42
Who managed the reviews for the publication of the book?
Jake Warde
What award has William Stallings received 11 times?
Best Computer Science textbook of the year
Who developed the laboratory exercises that appear in the IRC?
Sanjay Rao and Ruben Torres
What is the name of the production manager involved in the publication of the book?
Rose Kernan
Who is the author of the book who has written 17 titles and 42 books including revised editions?
William Stallings
What is the primary goal of user F in scenario 1 and 2?
To gain unauthorized access to computer E
What happens when user F intercepts the message in scenario 1?
The message is altered and then forwarded to computer E
What is the result of user F's actions in scenario 2?
Computer E updates its authorization file accordingly
What is the primary purpose of symmetric encryption?
To conceal the contents of blocks or streams of data of any size
What is the vulnerability exploited in scenario 4?
Message delay
What is the main focus of network and Internet security?
To deter, prevent, detect, and correct security violations
What is the outcome of the employee's action in scenario 4?
The employee is able to retrieve sensitive information
What is an example of a security violation?
User C, who is not authorized to read the file, captures a copy of the file during transmission
What is the primary concern in scenario 5?
Message authentication
What is the main purpose of the chapter 11 in the book?
Cryptography Hash Functions
What is the purpose of data integrity algorithms?
To protect blocks of data from alteration
What is the common thread among the five scenarios?
Unauthorized access to a system
Which chapter is focused on the principles of public-key cryptosystems?
Chapter 9: Public-Key Cryptography and RSA
What is the primary focus of this book?
Both cryptographic algorithms and network and Internet security
What is the purpose of the five scenarios?
To illustrate the importance of network security
What is the primary use of the Advanced Encryption Standard (AES)?
Symmetric encryption
Which protocol is used for secure web transactions?
HTTPS
What is the purpose of asymmetric encryption?
To conceal small blocks of data, such as encryption keys and hash function values
What is the purpose of the SSL/TLS protocol?
Secure web transactions
What is an example of a security service?
All of the above
What is the purpose of authentication protocols?
To authenticate the identity of entities
What is the main difference between a hash function and a digital signature?
Message authentication
What is the primary use of a digital certificate?
Authentication and verification
What is the purpose of a secure socket layer (SSL)?
Secure web transactions
What is the main advantage of using a block cipher?
Improved security
What is the primary use of a message authentication code (MAC)?
Message integrity and authenticity
What is the primary reason for a high integrity requirement for patient allergy information?
To prevent harm or death to patients and liability to the hospital
What type of website would have a moderate level of integrity requirement?
Web site with a forum for registered users
Why is availability critical for a system that provides authentication services?
To allow customers to access computing resources and staff to access critical systems
What would be the consequence of an interruption of authentication service?
Loss of employee productivity and customer loss
Why is integrity requirement low for an anonymous online poll?
Because the inaccuracy and unscientific nature of such polls is well understood
What type of website would have a moderate level of availability requirement?
Public Web site for a university
What is a critical component of a system that provides authentication services?
High availability
Why is patient allergy information assigned a high integrity requirement?
To prevent serious harm or death to patients and liability to the hospital
Study Notes
Computer Security Concepts
- Security services include:
- Authentication
- Access control
- Data confidentiality
- Data integrity
- Nonrepudiation
- Availability
- Focus areas of the book:
- Cryptographic algorithms and protocols
- Network and Internet security
- Cryptographic algorithms and protocols:
- Symmetric encryption
- Used to conceal blocks or streams of data of any size
- Examples: messages, files, encryption keys, passwords
- Asymmetric encryption
- Used to conceal small blocks of data
- Examples: encryption keys, hash function values, digital signatures
- Data integrity algorithms
- Used to protect blocks of data from alteration
- Examples: messages
- Authentication protocols
- Used to authenticate the identity of entities
- Based on the use of cryptographic algorithms
- Symmetric encryption
Network and Internet Security
-
Measures to deter, prevent, detect, and correct security violations
-
Security violations:
- Unauthorized access to sensitive information
- Interception of data during transmission
- Alteration of data during transmission
- Examples:
- User A transmits a file to user B, but user C is able to monitor and capture the file
- A network manager, D, transmits a message to a computer, E, under its management### Network Security Violations
-
User F intercepts a message, alters its contents, and forwards it to computer E, which accepts the message as coming from manager D and updates its authorization file.
-
User F constructs a message with desired entries and transmits it to computer E as if it had come from manager D.
-
An employee is able to intercept a message to invalidate their account, delay it, and make a final access to the server to retrieve sensitive information.
Asset Integrity
- Patient allergy information is an example of an asset with a high requirement for integrity, as inaccurate information could result in serious harm or death to a patient.
- A Web site with a forum for registered users is an example of an asset with a moderate level of integrity requirement, as falsified entries or defacement could result in some data, financial, and time loss.
- An anonymous online poll is an example of an asset with a low integrity requirement, as the inaccuracy and unscientific nature of such polls is well understood.
Availability
- The level of availability required is higher for critical components or services, such as a system that provides authentication services for critical systems, applications, and devices.
- Interruption of such a service results in a large financial loss in lost employee productivity and potential customer loss.
- A public Web site for a university is an example of an asset that would typically be rated as having a moderate availability requirement, as it provides information for current and prospective students and donors.
This passage is about copyright laws and obtaining permissions for reproduction, storage, and transmission of copyrighted materials.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free