Copyright Law and Permissions

Questions and Answers

Who developed the hacking exercises?

Ruben Torres

Professor Sreekanth Malladi (correct)

Lawrie Brown

Sanjay Rao

Who contributed project assignments from Columbia University?

Sanjay Rao

David Balenson

Cetin Kaya Koc

Henning Schulzrinne (correct)

What is the total number of books written by William Stallings, including revised editions?

50

30

17

42 (correct)

Who managed the reviews for the publication of the book?

Jake Warde

What award has William Stallings received 11 times?

Best Computer Science textbook of the year

Who developed the laboratory exercises that appear in the IRC?

Sanjay Rao and Ruben Torres

What is the name of the production manager involved in the publication of the book?

Rose Kernan

Who is the author of the book who has written 17 titles and 42 books including revised editions?

William Stallings

What is the primary goal of user F in scenario 1 and 2?

To gain unauthorized access to computer E

What happens when user F intercepts the message in scenario 1?

The message is altered and then forwarded to computer E

What is the result of user F's actions in scenario 2?

Computer E updates its authorization file accordingly

What is the primary purpose of symmetric encryption?

To conceal the contents of blocks or streams of data of any size

What is the vulnerability exploited in scenario 4?

Message delay

What is the main focus of network and Internet security?

To deter, prevent, detect, and correct security violations

What is the outcome of the employee's action in scenario 4?

The employee is able to retrieve sensitive information

What is an example of a security violation?

User C, who is not authorized to read the file, captures a copy of the file during transmission

What is the primary concern in scenario 5?

Message authentication

What is the main purpose of the chapter 11 in the book?

Cryptography Hash Functions

What is the purpose of data integrity algorithms?

To protect blocks of data from alteration

What is the common thread among the five scenarios?

Unauthorized access to a system

Which chapter is focused on the principles of public-key cryptosystems?

Chapter 9: Public-Key Cryptography and RSA

What is the primary focus of this book?

Both cryptographic algorithms and network and Internet security

What is the purpose of the five scenarios?

To illustrate the importance of network security

What is the primary use of the Advanced Encryption Standard (AES)?

Symmetric encryption

Which protocol is used for secure web transactions?

HTTPS

What is the purpose of asymmetric encryption?

To conceal small blocks of data, such as encryption keys and hash function values

What is the purpose of the SSL/TLS protocol?

Secure web transactions

What is an example of a security service?

All of the above

What is the purpose of authentication protocols?

To authenticate the identity of entities

What is the main difference between a hash function and a digital signature?

Message authentication

What is the primary use of a digital certificate?

Authentication and verification

What is the purpose of a secure socket layer (SSL)?

Secure web transactions

What is the main advantage of using a block cipher?

Improved security

What is the primary use of a message authentication code (MAC)?

Message integrity and authenticity

What is the primary reason for a high integrity requirement for patient allergy information?

To prevent harm or death to patients and liability to the hospital

What type of website would have a moderate level of integrity requirement?

Web site with a forum for registered users

Why is availability critical for a system that provides authentication services?

To allow customers to access computing resources and staff to access critical systems

What would be the consequence of an interruption of authentication service?

Loss of employee productivity and customer loss

Why is integrity requirement low for an anonymous online poll?

Because the inaccuracy and unscientific nature of such polls is well understood

What type of website would have a moderate level of availability requirement?

Public Web site for a university

What is a critical component of a system that provides authentication services?

High availability

Why is patient allergy information assigned a high integrity requirement?

To prevent serious harm or death to patients and liability to the hospital

Study Notes

Computer Security Concepts

• Security services include:
  • Authentication
  • Access control
  • Data confidentiality
  • Data integrity
  • Nonrepudiation
  • Availability
• Focus areas of the book:
  • Cryptographic algorithms and protocols
  • Network and Internet security
• Cryptographic algorithms and protocols:
  • Symmetric encryption
    • Used to conceal blocks or streams of data of any size
    • Examples: messages, files, encryption keys, passwords
  • Asymmetric encryption
    • Used to conceal small blocks of data
    • Examples: encryption keys, hash function values, digital signatures
  • Data integrity algorithms
    • Used to protect blocks of data from alteration
    • Examples: messages
  • Authentication protocols
    • Used to authenticate the identity of entities
    • Based on the use of cryptographic algorithms

Network and Internet Security

• Measures to deter, prevent, detect, and correct security violations

• Security violations:

  • Unauthorized access to sensitive information
  • Interception of data during transmission
  • Alteration of data during transmission
  • Examples:
    • User A transmits a file to user B, but user C is able to monitor and capture the file
    • A network manager, D, transmits a message to a computer, E, under its management### Network Security Violations

• User F intercepts a message, alters its contents, and forwards it to computer E, which accepts the message as coming from manager D and updates its authorization file.

• User F constructs a message with desired entries and transmits it to computer E as if it had come from manager D.

• An employee is able to intercept a message to invalidate their account, delay it, and make a final access to the server to retrieve sensitive information.

Asset Integrity

• Patient allergy information is an example of an asset with a high requirement for integrity, as inaccurate information could result in serious harm or death to a patient.
• A Web site with a forum for registered users is an example of an asset with a moderate level of integrity requirement, as falsified entries or defacement could result in some data, financial, and time loss.
• An anonymous online poll is an example of an asset with a low integrity requirement, as the inaccuracy and unscientific nature of such polls is well understood.

Availability

• The level of availability required is higher for critical components or services, such as a system that provides authentication services for critical systems, applications, and devices.
• Interruption of such a service results in a large financial loss in lost employee productivity and potential customer loss.
• A public Web site for a university is an example of an asset that would typically be rated as having a moderate availability requirement, as it provides information for current and prospective students and donors.

Description

This passage is about copyright laws and obtaining permissions for reproduction, storage, and transmission of copyrighted materials.