Higher National Diploma in Information Technology

Second Year – Second Semester

IT 4003 - Computer Security

Marking Scheme
Answer 05 questions only No. of questions: 08
Duration: 03 hours No. of Pages: 03
All questions carry equal marks.

Q01
i. Define following terms with examples.
a. Security Attack
Any action that compromises the security of information owned by an
organization (3 marks)

b. Security Service
Something that enhances the security of the data processing systems and
the information transfers of an organization
Intended to counter security attacks
Make use of one or more security mechanisms to provide the service
Replicate functions normally associated with physical documents (3 marks)

a. Security Mechanism
A mechanism that is designed to detect, prevent, or recover from a security
attack (3 marks)

** Any answer given by students which contains the above idea is acceptable

ii. Security attacks can be classified into 2 categories. State them.

Passive attacks
Active attacks (2 marks)

iii. Explain how each of the above attacks is launched and the impact of them to
information systems/networks.

Both attacks are launched by using particular specialized tools developed for the
purpose of attacking itself.
Passive attacks do not damage the network/information system. The attacker uses
passive attacks to gather information on the target network or information system.
On gathering enough amount of information, he launches an active attack which
will cause substantial damage
(3 marks)
 iv. Give 3 examples for each of the above categories
Passive : Traffic analysis
Electronic eaves dropping
Wire tapping

Active : masquerade of one entity as some other

replay previous messages
modify messages in transit
denial of service

** Give marks for any other acceptable example given by the

students
(05*6=3 marks)
Q02
i. What is malicious software? (3 marks)

Software that cause damage to computers and related devices making them mal
functioning are categorized as malicious software

ii. What are the differences between spyware and adware? (4 marks)
Spyware aims at tracing and tracking users actions and data
Adware is more focused towards posting commercial purpose advertisements on
users systems

iii. “Computer viruses are very harmful types of software created by persons who has
excellent knowledge in the field of Computer Science” Do you agree with this
statement? Justify your answer (5 marks)

Yes. I agree
To create computer viruses a person should have an excellent knowledge on the
functionality and structure of all computer related devices and their coordination
within the computer systems. Therefore the people who create viruses are
absolutely experts with bad intentions

iv. “An Intrusion detection system (IDS) may be considered a more effective way of
handling security threats than a virus guard” A security expert expressed this idea to
one of his clients. Give reasons for your approval or disapproval with his opinion
(8 marks)
An intrusion detection system is more of a proactive strategy of tackling possible
threats for an information system. It is capable of scanning the environment of the
information system and pick up possible suspicious actions that may turn into
serious threats. A virus guard can only pick up one type of threat within the
system. Therefore an Intrusion detection system provides security in a wider area
than a virus guard
Q03
i. What is X-800 Security Architecture?

A security architecture for OSI that defines a systematic way of defining and
providing security requirements (3 marks)

ii. In the X-800 Architecture, a security service is defined in 5 major categories.

a. What are those categories?
 Authentication
 Access Control
 Data Confidentiality
 Data Integrity
 Non-Repudiation (5 marks)

b. Discuss how each category assures security of information.

 Authentication - assurance that the communicating entity is the one
claimed
 Access Control - prevention of the unauthorized use of a resource
 Data Confidentiality –protection of data from unauthorized disclosure
 Data Integrity - assurance that data received is as sent by an authorized
entity
 Non-Repudiation - protection against denial by one of the parties in a
communication (10 marks)

iii. State any 2 security mechanisms supported by the X-800 Architecture.

encipherment, digital signatures, access controls, data integrity, authentication
exchange, traffic padding, routing control, notarization
** accept any 2 of the above list as correct answers (2 marks)
Q04
i. Define the following terms.
ii.
a. Choke point of a network
The single point of entry and exit for the traffic coming in and going out
from the network
Except for this point there is no other entry or exit point from the network

b. Perimeter defence
Network Perimeter Defense refers to the information security whereby it
can provide enterprise-class protection and compliance for businesses of
any size.

c. Bastian host
 highly secure host system
 potentially exposed to "hostile" elements
 hence is secured to withstand this
 may support 2 or more net connections
 may be trusted to enforce trusted separation between network
connections
 runs circuit / application level gateways
 or provides externally accessible services (2x3 marks)

iii. What is a firewall?

A device designed using a combination of software and hardware to be
positioned at the entrance to a network to provide security from incoming
threats, from outside open environment

Explain the role played by a firewall in a network.

 a choke point of control and monitoring
 interconnects networks with differing trust
 imposes restrictions on network services
 only authorized traffic is allowed
 auditing and controlling access
 can implement alarms for abnormal behavior
 is itself immune to penetration
 provides perimeter defence (4 marks)
 iv. Compare and contrast a Packet Filtering firewall and a Stateful Inspection firewall.
Packet filtering firewall Stateful inspection firewall
1. simplest of components
1. examine each IP packet in
2. foundation of any firewall
context
system
3. examine each IP packet (no 2. keeps tracks of client-server
context) and permit or deny sessions
according to rules
4. hence restrict access to services 3. checks each packet validly
(ports) belongs to one
5. possible default policies better able to detect bogus packets out
a. that not expressly of context
permitted is prohibited
b. that not expressly
prohibited is permitted

(8 marks)
v. What is meant by “configuring a firewall”?
Configuring means setting up the firewall with the parameters and settings
required by the organization, to provide sufficient protection for their information,
information system and the network (2 marks)

Q05
i.
a. What is the meaning of “Authentication” in information security?
Assuring that an entity is exactly who/what it claims to be
(2 marks)
b. Briefly explain the 3 basic authentication models.
 What user has – authenticated user can be verified using an
identification number, a smart card or a password user has with him
 What user knows – verifying the user by some information he knows, a
PIN, password, etc
 What user is – verifying using one of users’ biological characteristics,
iris, retina, fingerprint, DNA,etc (6 marks)
c. What is the basic security requirement addressed by Authentication of
information?
Integrity
(2 marks)
 ii.
a. Compare and contrast Symmetric and Asymmetric Encryption.
Symmetric Asymmetric
conventional / private-key / single-key Sender and receiver both have 2 types
sender and recipient share a common of keys – public key and private key
key Public key is known by all the
all classical encryption algorithms are members of the system
private-key Private key of each member is known
was only type prior to invention of to the member only
public-key in 1970’s Private key is generated using the
key should be sent over to the public key algorithms purchased from
recipient before communication an independent certification authority
key is bulky Not necessary to send over the key to
the receiver
encryption and decryption both done If encrypted using public key,
by the same key decryption should be done using the
private key and vice-versa

(6 marks)
b. What are the differences between Block Ciphers and Stream Ciphers?
 block ciphers process messages in into blocks, each of which is then
en/decrypted
 like a substitution on very big characters
 64-bits or more
 stream ciphers process messages a bit or byte at a time when
en/decrypting
 many current ciphers are block ciphers
 hence are focus of course
(4 marks)

Q06
i.
a. Hashing is a mathematical technique, used to assure a certain essential
information security requirement. What is that?
Information integrity (2 marks)

b. Explain how hashing helps to achieve the above requirement.

The result of applying a hash function of a certain raw data would give a
unique hash code, which is unique to that particular piece of raw data. If the
data is modified or changed by some means, the hash code generated after
modification would reflect the modification. Therefore hashing can be used as
a tool to assure that a given data or information is not subjected to any
modifications, done without authority and knowledge of the owner of that
information.
 Modifications done on information without knowledge and authority of
information owner violated the integrity of information
Hashing helps to assure protecting integrity of information

ii.
a. What is a “Digital Certificate”? Why is it needed?
The Digital certificate is the legal document awarded to users of public key
algorithms, authorizing them to communicate using the keys
It gives the users proper legal authority to use public key algorithm to protect
their information in communicating with external parties (6 marks)

b. What is a Certification Authority?

The digital certificate and the public key algorithm is given to the
organization by an independent third party called the certification
authority (3 marks)

c. Give one example of a Certification Authority.

VeriSign (1 mark)

Q07
Write short notes on 5 (FIVE) of the following topics (4x5 marks)

i. Public Key Infrastructure

A PKI (public key infrastructure) enables users of a basically unsecure public
network such as the Internet to securely and privately exchange data and money
through the use of a public and a private cryptographic key pair that is obtained
and shared through a trusted authority. The public key infrastructure provides for
a digital certificate that can identify an individual or an organization and
directory services that can store and, when necessary, revoke the certificates.

ii. Data Integrity

Data integrity is an important part of information security that assures the
information is not subjected to unauthorized modifications. When information is
modified without authorization integrity is violated. When integrity is violated, a
given piece of information would not mean the same in all occasions. The
meaning of the information will be lost with integrity

iii. Distributed Denial of Service Attack

A denial of service occurs when a server is flooded with user requests which
cannot be processed by the server. When the requests are beyond the processing
capacity of the server, it does not respond. This condition is known as Denial of
Service. This is a very common security attack. When the attack is distributed from
different users, (when a number of remote clients simultaneously make the same
request in the same time, the attack is distributed) it is called Distributed Denial of
 Service attack. The distributed users of the network, who become victims of this
attack without knowledge of it, are known as Zombies

iv. Application Gateway Firewall

 use an application specific gateway / proxy
 has full access to protocol
 user requests service from proxy
 proxy validates request as legal
 then actions request and returns result to user
 need separate proxies for each service
 some services naturally support proxying
 others are more problematic
 custom services generally not supported

v. Substitution Ciphers
One of the techniques used to encrypt information, making them unintelligible to
unauthorized users. In this cipher, letters of plaintext are replaced by other letters
or by numbers or symbols
If plaintext is viewed as a sequence of bits, then substitution involves replacing
plaintext bit patterns with ciphered text bit patterns
Caesar cipher is one of the widest used substitution ciphers at present

vi. Secure Socket Layer Protocol

 transport layer security service
 originally developed by Netscape
 version 3 designed with public input
 subsequently became Internet standard known as TLS (Transport Layer
Security)
 uses TCP to provide a reliable end-to-end service
 SSL has two layers of protocols
o SSL session
 an association between client & server
 created by the Handshake Protocol
 define a set of cryptographic parameters
 may be shared by multiple SSL connections
o SSL connection
 a transient, peer-to-peer, communications link
 associated with 1 SSL session

vii. Intruder Detection Systems

Software systems that detects unauthorized access to information systems and
networks
Performs a network perimeter defense function
 Functions on the entire network, not only on the choke point, and scans the entire
network for intruder actions
Function of IDS is similar to that of an anti virus program
Scans for unauthorized actions within and around the network and prompts
messages of malicious actions
2 types of Intruder detection systems exist
a. Rules based IDS
b. Statistical anomaly IDS

viii. OSI Model

The Open Systems Interconnection model (OSI model) is a product of the Open Systems
Interconnection effort at the International Organization for Standardization. It is a way
of sub-dividing a communications system into smaller parts called layers. A layer is a
collection of conceptually similar functions that provide services to the layer above it and
receives services from the layer below it. On each layer an instance provides services to
the instances at the layer above and requests service from the layer below.

For example, a layer that provides error-free communications across a network provides
the path needed by applications above it, while it calls the next lower layer to send and
receive packets that make up the contents of the path. Conceptually two instances at one
layer are connected by a horizontal protocol connection on that layer

** The answers given are simple guidelines to the topics given. Any acceptable facts outside
the information given here, written by students can be accepted as correct answers and
marks awarded accordingly

Q08
Organizations grant employees access to their information systems, based on the role they
play within the organization and the nature of the work they handle. They use access control
software to grant access to the information system and other resources
i. Why is access control necessary? (2 marks)

To impose confidentiality, integrity and availability properly on organizational

information

ii. When obtaining access to organizational information systems, employees need to

provide the user name and the password, what is the purpose of each of these in
granting access? (2*2=4 marks)
iii.
a. User name : Identify users
 b. Password : Authenticate users

iv. “Lack of ethics and good faith in modern “Digital Society” has given rise to
concerns such as Non-repudiation and made a “Digital Monster” out of it” Do you
agree with the above statement? Give reasons for your answer. (6 marks)

Yes I agree.
Regardless of numerous security measures we can impose on the information, the
ethics and good faith of the employees and citizens of the society matters most in
the well being of the modern digital society. The technology will always be
dependent of the users to some extent. Therefore citizens of the society always
have a greater responsibility to safeguard them

v. Steganography is one of the latest technologies used in assuring information security.

Briefly explain the applications of this technology in assuring security of
information. (8 marks)

Steganography is the art and science of writing hidden messages in such a way that no
one, apart from the sender and intended recipient, suspects the existence of the message,
a form of security through obscurity.
Generally, messages will appear to be something else: images, articles, shopping lists, or
some other cover text and, classically, the hidden message may be in invisible ink between
the visible lines of a private letter.
The advantage of steganography over cryptography alone is that messages do not attract
attention to themselves. Plainly visible encrypted messages—no matter how unbreakable
—will arouse suspicion, and may in themselves be incriminating in countries where
encryption is illegal
Therefore, whereas cryptography protects the contents of a message, steganography can
be said to protect both messages and communicating parties.
Steganography includes the concealment of information within computer files. In digital
steganography, electronic communications may include steganographic coding inside of
a transport layer, such as a document file, image file, program or protocol. Media files
are ideal for steganographic transmission because of their large size. As a simple
example, a sender might start with an innocuous image file and adjust the color of every
100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not
specifically looking for it is unlikely to notice it.

END