TU Wien:Introduction to Security VU (Weippl)/Prüfung 2011-06-07 (Mid-Term retake)

Retake exam der ersten Prüfungsphase im SS2011 (Kapitel 1-9). In Klammer die Punkte.

Fragen[Bearbeiten | Quelltext bearbeiten]

• What are the main Objectives in Computer Security? (2)

 preserve the integrity, availability and confidentiality of information system resources (?)

• What are the two principal requirements for the secure use of symmetric encryption? (1)

 1) strong encrpytion algorithm: attacker should be unable to decrypt ciphertext or discover the key even if he or she is in possession of cipher-/ plaintext pairs
 2) Sender and receiver must have obtained copies of the secret key in a secure fashion and must keep the key secure

• What is a Digital Signature? (2)

 A mechanism for authenticating a message. the sender encrypts the message with his private key.  
 So if a message is decrpyted with the senders public key it is assured that he or she sent the message

• In general terms, what are four means of authenticating a user's identity? (2)

 By something the user knows (e.g. passwords), possesses (smartcards), is (static biometrics - thumbprint), does (dynamic biometrics - signature)

• Which attacks against passwords do you know? Name and briefly describe three (2)

 Offline dictionary attack: ... The attacker obtains the system password file and compares the password hashes against hashes of commonly used passwords
 Specific account attack: The attacker targets a specific account and submits password guesses until the correct password is discovered. 
 Popular password attack: A variation of the preceding attack is to use a popular password and try it against a wide range of user IDs. 
 Password guessing against single user: The attacker gains knowledge about the account holder and system password policies and uses that knowledge to guess the password. 
 Workstation hijacking: The attacker waits until a logged-in workstation is unattended. 
 Exploiting user mistakes: written down passwords, (un-)intentionally shared password, trick the user or an account manager into revealing a password. preconfigured passwords for
 system administrators. 
 Exploiting multiple password use: different network devices share the same or a similar password for a given user. 
 Electronic monitoring: If a password is communicated across a network to log on to a remote system, it is vulnerable to eavesdropping.

• What is a "protection domain" (1)

 a set of objects with associated access rights.

• Explain the nature of the inference threat of a RDBMS. (1)

 Basically, inference occurs when users are able to piece together information at one security level to determine a fact that should be protected at a higher security level

• What are two approaches to inference prevention for a statistical database? (2)

 Query Resitriction, Only give approximative results (data perturbation, output perturbation)

• What is the difference between anomaly and signature intrusion detection? (2)

 in both cases you observe system events. 
 Anomaly intrusion detection checks for excessive event occurances in certain time intervals, or analyses deviations from past behaviour of groups/user
 Signature intr. det. applies a set of rules to decide if intruder (?)

• Explain base-rate fallacy and name an example. (2)

 Base-rate fallacy is the phenomenon that if the numbers of intrusions is low compared to the number
 of legitimate uses of a system, then the false alarm rate will be high unless the test is extremely
 discriminating. For example this is still a problem in IDS systems.

• What is a "Honey pot"? (1)

 decoy systems to devert and hold attackers to collect activity information without exposing productivity system

• How does behaviour-blocking software work? (2)

 An administrator sets acceptable software behaviour policies. A behaviour blocking software then detects suspicious code and "sandboxes" it to prevent it from proceeding.
 the administrator is notified and can decide whether to allow the code to run or not.

• What is the difference between a Rootkit and a Bot? (2)

 a bot is a software for taking over computers to use them for hard to trace attacks, rootkits are a set of programs used to gain admin access

• What types of packets are used for flooding attacks? (1)

 Any type that is not filtered - depends on network configuration.The larger the packet is, the more effective the attack.Commonly used: 
 ICMP (ping), UDP packets, TCP SYN packets. 

• Name the three design goals for a firewall. (2)

 (?) 
 all traffic must go through the firewall
 only authorized traffic is allowed to pass
 firewall itself should be immune to penetration (running on a trusted system)