DIPLOMA OF INFORMATION TECHNOLOGY
(SYSTEMS ADMINISTRATION) ICA50199
COMPUTER NETWORKS (SECURITY)
ICAITAD052B Design IT security framework
ICAITAD053B Design system security and controls
ICAITAD056B Prepare disaster recovery/contingency plans
ICAITS118B Manage system security
ICAITS124B Monitor and administer network security
ASSESSMENT TESTS
THEORY ASSESSMENT (SUMMATIVE)
Part 1 - mid session
(WEIGHTING ON THEORY ASSESSMENT 0.3)
15 MINUTES READING TIME
ALL QUESTIONS MUST BE ATTEMPTED
TIME LIMIT 3 HOURS (OPEN BOOK)
THEORY ASSESSMENT (SUMMATIVE) 1
Part 1 - mid session 1
(WEIGHTING ON THEORY ASSESSMENT 0.3) 1
15 MINUTES READING TIME 1
ALL QUESTIONS MUST BE ATTEMPTED 1
TIME LIMIT 3 HOURS (OPEN BOOK) 1
Question 1a (Eave Dropping) 3
Question1b Eave Dropping 3
Question 2 Encryption Systems 3
Question 3 on Secure Socket Layer (SSL) 3
Question 4 on Hashing Algorithms 4
Question 5 on an Example of a Symmetric Cryptosystem 4
Question 6 on an Example of an Asymmetric Cryptosystem 5
Question 7 on Authentication 5
Question 8 on Digital Signature Algorithm (DSA) and Digital Signature Standard (DSS) 5
Question 9 on the Public Key Calculation of Digital Signature Algorithm (DSA) 5
Question 10 on factors in choosing the Cryptosystems for your Security System 5
Question 11 on the trustworthiness of Certificates as part of the security control system 6
Question 12 on using the tools in a security control system 6
THEORY ASSESSMENT (SUMMATIVE) 7
Part 2 – final 7
(WEIGHTING ON THEORY ASSESSMENT 0.3) 7
15 MINUTES READING TIME 7
ALL QUESTIONS MUST BE ATTEMPTED 7
TIME LIMIT 3 HOURS (OPEN BOOK) 7
Question 1 on Threat Modeling 8
Question 2 on Defense in Depth 8
Question 3 on ‘Defense in Depth’ Models 8
Question 4 on Host Intrusion Detection Systems 8
Question 5 on Network Intrusion Detection Systems 8
Question 6 on Internet Protocol Security (IPSec) 8
Question 7 on Firewall Architectures 9
Question 8 on Firewall Products 9
Question 9 on Building Firewalls 9
Question 10 on Securing the Accounts 9
Question 11 on Security Problem with Disk Formats 10
Question 12 on Recommendation following Security Risk Assessment 10
Question 13 on Privacy Issues in Designing the Security Plan 14
Question 14 on Purpose and Scope for a Disaster Recovery and Contingency Plan 14
Question 15 on the goals for a Contingency Plan 14
Question 16 on Business Disaster Planning Project 14
Question on Operational Risk 15
Question 17 on Standards for Designing a Security Management System 15
Question 18 on AS/NZS BS 7799 15
THEORY ASSESSMENT (SUMMATIVE) 16
part 3 – Assignment 16
(WEIGHTING ON THEORY ASSESSMENT 0.4) 16
Assignment on Blind SQL Injection 16
Question 1a (Eave Dropping)
Describe eavesdropping and countermeasures against eavesdroppers.
Question1b Eave Dropping
An area that eaves droppers are exploiting is the use of light as a medium to breach security systems. Briefly discuss countermeasures against the new technique.
Question 2 Encryption Systems
Most computer encryption systems belong in one of two categories:
• Symmetric-key encryption
• Public-key encryption
Discuss these two categories
Question 3 on Secure Socket Layer (SSL)
Discuss the background to SSL and its role in transmission of sensitive data.
Question 4 on Hashing Algorithms
1. Discuss the role of hashing in data encryption
2. Calculate the number of possible combinations of a 40 bit and a 128 bit hash value.
Question 5 on an Example of a Symmetric Cryptosystem
Discuss an example of Symmetric Cryptosystem for security management
Note: The meaning of XOR, EOR or Exclusive OR - A Boolean operator that returns a value of TRUE only if both its operands have different values. Contrast with the inclusive OR operator, which returns a value of TRUE if either of its operands is TRUE. Whereas an inclusive OR can be translated "this, that, or both," an exclusive OR means "this or that, but not both." reference @http://mathworld.wolfram.com/XOR.html
The binary XOR operator has the following truth table.
A B
T T F
T F T
F T T
F F F
Question 6 on an Example of an Asymmetric Cryptosystem
Discuss an example of an Asymmetric Cryptosystem for security management
Question 7 on Authentication
Describe the nature of authentication and its relation to system security.
Question 8 on Digital Signature Algorithm (DSA) and Digital Signature Standard (DSS)
Describe the nature of Digital Signature Algorithm (DSA) and Digital Signature Standard (DSS)
Question 9 on the Public Key Calculation of Digital Signature Algorithm (DSA)
The private key in DSA is a number X. is known only to the signer, how are the four numbers of the public key derived?
Question 10 on factors in choosing the Cryptosystems for your Security System
What are the factors that you will need to consider in choosing the Cryptosystems for your Security System?
Question 11 on the trustworthiness of Certificates as part of the security control system
Discuss the trustworthiness of Certificates in its use as part of the security control system.
Question 12 on using the tools in a security control system
Discuss the use of the three tools: symmetric cryptography, asymmetric cryptography, and digital signatures in the design of a security control system
DIPLOMA OF INFORMATION TECHNOLOGY
(SYSTEMS ADMINISTRATION) ICA50199
COMPUTER NETWORKS (SECURITY)
ICAITAD052B Design IT security framework
ICAITAD053B Design system security and controls
ICAITAD056B Prepare disaster recovery/contingency plans
ICAITS118B Manage system security
ICAITS124B Monitor and administer network security
THEORY ASSESSMENT (SUMMATIVE)
Part 2 – final
(WEIGHTING ON THEORY ASSESSMENT 0.3)
15 MINUTES READING TIME
ALL QUESTIONS MUST BE ATTEMPTED
TIME LIMIT 3 HOURS (OPEN BOOK)
Question 1 on Threat Modeling
List steps to model and respond to threats to your business computer system.
Question 2 on Defense in Depth
List a 7 layer Defense in Depth Model that you use to examine your system to design your security framework. Give countermeasure systems of each layer.
Question 3 on ‘Defense in Depth’ Models
In designing your security defense for the system, you can have different layers, list the layers in a 2, 5, 8 layer model.
Question 4 on Host Intrusion Detection Systems
Most organizations build a layered defense that combines NIDS with Host Intrusion Detection Systems (HIDS). A HIDS monitors on what's happening on its computing platform, detecting and alerting you to signs of attack like overwriting or deletion of system files, suspicious processes, and unusual user activity. What type of vendor products have you come across in your information gathering of current security products?
Question 5 on Network Intrusion Detection Systems
Describe what a network intrusion detection system is. Comment on its role and fit in a security defense system.
Question 6 on Internet Protocol Security (IPSec)
Describe the nature of “IPSec”. Comment on its role and fit in a security defense system.
Question 7 on Firewall Architectures
In designing your firewall, there are a number of architectures that are in use. The following list is some of them:
• Screening Router
• Dual-homed Host
• Screened Host
• Screened Subnet
Draw up these firewall architectures.
Question 8 on Firewall Products
For you to specify the firewall in your security design, you need to investigate firewall products. You may come across products used in the current system that are redundant. The following is a sample list of firewall products used in both small and large systems:
• Cisco Centri
• ConSeal
• EMD Armor
• Check Point FireWall-1
• CyberwallPLUS
• SATAN
Briefly give a summary of one of them.
Question 9 on Building Firewalls
What are the considerations when building your firewall?
Question 10 on Securing the Accounts
Microsoft Windows Server 2003 has a number of built-in user accounts that you cannot delete but can rename. Two of the most well known built-in accounts in Windows Server 2003 are the Guest and Administrator accounts. There is vulnerability with these accounts.
The Guest account is disabled by default on member servers and domain controllers. Do not change this setting. Rename the built-in Administrator account and alter the description to prevent attackers from compromising a remote server using a well-known name.
Many variations of malicious code use the built-in administrator account in an initial attempt to compromise a server. The value of this configuration change has diminished over the past few years since the release of attack tools that attempt to break into the server by specifying the security identifier (SID) of the built-in Administrator account. A SID is the value that uniquely identifies each user, group, computer account, and logon session on a network. It is not possible to change the SID of this built-in account.
Use a countermeasure to tackle this vulnerability.
Question 11 on Security Problem with Disk Formats
The NTFS setting partitions support Access Control Lists (ACLs) and, optionally, encryption - via the Encrypting File System (EFS) - at the file and folder levels. This support is not available with the file allocation table (FAT), FAT32, or FAT32x file systems. FAT32 is a version of the FAT file system updated to permit significantly smaller default cluster sizes and support hard disks of up to two terabytes in size. FAT32 is included in Microsoft Windows 95 OSR2, Windows 98, Windows Me, Windows Server 2003, and Windows XP. The vulnerability is that files you cannot protect with ACLs can be easily viewed, changed or deleted by unauthorized users who can access them locally or over the network. ACLs help to protect these files, but encryption provides much more protection and is a viable option for files that only need to be accessible to a single user. What is the countermeasure to overcome this vulnerability?
Question 12 on Recommendation following Security Risk Assessment
An effective risk management process is an important component of a successful IT security program. The main goal of a security plan is to ensure the following areas are properly controlled:
• Confidentiality of information
• Data (or information) integrity
• Availability of information
The Assessment below is the first step into getting to know the type of information handled by your department and the type of security needed to protect these IT assets as they relate to confidentiality, integrity and availability.
Indicators: Probability (or the likelihood of an occurrence) and Impact (or the effect of an occurrence) will relate to security recommendations for your systems.
Confidentiality risk refers to the impact of unauthorized access to information assets, such as client information, passwords, computer hardware, research data, financial data and marketing and product data.
Security Rating Grid concerning the following factors: Probability; Impact; Security Level
(Probability + Impact = Security Level) ------------------------------- Equation (a)
1. Risk to Confidentiality of Information
If you store sensitive information, sensitive research data, or other confidential information, first of all, you need to know the probability or likelihood that it will be compromised and, secondly, if compromised, what is its impact.
You can rate these two factors as:
Probability
High
Medium
Low
Impact
High
Medium
Low
Using Equation (a), the security level rating can be any of the following:
High + High = High level security
High + Medium = High level security
High + Low = Medium level security
Medium + High=High level security
Medium + Medium = Medium security
Medium +Low = Medium level security
Low + High = Medium level security
Low + Medium = Medium security
Low + Low = Low level security
2. Risk to Data (or information) integrity
Data integrity risk addresses the impact if inaccurate data is used to make inappropriate business or management decisions. The risk also addresses the impact if customer information such as account balances were incorrect or if inaccurate data is used in research or sent to a sponsoring agency. The release of inaccurate data to customers, regulators, shareholders and the public could lead to a loss of business, possible legal action or public embarrassment.
You can rate the Probability and Impact factors as:
Probability
High
Medium
Low
Impact
High
Medium
Low
Using Equation (a), the security level rating can be either of the following:
High + High = High level security
High + Medium = High level security
High + Low = Medium level security
Medium + High=High level security
Medium + Medium = Medium security
Medium +Low = Medium level security
Low + High = Medium level security
Low + Medium = Medium security
Low + Low = Low level security
3. Risk to making information available
Availability or business disruption risk considers the impact if the function or activity was rendered inoperative due to a system failure, or a disaster situation. If you are highly dependent upon access to your data (5x8 or 24x7) you need to estimate the probability of loss of access during those time slots.
Additionally, if you suffer from a loss of access for say, greater than 4 hours, you need to consider the impact on your business.
You can rate the Probability and Impact factors as:
Probability
High
Medium
Low
Impact
High
Medium
Low
High + High = High level security
High + Medium = High level security
High + Low = Medium level security
Medium + High = High level security
Medium + Medium = Medium security
Medium + Low = Medium level security
Low + High = Medium level security
Low + Medium = Medium security
Low + Low = Low level security
For the three factors:
1. Confidentiality of information
2. Data (or information) integrity
3. Availability of information
What will your recommendation be if the rating is
(1) low
(2) medium
(3) high ?
Question 13 on Privacy Issues in Designing the Security Plan
Discuss issues on privacy legislation in designing your security plan.
Question 14 on Purpose and Scope for a Disaster Recovery and Contingency Plan
Discuss the purpose and scope for a disaster recovery and contingency plan as part of your security plan.
Question 15 on the goals for a Contingency Plan
Discuss the goals of a contingency plan.
Question 16 on Business Disaster Planning Project
Describe and discuss the phases in a Disaster Recovery Planning Project.
Question on Operational Risk
Discuss the role of security in terms of business operation risk.
Question 17 on Standards for Designing a Security Management System
List the Australian Standards that organizations can use for designing its Security Management and Control Plan. Give a brief description for each standard.
Question 18 on AS/NZS BS 7799
For the security standard “AS/NZS BS 7799”, list the areas in security that it covers.
DIPLOMA OF INFORMATION TECHNOLOGY
(SYSTEMS ADMINISTRATION) ICA50199
COMPUTER NETWORKS (SECURITY)
ICAITAD052B Design IT security framework
ICAITAD053B Design system security and controls
ICAITAD056B Prepare disaster recovery/contingency plans
ICAITS118B Manage system security
ICAITS124B Monitor and administer network security
THEORY ASSESSMENT (SUMMATIVE)
part 3 – Assignment
(WEIGHTING ON THEORY ASSESSMENT 0.4)
This is a take home test which must be completed within 2 Weeks.
NOTE:
No collaboration is permitted on the take-home assignment. It is a completely individual assignment.
You may discuss the problem set material with others. You must, however, write up your solutions independently.
If you do collaborate, acknowledge your collaborators in the write-up. If you obtain a solution with help (e.g., through library work or a friend), acknowledge your source and write up the solutions on your own. In most of your solutions, we will expect to see citations.
You may use any reference material to complete your homework assignments, including material on the Internet. You must remove any possibility of someone else's work from being misconstrued as yours.
Assignment on Blind SQL Injection
Investigate and describe the nature of Blind SQL Injection, describe a method that you can use to test if your system is vulnerable and what countermeasures that you can take.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment