Chapter 12
What kind of entity issues a certificate?
A certificate authority.
List the basic elements of public key infrastructure.
Encryption techniques, digital certificates, certificate authorities, public key generation, storage, and management.
What are the basic ingredients of public key infrastructure?
Encryption techniques, digital certificates, certificate authorities, public key generation, storage, and management.
What are the advantages of having a security policy in place?
Everyone, employees, management, external users know the score.
One feature of a firewall is its ability to stop an outgoing IP packet, remove the real IP address, insert a "fake" IP address, and send the packet on its way. How does this feature work? Do you think it would be effective?
Firewall keeps a table of fake IP addresses, pulls out real address and inserts a fake one. This is usually an effective technique.
How does an intrusion detection system work?
It watches for someone trying to attack a system and either alerts an administrator and/or begins to close-out portions of the system.
Give a common example of an application that uses Secure Sockets Layer/ Transport Layer Security.
Sending your credit card information over the Internet is very common.
You are using a web browser and want to purchase a music CD from an electronic retailer. The retailer asks for your credit card number. Before you transfer your credit card number, the browser enters a secure connection. What sequence of events created the secure connection?
Server sends your browser a certificate, your browser selects an algorithm and creates a private key, browser encrypts its private key with server's public key, browser sends encrypted private key back to server.
You have a computer at home with a wireless NIC and wireless router. List all the security measures that should be employed so that your home network is secure.
Set up a firewall to block illegal port access Turn on and use best encryption available on router Install anti-spyware, anti-spam, anti-virus software
What is the major weakness of a password? What is its major strength?
Someone else can discover it. Easy to pick a difficult one and it can be changed easily and frequently.
Under what circumstances might a certificate be revoked?
Normal expiration, nonpayment of fees, security breech.
What are the three basic types of firewalls?
Packet filter, proxy server, and application layer.
What are the different techniques you can use to authenticate a user?
Passwords, badges, finger prints, voice prints, face prints, retina scan and iris print, to name a few.
You want to write a song and apply a digital signature to it so that you can later prove it is your song. How do you apply the signature, and later on, how do you prove the song is yours?
You take the song, convert it to a digital form, take the hash of the form, and apply a private key to the hash. Then you save the encrypted hash. If someone questions ownership at a later date, you decrypt the hash and rehash the song, comparing the hashes.
What is spoofing and how does it apply to a denial of service attack?
They substitute a fake IP address in the place of their IP address in the Source IP Address field of the IP header.
What is the primary responsibility of a firewall?
To keep out malicious attacks and to keep internal users from accessing certain outside services.
What is a digital signature?
A digital signature is a hash of a document that has been encrypted with a private key.
What is a ping storm, and how does it apply to a denial of service attack?
A ping storm is when a user uses the TCP/IP ping command to constantly bombard a site.
How do hackers exploit operating system vulnerabilities?
Bombards a selected site with an overwhelming number of messages.
How does a denial of service attack work?
Bombards a selected site with an overwhelming number of messages.
How can a digital certificate be used?
It can be assigned to a document so that the owner can later verify ownership.
List three forms of physical protection.
Protection from fire, heat, flooding, and theft.
What are the most common types of access rights?
Who and how. Who: user or owner, group, system, world. How: read, write, execute, print, delete, copy, rename, append.