New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
computer sciences
systems analysis and design
Corporate Computer Security 4th edition Randy Boyle, Raymond Panko - Solutions
(a) What is identity management? (b) What are the benefits of identity management? (c) What is SSO? (d) Why is full SSO generally impossible? (e) What is reduced sign-on? (f) What is an identity? (g) Why is providing minimum identity data an important principle?
(a) In identity management, what are provisioning, reprovisioning, and deprovisioning? (b) Why is decentralized management desirable? (c) Why are self-service functions desirable? (d) What changes should be made through self-service functions?
(a) In what sense is identity management really just another form of risk management? (b) How can identity management reduce risk? (c) How much should companies spend on identity management?
(a) What is siting? (b) Distinguish between UPSs and electrical generators. (c) If wiring cannot be run through walls, what should be done to protect the wiring? (d) What should be done to protect laptops taken off premises? (e) What controls should be applied to off-site equipment maintenance?
(a) What special controls are required by terrorism threats? (b) Why is it necessary to prevent piggybacking? (c) What advice would you give a company about CCTV? (d) What is DumpsterTM diving? (e) How should trash bins be protected? (f) What can be done to reduce the dangers of desktop PC
(a) What are reusable passwords? (b) Why is password cracking over a network difficult to do? (c) In what two ways can password-cracking programs be used? (d) Which is safer for the cracker? Why?
(a) Why is it a problem to use the same password at multiple sites? (b) Why is it difficult to enforce a policy of using a different password at each site? (c) Why are password duration policies important? (d) What are password resets? (e) Why are password resets dangerous? (f) How can
(a) What is the book's recommended password policy for length and complexity? (b) How can password-cracking programs be used to enforce password strength policy? (c) Before you run a password-cracking program on your company's computers to check for weak passwords, what should you do?
What is the likely future of passwords?
List at least six identities for yourself that require different authentication and authorizations.
(a)Your company installs a face recognition system for door access. a) Its FRR is much worse than the vendor's claims. What might be causing this? (b) The system's FRR increases over time. What might be causing this?
Someone says that they wish to protect their desktop PC from a walk-up attacker with a password or passwords. Give them advice and reasons for your advice. This is not very short answer.
(a) Give two situations in which the risk of deception is high. (b) Give two situations in which the risk of deception is low.
Your friend wants to secure his or her desktop PC with fingerprint scanning or password access protection. Give your friend the information that he or she should know to make the decision. Consider alternatives. This is not very short answer.
What do FRRs mean when fingerprint scanning is used to secure a PC against walk-up attacks? What might produce high FRRs? Can you think of a way that this problem could be reduced in fingerprint scanning?
Some airports are installing face recognition systems to identify terrorists and criminals. About one in a million people passing through the airport is a terrorist. Suppose the FAR is about 1 percent. The FRR is about 30 percent. Is this system likely to be workable? Explain using a spreadsheet
Centralizing authentication and authorization reduces cost, improves consistency, and permits rapid provisioning and changes. List the technologies on the way toward greater centralization, beginning with stand-alone authenticators through corporate metadirectory servers.
Suppose that the probability of a false acceptance is 0.0001 per match attempt. Suppose that there are 1,000 templates in the database. What is the probability of a false acceptance in the case of verification? What is the probability of a false acceptance in the case of identification? What is the
Do you use the same password for multiple accounts? Why would this be a security risk?
Can you use foreign language wordlists?
Why do special characters (e.g., @ # $% ^ &*) make passwords difficult to crack?
Why does a change of case help make a stronger password?
How can cross-pollination of user credentials be harmful to users and businesses?
Why should businesses shift their focus from protecting their containers to protecting their data?
How can businesses mitigate the negative effects of cross-pollination between organizations?
How might the weak security practices in one organization harm other organizations?
How would two-factor authentication improve the security of user accounts?
What are some new risks facing "hyper-extended" organizations?
How could a business proactively embrace new technology in a secure manner?
a) What is a pass/deny decision? b) What type of packet does a firewall drop and log? c) What does the firewall do about packets that it suspects (but cannot prove) are attack packets? d) Why does the firewall log information about dropped packets? e) Distinguish between border firewalls and
Redo the ACL in Figure 6-10 to add rules for the following conditions. After Rule 1, create a rule that permits all connections to internal DNS servers. After the original Rule 2, create rules that permit connections to all Trivial File Transfer Protocol (TFTP) servers and that permit access to FTP
a) Why are stateful packet inspection firewalls inexpensive? b) In practice, are they fairly safe? c) Are SPI firewalls limited to SPI filtering? d) What firewall inspection mechanism do nearly all main border firewalls today use?
a) When NAT is used, why can sniffers not learn anything about the internal IP addresses of internal hosts? b) Why does NAT stop scanning probes? c) Why is NAT traversal necessary? d) Is a NAT traversal method easy to select?
a) What distinguishes an application proxy firewall from static packet filtering firewalls and SPI firewalls? b) Distinguish between proxy programs and application proxy firewalls. c) If you will proxy four different applications, how many proxy programs will you need? d) How many application
a) Do stateful packet inspection firewalls automatically do application content filtering? Explain. b) Do they have the slow speed of relay operation? c) What three advantages do application proxy firewalls have in protection that SPI firewalls with content inspection not have? d) Why are SPI
a) What filtering actions were listed to protect clients from malicious webservers? b) What filtering action was mentioned to prevent internal client misbehavior in HTTP? c) What two filtering actions were mentioned for protecting webservers from malicious clients? d) What three automatic
a) Distinguish between firewalls and IDSs. b) Why are IDS alarms often a problem? c) What is a false positive? d) What two types of filtering do IDSs use? e) Why is deep packet inspection important? f) Why is deep packet inspection processing-intensive? g) Why is packet stream analysis
a) Distinguish between IDSs and IPSs. b) Why is the attack identification confidence spectrum important in deciding whether to allow IPSs to stop specific attacks?
a) What two actions can IPSs take when they identify an attack? b) Which can be the most effective? c) Which can do the most damage?
a) What does a firewall do if it cannot keep up with the traffic volume? b) Why is this action good? c) Why is this action bad? d) Why can a firewall keep up with traffic in general but fail to do so during a major attack? e) As processing power increases in the future, what will this mean for
a) How do firewalls and antivirus servers work together? b) Are antivirus servers limited to looking for viruses? Explain. c) What may the antivirus server do after it performs filtering? d) What type of firewall does both traditional firewall filtering and antivirus filtering use?
a) Why are screening routers used in a firewall architecture? b) Why are internal firewalls desirable? c) Why is it easier to create appropriate ACL rules for server host firewalls than for border firewalls? d) How does the use of border, internal, and host firewalls provide defense in depth?
a) What is a multihomed router? b) What is a DMZ? c) Why do companies use DMZs? d) What three types of hosts are placed in the DMZ? e) Why do companies put public servers in the DMZ? f) Why do companies put application proxy firewalls in the DMZ? g) What host names does the external DNS
a) Distinguish between firewall policies and ACL rules. b) Why is creating firewall policies desirable compared to just creating a list of ACL rules? c) Create three firewall policies not listed in the text?
a) Compare firewall hardening needs for firewall appliances, vendor-provided systems, and firewalls built on general-purpose computers. b) List what centralized firewall management systems do. c) What columns does the firewall policy database described in the text contain? Be able to describe
a) What packets are usually logged in log files? b) What are the fields in the log file shown in Figure 6-25? c) In the examples given, by what field was the log file sorted? d) From the log file, what could we infer about the Echo probe attack? e) Did this attack seem to be serious? Explain.
a) How can attackers avoid the border firewall? b) How has the perimeter extended outside the site? c) How can firms react to this decline in the effectiveness of border firewall filtering?
a) Distinguish between signature detection and anomaly detection. b) What is a zero-day attack? c) Why are zero-day attacks impossible to stop with attack signatures? d) What is the promise of anomaly detection? e) Why is anomaly detection becoming critical for firewalls?
a) Is there only one firewall filtering mechanism? b) What filtering mechanisms do almost all main border firewalls use? c) Do SPI firewalls only do stateful packet inspection?
a) What are the two limitations of static packet filtering? Explain why each limitation is bad. b) For what two reasons do companies not use static packet filtering as the main filtering mechanism in border firewalls today? c) In what two secondary ways do corporations sometimes use static packet
a) What is a state? b) Are most packets part of the connection-opening state or the ongoing communication state? c) Why is the answer to Question 5b important for stateful packet inspection's efficiency? d) What is a connection? e) How is a connection between two programs on different computers
a) Give the simple stateful packet inspection firewall rule for packets that do not attempt to open connections? b) UDP is connectionless. How is it possible for an SPI firewall to handle UDP connections? c) Is SPI filtering for packets that are part of ongoing communications usually simple and
a) For stateful packet inspection firewalls, what do ingress ACLs permit in general? b) What do egress ACLs disallow in general in SPI firewalls? c) What do well-known port numbers designate? d) Is Figure 6-10 an ACL for ingress filtering or egress filtering? e) Why is Rule 2 in Figure 6-10
Given the ACL in Figure 6-10, what would the firewall do with an incoming ICMP echo message? (This will require some thought. Think about how ICMP messages are encapsulated and what field in the IP header indicates that the packet's data field contains an ICMP message)?
Modify the ACL in Figure 6-10 to permit externally initiated connections to an SNMP network management server, 60.47.3.103, and to allow both regular and SSL/TLS connections to the internal webserver 60.47.3.137 but not to other webservers?
A stateful packet inspection border firewall contains a rule that permits external connections to an internal public webserver. However, the firewall does not permit access to this server. Come up with at least two hypotheses for the cause of the problem. Describe how you would test each hypothesis?
The ACL in Figure 6-10 is in effect. A packet containing a TCP SYN segment reaches a stateful packet inspection firewall from the outside. What actions will the SPI firewall take?
The ACL in Figure 6-10 is in effect. A packet containing a TCP ACK segment reaches a stateful packet inspection firewall from the outside. What actions will the SPI firewall take? Explain.
Contrast what sniffers can learn if a company being attacked uses NAT or an application proxy server?
Most IP addresses are public, in the sense that they can appear on the public Internet. However, a few IP addresses have been designated as private IP addresses. One private IP address range is 172.16.0.0 to 172.31.255.255. Private IP addresses can only appear within a firm. In Figure 6-20,
a) Describe Policy 5 in the firewall policy database shown in Figure 6-24. b) Repeat for Policy 6. c) Repeat for Policy 7. d) Repeat for Policy 8. e) Repeat for Policy 9.
Sort the log file in Figure 6-25 by source IP address. What do you conclude from the analysis? This is not a trivial question.
A firm has the following firewall policy: Employee access to Internet servers should be unrestricted and external clients should only be able to access the firm's public webserver. The firm also has a finance server that should only be accessible to people in the finance department. The server and
Why does your computer send so many packets? Why not send just one big packet?
Could malware rename itself in order to get through a firewall? Why would this work?
Why is cyber espionage so attractive?
Why is cyber espionage difficult to prevent?
Why would nation states sponsor cyber espionage?
Why is state-sponsored espionage more concerning than traditional corporate espionage?
How could a nation protect its own corporations from cyber espionage by foreign governments?
Why are the industries mentioned in the NCIX report targets of foreign espionage?
How could outsourcing IT security functions reduce costs?
How might outsourcing IT Security functions improve security?
If you were in an industry listed as a primary target for cyber espionage, what additional steps would you take to improve the security of your company?
a) What is our definition of a host? b) Why is host hardening necessary? c) What major categories of hosts did this section mention? d) List the elements of host hardening. e) Why is it important to replace default passwords during configuration? f) What is a security baseline, and why is it
a) What Windows snap-in is used to manage users and groups? b) On which MMC is this snap-in available? c) In this snap-in, if the administrator clicks on an account, what may he or she do? d) How does the administrator create a new account? e) How does an administrator add an account to a
a) What privileges does the super user account have? b) What is the super user account in Windows? c) What is the super user account in UNIX? d) What is hacking root, and why is it desirable to hackers? e) When should a Windows systems administrators use the Administrator account? f) How does
a) How are permissions applied to a directory in Windows? b) List each standard Windows privilege and explain it briefly. c) To how many accounts and groups can different permissions be applied in Windows? d) How can inheritance reduce labor costs in assigning permissions? e) How can
a) What are the three UNIX permissions? b) Briefly characterize each? c) Compare the number of UNIX directory and file permissions with that of Windows? d) To which three individual accounts or groups can permissions be assigned for a particular directory in UNIX? e) How does the number of
a) What is brute-force password guessing? b) Why is it important to not simply use all lowercase letters in passwords? c) What are complex passwords? d) Why is password length important? e) What is a dictionary attack? f) Why are dictionary attacks faster than brute-force guessing? g) What are
a) What are rainbow tables? b) How would rainbow tables reduce the time needed to crack a password? c) Would it be possible to create rainbow tables for all possible passwords with 1-20 characters? Would it be practical?
a) Can you create a truly random password? Will it be used? b) Should passwords be tested by systems administrators? Why?
a) What do Trojan horse password capture programs do? b) Can antivirus software detect keystroke capture software? c) How would you detect a physical keylogger? d) What is shoulder surfing? e) Does the shoulder surfer have to read the entire password to be successful? Explain.
a) Why is vulnerability testing desirable? b) What two things does vulnerability testing software do? c) Why is it important to get approval in writing before conducting a vulnerability test? d) What two things should this written approval specifically mention? e) Why is it important never to
What different baselines does a company need for its client PCs?
a) What is cloud computing? b) How do cloud computing and mainframe architectures differ? c) How do cloud computing and client-server architectures differ? d) What are the advantages of cloud computing? e) Which security concerns are specific to cloud computing? Why? f) How could attackers use
a) How can you quickly assess the security posture of your Windows PC? b) What provides a quick summary of security components needed to harden a client PC? c) Why are multiple types of protection necessary?
a) What SPI firewall has come with client version of Windows since Windows XP SP2? b) What improvements come with Windows Firewall with Advanced Security?
What can go wrong with antivirus protection?
a) Why is it important to implement security policy? b) What are the advantages of implementing password policies? c) What are the advantages of implementing account policies? d) What are the advantages of implementing audit policies?
a) What are the three dangers created by notebook computer loss or theft? b) When should backup be done for mobile computers? c) What four policies are necessary to protect sensitive information? d) To what should these policies be applied? e) What training should be provided? f) What does
a) Why is central PC security management desirable? b) Why are standard configurations attractive? c) What does NAC do when a computer attempts to connect to the network? d) If a PC fails its initial health assessment, what are a NAC system's two options? e) Does NAC control usually stop after
a) What is the name of Microsoft's server operating system? b) What security protections do recent versions of this operating system offer? c) Why is Microsoft Windows Server easy to learn? d) What are MMCs? (Do not just spell out the acronym.) e) On what object does an icon bar icon operate?
a) Why is UNIX systems security difficult to describe generally? b) Distinguish between UNIX and Linux. c) What is the LINUX kernel? d) What is a LINUX distribution? e) Comment on the cost of Linux. f) Does a particular version of UNIX have a single user interface? g) What are UNIX CLIs
a) What is a vulnerability? b) What is an exploit? c) What is a zero-day attack? d) Why is the quick application of critical fixes important?
a) List the four types of fixes for vulnerabilities. b) Distinguish between work-arounds and patches. c) What is a service pack in Microsoft Windows? d) Why is upgrading to a new version of an operating system usually good for security?
a) In Windows Server 2003 and 2008, how automatic can patching be? b) What patch downloading method is commonly used in Linux?
a) Why do firms have a difficult time applying patches? b) Why do many firms prioritize patches? c) How do patch management servers help? d) What two risks does patching raise?
Give two reasons why assigning security measures to groups is better than assigning security measures to individuals within groups?
Why do you think companies often fail to harden their servers adequately?
Showing 2900 - 3000
of 3385
First
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Step by Step Answers
Get 50% OFF
Claim Now
.png)
