New Semester
Started
Get
50% OFF
Study Help!
--h --m --s
Claim Now
Question Answers
Textbooks
Find textbooks, questions and answers
Oops, something went wrong!
Change your search query and then try again
S
Books
FREE
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Tutors
Online Tutors
Find a Tutor
Hire a Tutor
Become a Tutor
AI Tutor
AI Study Planner
NEW
Sell Books
Search
Search
Sign In
Register
study help
computer science
principles of information security
Principles Of Information Security 7th Edition Michael E. Whitman, Herbert J. Mattord - Solutions
I. Define how IP Security (IPSec) is the cryptographic authentication and encryption product of the IETF’s IP Protocol Security Working Group. Emphasize that this protocol is used to create virtual private networks (VPNs) and is an open framework for security development within the TCP/IP family
I. Describe the purpose of PGP and its benefit of being a hybrid cryptosystem to storing and maintaining information. Note that this system uses some of the best available cryptographic algorithms to become the open-source de facto standard for encryption and authentication of e-mail and file
I. Analyze what Bluetooth is and its importance as being a short-range wireless communication option between devices within a 30-foot range without the addition of security controls implemented.II. Diagnose the two ways that Bluetooth enabled devices can be secure. Those are turning it off or not
I. Describe in detail what the purpose of a Robust Secure Network (RSN) is and why it is important to use as more devices and systems go online for organizations.II. Summarize the RSN protocol functions as provided in the text:• The wireless network interface card (NIC) sends a probe request.•
I. Define the concept of Wired Equivalent Privacy (WEP) and how it applies to information security systems and cryptography.• WEP was an early attempt to provide security with the 8002.11 network protocol.• It is now considered too cryptographically weak to provide any meaningful protection
I. Provide context of the history of Secure Socket Layer (SSL) protocol to use public-key encryption and Netscape’s intention to create secure channel over public Internet connections. This birthed the opportunity to enabling secure communications.II. Define what Hypertext Transfer Protocol
I. Explain what steganography is and how it applies to cryptography and encryption standards. Stress that this is used as a data hiding method and involves embedding information within files.II. Emphasize that the word “steganography” is derived from the Greek words,“steganos,” meaning
I. Define what a digital signature is and which type of encryption processes are used to create them (asymmetric).II. Identify the process when an asymmetric cryptographic process uses the sender’s private key to encrypt a message, the sender’s public key must be used to decrypt the
I. Examine and describe how public-key infrastructure (PKI) is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.II. Apply information in the text regarding digital certificates as public-key
I. Manage expectations that cryptographic capabilities must be embodied in tools that allow IT and information security practioners to apply the elements of cryptography in the world of information systems.II. Review some of the most widely used tools that apply the functions of cryptography to the
I. Comprehend that symmetric encryption is also known as public-key encryption.II. Explain that symmetric encryption uses a single key to encrypt and decrypt, but asymmetric encryption uses two different but related keys, one public and one private. For example, if Key A is used to encrypt the
I. Describe how symmetric encryption uses the same key, also known as a secret key, to encrypt and decrypt a message.II. Analyze the efficiency of symmetric encryption methods as they only require minimal processing to either encrypt or decrypt the message.III. Distinguish the drawback with this
I. Explain that cryptographic algorithms are often grouped into two broad categories: symmetric and asymmetric.II. Gain awareness that most cryptosystems often deploy a hybrid combination of symmetric and asymmetric algorithms.III. Review that symmetric and asymmetric algorithms can be
I. Gain awareness that a template cipher or perforated page cipher is not strictly an encryption cipher but more of an example of steganography.II. Examine that ciphering is often difficult to complete, physical in nature, and easy to detect, and its usefulness is minimal in cryptography if at all.
True or False: In the event either a public key or private key is compromised, the communication terminates as there is no way to be able to override a compromised key.
I. Define the use of a running key cipher and how it applies concepts a book cipher uses for its own decrypting messages.II. Comprehend how the mirrored layout of a table simplifies the selection of rows and columns during encryption and decryption exercises.
What term is used to describe a cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message?a. Private-key encryptionb. symmetric encryptionc. Advanced Encryption Standard (AES)d. Asymmetric encryption
I. Examine the similarities and differences between book ciphers and key ciphers and why they are important to use in cryptography and protect the organization’s information.II. Analyze how the use of text in a book can be a third way to be a key to decrypting messages (although its popularity
Which of the following is the strongest symmetric encryption cryptosystem?a. Data Encryption System (DES)b. Advanced Encryption Standard (AES)c. Triple DES (3DES)d. RSA algorithm
I. Relate that this is one of the oldest modern encryption methods still used to this day, having been a key factor in cryptography for well over 100 years (1917).II. Assemble and list the process of a Vernam cipher encryption operation:• The pad values are added to numeric values that represent
True or False: Two hundred and eighty-five computers could crack a 56-bit key in one year, whereas 10 times as many could do it in a little over a month.
I. Define the concept of an exclusive OR operation (OR) and its importance to cryptography.II. Comprehend that bit stream methods commonly use algorithm functions like the exclusive OR operation (XOR), whereas block methods can use substitution, transposition, XOR, or some combination of these
True or False: Hashing functions require the use of keys.
I. Compare and contrast the transposition cipher to the substitution cipher and explain how transposition ciphers can be more difficult to decipher using that method.II. Recall transposition ciphers can be done both at the bit level or the byte (or character) level.III. Discuss how transposition
Which of the following terms describes the process of making and using codes to secure the transmission of information?a. Algorithmb. Cryptographyc. Steganographyd. Cryptanalysis
I. Explain how in a substitution cipher you substitute one value for another.II. Describe a type of substitution based on a monoalphabetic substitution and how it only uses one alphabet whereas a polyalphabetic substitution uses at least two alphabets and are more advanced in nature.III. An
The science of encryption is known as which of the following?a. Cryptanalysisb. Steganographyc. Cryptologyd Algorithm
I. Recognize that cryptology has been around since approximately 1900 B.C. and is not a new phenomenon of the Internet.II. Review and list key dates in history critical to the transformation and growth of cryptology.III. Conclude that in 1992, encryption tools were officially listed as Auxiliary
I. Analyze the two most common methods of encrypting plaintext: bit stream and block cipher.II. Review that in the bit stream method, each bit in the plaintext is transformed into a cipher bit one bit at a time whereas the block cipher method, messages are divided into 8, 16, 32, or 64-bit blocks
Which of the following terms is used to describe the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext?a. Cipherb. Codec. Cleartextd. Key
I. Classify a common fact that an organization that spends all of its time securing the wired network and leaves wireless networks to operate in any manner is opening itself up for a security breach.II. Apply the knowledge that a security professional must be responsible for both hardwire and
I. Describe the purpose of a packet sniffer (or network protocol analyzer). These can provide a network administrator with valuable information for diagnosing and resolving networking issues.II. Stress how putting sniffers in the wrong hands results in eavesdropping on network traffic.III.
I. Identify the purpose of a vulnerability scanner and its purpose to determine security holes in a system.II. Introduce students to a class of vulnerability scanners called black-box scanners or fuzzers that look for vulnerabilities in a program by feeding random input to the program or a network
I. State how detecting a target computer’s OS is very valuable to an attacker because once the OS is known, all of the vulnerabilities to which it is susceptible can easily be determined.II. Stress that there are many tools that use networking protocols to determine a remote computer’s OS and
I. Several tools automate the remote discovery of firewall rules and assist an administrator in analyzing the rules to determine exactly what they allow and what they reject.II. Emphasize that administrators who feel wary of using the same tools that attackers use should remember:• Regardless of
I. Identify the purpose of a trap and trace system and how it can be used to trace incidents back to their sources.II. Outline the process of how a trap often works. As mentioned in the text, it usually consists of a honey pot or padded cell and an alarm. Note that while the intruders are
I. Comparative effectiveness can be achieved by the following:• Thresholds• Blacklists• Whitelists• Alert SettingsII. Direct students to the point that once implemented, IDPSs are evaluated using two dominant metrics: administrators evaluate the number of attacks detected in a known
I. Recall the purpose of a control strategy is to determine how an organization maintains and supervises the configuration of an IDPS.II. Examine the differences between centralized, partially distributed, or fully distributed strategies.• A centralized IDPS control strategy implements and
I. Understand that deploying and implementing an IDPS is often not always a straightforward task. The strategy for deploying an IDPS should consider several factors, the foremost being how the IDPS will be managed and where it should be placed.II. Review the NIST SP 800-94 Rev. 1 recommendation for
• Compensating for weak or missing security mechanisms in the protection infrastructure, such as firewalls.• Identification and authentication systems, link encryption systems, access control mechanisms, and virus.• Detection and eradication software.• Instantaneously detecting, reporting,
Analyze the strengths of an IDPS with respect to intrusion detection:• Monitoring and analysis of system events and user behaviors.• Testing the security states of system configurations.• Baselining the security state of a system and then tracking any changes to that baseline.• Recognizing
I. Examine in-depth the product features and quality of IDPSs. When asking for specific details of the system, apply the following top-level questions and sub-questions as outlined in the text:• Is the product sufficiently scalable for your environment?• How has the product been tested?• Has
Review the following key questions that should be asked with respect to the technical and policy capabilities of an IDPS.• What is your systems environment?• What are the technical specifications of your systems environment?• What are the technical specifications of your current security
I. Disseminate the following areas of information when selecting the best IDPS for the needs of an organization and processes. They include the following:• Technical and policy considerations.• Organizational requirements and constraints.• IDPS features and qualities of the system.II. Compile
I. Examine fail-safe procedures that are built into an IDPS that prevent it from being circumvented or defeated by an attacker or intrusion.II. Stress that encrypted tunnels or other cryptographic measures that hide and authenticate communications are excellent ways to ensure the reliability of the
I. Examine and disseminate how IDPS responses can be classified as an active or passive response.• An active response is one in which a definitive action is initiated when certain types of alerts are triggered.• IDPSs with passive response options simply report the information they have already
Justify the fact that with information security being a new field, it is often rife with a lack of understanding about what qualifications applicants need to fit in the roles they fill.Assess the recommendations provided with respect to how an organization can optimize their hiring practices. As
Review how once an IDPS detects an anomalous network situation, it has several options, depending on the policy and objectives of the organization that has configured it as well as the capabilities of the organization’s system.
I. Identify one of the core needs of threat intelligence is the ability for the SIEM system to analyze event data to detect anomalies or track interactions between users and places where data is stored.II. Recognize that some SIEM systems can initiate predefined defensive scripts to automatically
I. Emphasize that a SIEM system must have an ability to integrate threat intelligence services that provide current information on compromise indicators and adversary tactics, techniques, and procedures (TTP) with knowledge of organizational asset criticality and usage behaviors.II. Express the
Review the facts that SIEM systems have the capability to analyze user access and authentication activities. This, in turn, can provide alerts for suspicious behaviors and violation of policy.
I. Conclude that SIEM platforms that are properly implemented enable the ability to identify incidents and enable a process to track and respond to them.II. Recognize some SIEM systems can initiate predefined defensive scripts to automatically disrupt ongoing cyberattacks.
I. Explain the differences between a host-based IDPS and network-based IDPS.II. Recall that the main purpose of this type of IDPS is to protect the server or host’s information assets.III. Detail the following description as to what is comprised in a host-based IDPS:• A host-based IDPS (HIDPS)
I. Express concerns that on average the duration between the start of a cyber intrusion to the time it was discovered was about 56 days according to Mandiant.II. Recall that improvement in an organization’s capability to detect intrusions reduces the amount of dwell time and lessens the amount of
I. Justify the reasons why an organization turns to a SIEM as a central location to empower a security operations center (SOC) to react and identify various events against their information systems.II. Describe the process of threat intelligence and why it is a core capability of SIEM systems.III.
True or False: A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network.
I. Explain the purpose of a log file monitor (LFM) is and how it is similar and different to an NIDPS.II. Discuss how IDPS responses can be classified: active or passive. An active response is one in which a definitive action is initiated when certain types of alerts are triggered. IDPSs with
What is a network tool that collects copies of packets from the network and analyzes them?a. Footprintb. Routerc. Network trapperd. Packet sniffer
I. Justify the purpose and reasoning why this IDPS extension is beneficial to have available when detecting possible intrusions that have come into a system.II. Recall that stateful protocol analyses (SPA) rely on vendor-developed universal profiles that specify how particular protocols should and
A scanner that listens in on a network and identifies vulnerable versions of both server and client software is known as which of the following?a. Port scannerb. Active vulnerability scannerc. Snifferd. Passive vulnerability scanner
I. Compare and contrast anomaly-based detection with signature-based detection. Explain how they are similar but uniquely different when examining intrusions into an information security system.II. Review the purpose of a clipping level and why it is important to know that as a trigger that can be
Which of the following terms are used to describe organized research of the Internet addresses owned or controlled by a target organization?a. Fingerprintingb. Trappingc. Foot printingd. Tracing
I. Explain that a signature-based IDPS (also known as a knowledge-based IDPS or misuse detection) examines data traffic in search of patterns that match known signatures: preconfigured, predetermined attack patterns.II. Focus on the fact that many signature-based IDS technologies are often widely
What term is used to describe decoy systems designed to lure potential attackers away from critical systems?a. Trapb. Honeypotc. Traced. Sniffer
Analyze the three methods that often dominate detection methods and evaluate network traffic: signature-based detection, anomaly-based detection, and stateful protocol analysis.
In which IDPS control strategy are all IDPSs control functions implemented and managed in a central location?a. Centralized control strategyb. Fully distributed control strategyc. Partially distributed control strategyd. Network-based control strategy
True or False: Signature-based IDPS technology is widely used because many attacks have clear and distinct signatures.
Which of the following terms involves activities that gather information about the organization and its network activities and assets?a. Tuningb. Filteringc. Clusteringd Foot printing
The process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing false positives and false negatives is known as which of the following?a. Tuningb. Filteringc. Clusteringd. Foot printing
Establish an understanding that an IDPS serves as a deterrent by increasing the fear factor that one may be detected among would-be attackers. If attackers are aware that this in place, they are less likely to plan an attack let alone probe the system.
Which of the following is an event that triggers alarms when no actual attacks are in progress?a. Evasionb. False positivec. False attack stimulusd. False negative
I. Examine the reasons why log data should be compiled for analysis over time. This helps to examine what happened when an intrusion occurred and the motive (or reason why) as well as who may also be exposed.II. Recall that even though an IDPS may fail at an intrusion, the data and information
Which VPN technology uses leased circuits from a service provider and conducts packet switching over these leased circuits?a. Secure VPNb. Hybrid VPNc. Trusted VPNd. Transport VPN
I. Focus on the fact that the primary purpose of an IDPS is to identify and report an intrusion.II. Emphasize that IDPSs can provide triggers or clues of potential upcoming or hidden intrusions that would otherwise likely go unnoticed. This is through probing activities known as doorknob rattling
True or False: SESAME is an authentication system that is the result of a European research and development project and is similar to Kerberos.
Classify the most important reasons why an IDPS is a good tool to use to detect network intrusions.
What is used to dial every number in a configured range and checks to see if a person, answering machine, or modem picks up?a. War dialerb. Number redialerc. Modem redialerd. Incident redialer
In which mode of IPSEC is the data within an IP packet encrypted, while the header information is not?a. Process modeb. Tunnel modec. Transport moded. Encryption mode
What is the system most often used to authenticate the credentials of users who are trying to access an organization’s network via a dial-up connection?a. VPNb. RADIUSc. SEASAMEd. KDC
I. Justify the facts that organizations that had remote access systems in place were far better equipped to handle the transformation of the workplace that was the result of the pandemic.II. Critique that many organizations successfully were able to transition the workplace due to this one in a
I. Describe this phenomenon as the ability to expand an organization beyond the traditional security boundaries a firm would have in place.II. Explain the concept of “death of the perimeter” and why it is important to still have strong information system firewalls and infrastructure in
I. Discuss the concept of deperimeterization and how it applies to information security.II. Emphasize the importance of remote access to systems and how COVID-19 accelerated the need for protected connections away from the office.
I. Detail that the purpose of this mode is to encrypt all traffic that will traverse an unsecured network, and the receiving server decrypts the packet to be able to send the final address.II. Stress that the benefit of this model is that the intercepted packet never reveals anything about its true
I. Explain how in transport mode, the data within an IP packet is encrypted, but the header information is not.II. Emphasize that this allows the user to establish a secure link directly with the remote host, encrypting only the data contents of the packet. Direct learners to review Figure 8-19 for
I. Define VPN as a private and secure network connection between systems that uses the data communication capability of an unsecured and public network. VPNs are commonly used to securely extend an organization’s internal network connections to remote locations beyond the trusted network.II.
I. Detail that the Secure European System for Applications in a Multivendor Environment (SESAME), defined in RFC 1510, is the result of a European research and development project partly funded by the European Commission. SESAME is like Kerberos in that the user is first authenticated to an
I. Explain how it is a widely held view that these unsecured, dial-up connection points represent a substantial exposure to attack.II. Comprehend that an attacker who suspects that an organization has dial-up lines can use a device called a war dialer to locate the connection points.III. Illustrate
I. Discuss installing Internet connections, which requires using leased lines or other data channels provided by common carriers, and therefore these connections are usually permanent and secured under the requirements of a formal service agreement.II. Explain how, in the past, organizations
I. Describe a content filter, which is a software filter—technically not a firewall—that allows administrators to restrict access to content from within a network. It is a set of scripts or programs that restricts user access to certain networking protocols and Internet locations or restricts
I. Relate that the configuration of firewall policies can be complex and difficult. Explain how each configuration rule must be carefully crafted, debugged, tested, and sorted.II. Emphasize that when configuring firewalls, keep one thing in mind: when security rules conflict with the performance of
I. Outline the four questions that persons will need to answer to determine the best firewall for their organization and/or their needs:• Which type of firewall technology offers the right balance between protection and cost for the needs of the organization?• What features are included in the
I. Identify that hybrid firewalls combine the elements of other types of firewalls—that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways.II. Propose how, alternately, a hybrid firewall system can consist of two separate firewall devices; each is
I. Describe that an application layer firewall or application firewall, is frequently installed on a dedicated computer, separate from the filtering router, but is commonly used in conjunction with a filtering router.II. Identify how the application firewall is also known as a proxy server, since
I. Explain that packet-filtering firewalls examine the header information of data packets that come into a network. Apply Figure 8-7 as a visual illustration of a standard IPv4 packet structure.II. Relate that packet-filtering firewalls scan network data packets looking for rule compliance against
Classify firewalls and the four major categories of processing modes they fall into: packet-filtering firewalls, application layer proxy firewalls, MAC layer firewalls, and hybrids.
I. Explain that this model transitions defenses from static, network-based parameters and adjusts them to focus on authentication of users, assets, and resources. From there, they dynamically allow access based on access control rules.II. Stress that this includes environments where people bring
Discuss the Brewer–Nash Model, which is designed to prevent a conflict of interest between two parties. Point out that this model is sometimes known as a Chinese Wall.
I. Detail that the Harrison–Ruzzo–Ullman (HRU) model defines a method to allow changes to access rights and the addition and removal of subjects and objects.II. Contrast and emphasize that the Bell–LaPadula model does not allow changes, whereas this model does.III. Categorize the set of four
I. Apply that this model has three core parts: sets of objects, sets of subjects, and sets of rights.II. Outline the model’s eight primitive protection rights:• Create object• Create subject• Delete object• Delete subject• Read access right• Grant access right• Delete access
I. Compare and contrast the differences between the BLP and Biba integrity models.• Emphasize that the key difference between the two models is the integrity properties, as they accomplish a similar result as a BLP.II. Point out that it is based on the premise that higher levels of integrity are
Showing 300 - 400
of 745
1
2
3
4
5
6
7
8
Step by Step Answers
Get 50% OFF
Claim Now
