Question 1:
(a) Comment on each of the following assets, by assigning a low, moderate, or high impact level for the loss of confidentiality, availability, and integrity, respectively. Justify your answers.
(i) An organization managing public information on its Web server.
(ii) A law-enforcement organization managing extremely sensitive investigative
(iii) A financial organization managing routine administrative information (not privacy-related information).
(b) Explain, with examples, what active attacks are and how one would counter such attacks.
Question 2:
(a) (i) Apply stream ciphering encryption technique and describe how it can be used to provide confidentiality of messages. Illustrate your answer with an example.
(ii) RC4 algorithm is a common example of stream ciphering. Briefly explain the possible strength and weakness of this algorithm.
(b) (i) Consider the following message packet;
Actual Data Timestamp Sequence Number
Suppose there is a secret key algorithm and Alice and Bob share a secret key for this algorithm. Message authentication is achieved using hash function. Discuss a possible problem scenario, given that an adversary Charles gets hold of the message and the hash function is not strong?
(ii) Apply Caesar's substitution cipher and determine the ciphertext for the message "cybersecurity", if the key is equal to 6.
Question 3:
(a) Demonstrate the TWO common approaches to providing message authentication without encryption. Illustrate your answer with the aid of appropriate diagrams.
(b) Apply public-key system (PKS) technique to describe how message authentication can be achieved. Illustrate your answer with the aid of a diagram.
Question 4:
(a) You have just been joined a company as their network administrator. As the network infrastructure is undergoing changes, you are asked to look into the possibility of implementing an intrusion detection system (IDS). Based on your initial observation, you found out that there were shortages of IT personnel as many of them have either left or retired. You got hold of some preVious information relating to the staff's profiles and system usage statistics. Management has no issue on approving the budget for the implementation of an IDS system.
(i) Based on the information given, will you be able to recommend which approach of intrusion detection system to implement or would more studies still need to be conducted. Justify your answer.
(ii) Whichever IDS approach recommended, are there any intrusions that are difficult to detect? Illustrate your answer with an example.
(b) Apply using packet filtering firewall and explain how this type of firewall can be used to provide security protection to an organization. Illustrate your answer with appropriate example.