8/16/22, 8:33 AM Exam #2 https://umsystem.instructure.com/courses/118743/assignments/ XXXXXXXXXX/2 CS 5601 XXXXXXXXXXExam 2 Instructions: Read the question carefully. Some can be interpreted in...

1 answer below »
can you give me price


8/16/22, 8:33 AM Exam #2 https://umsystem.instructure.com/courses/118743/assignments/1371393 1/2 CS 5601 Exam 2 Instructions: Read the question carefully. Some can be interpreted in different ways and several can have more than one correct answer. Read through the reading material and slides provided in Canvas as all questions have been taken directly from that material. Since some of these can be answered in different ways, if you find two pieces of reference material that provides a different way of answering, pick one and be sure to include the reference. In other words, something like: , Ref. SP 800-12 Chapter 13, page XX. Use another document and be sure to number your answers CORRECTLY! Submit this to Canvas. This exam is over modules 8 through 12 and reading material assigned during these modules. All questions are 5 points each unless otherwise indicated. 1. What is the one symmetric encryption algorithm that is theoretically unbreakable? What are at least two problems with using this algorithm for all encryption purposes? 2. You’ve recommended to your organization that the building needs external security cameras at all entrances and emergency exits. However, the board is concerned with costs and only wants you to put one external camera per door. As the security person you know this isn’t a good idea. What are some arguments against a single camera per entrance? (feel free to think outside of what we discussed in class) 3. What is the best detection tool for dealing with social engineering and how to do make it work for your organization? 4. What are some of the “human attacks” we see in information security? What controls would help reduce or even mitigate EACH of these attacks? 5. Why are electronic emanations such a security concern in a high security environment? What controls would reduce the risks? 6. Which fire detection device is responsible for more false positives than other fire detection devices? 7. Of all the fire suppression choices, describe the best recommended class of fire suppression to use for a data center which is not occupied by staff? 8. What is the paradox of social engineering attacks? 9. If you are required to use a key escrow through a third party, how can you ensure that the vendor cannot use the private keys without your knowledge? (Think separation of duties). 10. Describe one condition of non-repudiation that can never be proven through digital analysis of the message sent and all logs involved. (taken from a lecture) 11. Why is opening a secure https in a new frame from a non-https frame a poor design practice? 12. What are the security goals of cryptography? 8/16/22, 8:33 AM Exam #2 https://umsystem.instructure.com/courses/118743/assignments/1371393 2/2 13. You have been requested by your organization to establish a new physical access control for the main office complex with multiple entrance and exit doors. One particular executive read an article of the strength of biometrics and is insisting that all external doors be outfitted with only a fingerprint scanner. As the Security Officer, what should you explain to the executive about this proposed security solution? (several answers come to my mind, but one will do) 14. When dealing with a large environment of users and systems needing unique encryption keys each, why would the use of purely symmetric encryption be a problem? 15. Why is not advisable for a programmer to create their own cryptographic algorithm for a product they are developing? 16. What type of Symmetric Ciphers are the fastest and easiest to implement in hardware? 17. Why is a large open space a good physical security feature? 18. Why, when implementing a block cipher, is Electronic Codebook (ECB) using the same key on each block a bad design choice? 19. You are in charge of a design team and have been tasked with generating a cryptographic solution for a larger software project. The requirements for your team are: Must be able to exchange the cryptographic keys on the fly yet keep them secure Must able transfer huge amounts of data in reasonable time so the encryption algorithm speed is important. Must be mobile computing compatible. Clearly PKI is the solution for the first requirement , but several members on your team feel that once each side has exchanged their public keys, using asymmetric algorithms only will be sufficient because CPU’s are plenty fast these days. As the team leader you need to decide if this is acceptable or convince your team that PKI only will fail in meeting the requirements. Please give examples to justify your decisions. 20. You have been asked for design elements of a highly secured data center. Think of all the different types of physical security as well as access controls we have discussed to date. (PHYSICAL, not network security). Module 8 Module 8 Operational/Organizational and Physical Security 1 Background Prevention technologies prevent unauthorized individuals from gaining access to systems or data. In an operational environment, prevention is difficult. Relying on prevention technologies alone is not sufficient. 2 Background Prevention technologies are static. They are put in place and generally left alone. Detection and response technologies are dynamic. They acknowledge that security is an ongoing process. 3 Background The operational security model described the various components in computer security and network security. The operational model of computer security stated that: Protection = Prevention + (Detection + Response). Next we address the issues surrounding computer security and network security. 4 4 This presentation addresses the issues surrounding computer security and network security. Objectives Operational aspects to security in an organization. Physical security components used to protect computers and networks. How social engineering is used as a means to gain access to computers and networks and how an organization should deal with social engineering. 5 One step back Something I touched upon I want to talk a bit more about: Lifecycle. Applies to Policies Systems Software Just about everything… 6 Lifecycle The four steps of the life cycle are: 7 Implement Monitor Evaluate Plan or Adjust Plan (Adjust) In the planning and adjustment phase: Users develop the policies, procedures, and guidelines that will be implemented. Design the security components to protect the network. 8 Implement Implementation of any policy, procedure, or guideline requires an instruction period about its contents. 9 Monitor Constant monitoring ensures that hardware and software, policies, procedures, standards and guidelines are effective in securing the systems. 10 Evaluate Evaluating effectiveness of security includes vulnerability assessment penetration test of the system ensures security meets expectations. After evaluating the process restarts at step one, adjusting security mechanisms Evaluation is a continuous process. 11 Until… Disposal phase hits after the final Evaluation cycle. Then you have to make sure all is disposed of properly. 12 …and one more forgotten tidbit 13 Three basic types of policies Program Policy Used to create or as a part of an organization’s computer security program Issue-specific Policy Addresses specific concerns to an organization System-specific Policy Focus on decisions to protect a specific system. 14 Example Program Policy All employees are subject to an Acceptable Use Policy (AUP) Issue-specific Policy No use of P2P protocols System-specific Policy Central email servers will not relay for non-agency systems 15 Physical Security All mechanisms used to ensure that physical access to computer systems and networks are restricted to authorized users. Access from all six sides is important. The security of obvious points of entry such as doors and windows should be examined. Even floors and ceiling should be scrutinized for possible access points. 16 Access Controls Physical access control is similar to computer and network access controls where access is restricted to the authorized. Physical access controls can be based on: Something that individuals have (key). Something that they know (the combination). Something that they are (biometrics). Where they are located. 17 Locks A lock is the most common physical access control device. Combination locks represent an access control device that depends upon something the individual knows (the combination). Combinations do not require any extra hardware But must be remembered Frequently written down (security vulnerability) Hard to control – not kept secret. 18 Key Locks Locks with keys depend on something the individual has (the key). Key locks are simple and easy, but the key may be lost. If the key is lost, a duplicate key has to be made or the lock has to be re-keyed. Keys may also be copied and can be hard to control. 19 Modern Locks Newer locks replace the traditional key with a magnetic or smart card or proximity device. Coupled with a PIN, results in higher security. Other common physical security devices video surveillance Or even simpler: access control logs (sign-in logs). 20 Access Control Logs Sign-in logs do not provide an actual barrier. They provide a record of access. When used in conjunction with a guard who verifies an individual's identity, they dissuade potential adversaries from attempting to gain access to a facility. 21 Other Access Control Mechanisms Another common access control mechanism is a human security guard. Guards provide an extra level of examination of individuals who want to gain access. Security guards can counter piggybacking. 22 22 Definition Piggybacking Piggybacking is a mechanism where an individual follows another person closely to avoid having to go through the access control procedures. 23 Biometrics Biometrics: Uses something unique about the individual. Does not rely on an individual to remember something or to have something. Is a sophisticated access control approach and is also more expensive. Can control access to computer systems, networks, and physical access control devices. 24 Biometrics Biometrics provides an additional layer of security. Biometrics is normally used in conjunction with another method. Biometric devices are not 100 percent accurate and may allow access to unauthorized individuals. 25 Problems Reminder: False Positive – can deny authorized users access False Negative – can allow an unauthorized person access. 26 Weaknesses of Authentication All forms of authentication have weaknesses that can be exploited. For this reason, “strong authentication” or “two-factor authentication” should be used. These methods use two of the three different types of authentication (something that the users have, know, or are) to provide two levels of security. 27 Physical Barriers Physical barriers help implement the physical-world equivalent of layered security. The outermost layer of physical security contains the public activities. An individual progresses through the layers. The barriers and security mechanisms should become less public to make it more difficult for observers to determine what mechanisms are in place. 28 Physical Barriers Signs are also an important element in security, as they announce
exam-2-c5m3gbyd.pdf module-8-j2hm1q1o-gbstpocq.pptx module-10-pw0x4ox1-hxwoidga.pptx module-9-vqwa3ney-qmop04fv.ppt
Answered 4 days AfterOct 02, 2022

Answer To: 8/16/22, 8:33 AM Exam #2 https://umsystem.instructure.com/courses/118743/assignments/ XXXXXXXXXX/2...

Shubham answered on Oct 06 2022
66 Votes
SYMMETRIC ENCRYPTION ALGORITHM
Table of Contents
Question 1    2
Question 2    2
Question 3    2
Question 4    3
Question 5    3
Question 6    3
Question 7    3
Question 8    4
Question 9    4
Question 10    4
Question 11    4
Question 12    5
Question 13    5
Question 14    5
Question 15    5
Question 16    6
Question 17    6
Question 18    6
Question 19    7
Question 20    7
References    8
Question 1
Symmetric encryption algorithm is the type of secret key that is used for both decrypting and encrypting electronic data. It includes entities for communicating through symmetric encryption that must exchange keys that can be used by the decryption process. The major issue with symmetric encryption algorithms is key exchange problems that can be presented on a classic catch-22 (Kaur, and Vijay Kumar, 2020). The other main issue with the problem is trust between two parties for sharing the secret symmetric key.
Question 2
Security cameras should be present at every entrance and exit of the organization as it can help in preventing crimes at a high rate. Several crimes can be prevented and it can be a great help for the company and the crime department to keep an eye on every suspect that is visible. The use of security cameras can help in following modern technology that can work efficiently and smoothly for ensuring security of the premises.
Question 3
Metasploit framework is the tool that can help in identifying, validating and exploiting vulnerabilities. It can help in delivering tools, content and infrastructure for conducting extensive security audits along with penetration testing. The pen testing can use custom code and it is introduced with the network to probe for weak spots (Geetha, S., et al. 2018). It can help in identification of weak spots and getting the information that can be used for addressing systemic weakness and prioritizing solutions. The framework has become go-to exploit development and it is used as a mitigation tool.
Question 4
Human attacks seen in information security include SMiShing, Phishing, Vishing and Impersonation. Phishing includes malicious emails that pretend to be from reputable sources, SMiShing is phishing through SMS and text, Vishing is voice phishing that uses phone or VoIP and Impersonation is the physical impersonation from a trusted person. These attacks can be mitigated by introducing policies that can help in preventing attackers from learning about internetworking of the organization. It is recommended that users choose a secure network for accessing personal information and ensure that privacy settings are configured properly.
Question 5
Electronic emanations are the problem of leakage of information from the computer system or the network through the electromagnetic radiation. The protection has not improved as the computer technology has increased (Seth, Bijeta, et al. 2022). It creates more abruption of transition and it includes use of more high-frequency components in the spectrum. The risk can be reduced by reducing the error and using the algorithm for providing corrections.
Question 6
Smoke detector provides a faster response and it may be liable for giving a false alarm. It has a constant electrical current running between metal plates inside the device. It is disrupted when the smoke enters the device chamber and triggers the alarm. It can quickly identify fires that are fast burning. In the device the light beam is scattered when it triggers the alarm.
Question 7
The use of a chemical foam suppression system can be the suppression choice for the data center that is not occupied with staff. It is one of the common places of fire to start. The chemical foam system is designed for these types of conditions (Kumar, Amogh Saxena, and Sai Satvik Vuppala, 2020). It includes use of several systems and it required fitting made and pipe-work from the stainless steel. The form system can be used when the...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?