Foundations of Information Security and Assurance

Please answer the following 4 questions: 1. There are three main types of cryptographic algorithms: (1) secret key, (2) public key, and (3) hash functions. Pick an algorithm for any one of these types (e.g., DES, AES, RSA, and MD5) and describe how it works and where it is applied

(For example SSL uses 3DES or DES) for message encryption. Use your own words. When you pick an algorithm, try not to repeat. Be sure to reference your sources. This is one source I like very much; it is easy to read, fairly up-to-date and has a good discussion on the various applications of Crypto: Gary Kessler (2013): Overview of Cryptography: Retrieved from:http://www.garykessler.net/library/crypto.html#intro

2. Most cyber-attacks happen because vulnerabilities in system or application software. Buffer Overflow, SQL Injection, Code/OS Command Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery and Race Conditions are very common vulnerabilities. (Refer to both NIST/DHS and MITRE databases of common vulnerabilities (http://nvd.nist.gov/cwe.cfm;http://cwe.mitre.org/top25/).) Please explain what a specific vulnerability is, describe a famous attack that leveraged it (For example, the Morris worm leveraged the buffer overflow vulnerability), and how it can be prevented/minimized.

3. Database security. Focus three topics for this question: (1) Inference in ordinary databases, (2) Inference in statistical databases, and (3) Database privacy (through encryption). Please pick one of these three topics and explain in your own words what the problem or issue is, how the issue is being addressed and some of the concerns with the solutions being proposed. 4. In this question focus on typical attacks in the Internet affecting confidentiality, integrity and availability at various layers:

Layer 1: Physical; Layer 2: Link; Layer 3: Network; Layer 4: Transport, and Layer 5: Application. (This is IP Layering; in IP layering, roughly Session, Presentation and Application of the OSI layers are combined into a single Application layer). Pick one layer and describe typical attacks in that layer and the controls that are employed in the layer to minimize the attack or vulnerability that leads to the attack.

For example, in the link layer, there is ARP spoofing and man-in-the-middle attacks. In the IP layer, there is packet sniffing. In the transport layer, there is the SYN flood attack causing Denial of Service. Be as complete as possible and cite your reference materials in your response.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.