FINAL –INFA610

Name: _______Date_04/19/2015

Instructions

You are to take this final exam during the twelfth week of the class. This final exam will be posted before noon, Sunday, April 19, 2015 and is due on or before noon, Sunday, April 26, 2015.

Work alone. You may not confer with other class members, or anyone else, directly or by e-mail or otherwise, regarding the questions, issues or your answers. You may use your notes, textbooks, other published materials, the LEO site for this class, and the Internet.

Wherever possible, make sure answers are stated in your own words, and where applicable provide your own examples, rather than repeating the ones used in the course materials. When composing your answers, be thorough. The more complete your answer, the higher your score will be. Be sure to identify any assumptions you are making in developing your answers. While composing your descriptive answers, be very careful to cite your sources. It is easy to get careless and forget to footnote a source. Remember, failure to cite sources constitutes an academic integrity violation. Use APA style for citations and references.

This final is worth 25% of your final grade for the course. It is scored on the basis of 100 points.

Please provide your answers immediately below the questions. (Do not submit answers alone in a separate sheet.)

Please submit your work using the Final Exam assignment folder.

No late submission for the final exam.

Exam Questions

Part 1: True (T) or False (F). IMPORTANT: If you answer False (F), then you MUST say WHY it is in a few words to receive full credit. (5 questions at 2point each, 10 points in all)

EXAMPLE QUESTIONS ONLY

T FYour Professor’s last name is Douglas. Answer: ___F___ (it is Kelly)

T FThis course is INFO610. Answer: ___T___

T FDeep packet inspection firewalls protect networks by blocking packets based on the packets’ header information at the network (IP) layer. Answer: _false____ If F, why? This is an advanced type of data filtering that works at the application layer.Employers have the right (and in some cases the obligation) to see any information stored, transmitted, or communicated within the employer’s environment. This legal right is the basis for monitoring (or at least explicitly stating the right to monitor) email, network traffic, voice, wireless, and other communications. Answer: _True____

T FIntrusion Detection Systems (IDS) provide no protection from internal threats. Answer: __false it analysis both external and internal threat and reports to the administration for further action.___

T FA Denial-of-Service attack does not require the attacker to penetrate the target’s security defenses. Answer: _false an attacker can send multiple request to the serve for  authentication in these case if you want to block the user from gaining access to your network you can use a sniffer to detect a certain address that needs to authorization which originates from the same address from a certain address and block the attacker____

T FSecurity awareness, training, and education programs are key components of organizational risk management strategies.

Answer: true_____

Part 2: Multiple Choice Questions. Print the correct answer in the blank following the question. (22 questions at 2 points each, 40 points plus 4 bonus points in all)

Match the following TCP/IP protocol layer with its function (select a., b., c., or d. below): 

A. Network      1. Coordinates communication between applications.

B. Physical 2. Supports useful functions over the transport layer such identity/location of applications.
C. Application       3. Moves information between hosts that are not directly connected.
D. Transport         4. Moves bits between the nodes in the network.

A—>3; B—>4; C—>2; D—>1

A—>2; B—>4; C—>1; D—>4

A—>2; B—>3; C—>4; D—>1

A—>3; B—>4; C—>1; D—>2

Answer: ___A

Protection of a software program that uses a unique, novel algorithm could legally be protected by:

A patent

A copyright

A trademark

Ethical standards

Answer: _E____

Security threats include which of the following:

Unlocked doors

Disgruntled employees

Hurricanes

Un-patched software programs

All of the above

Answer: E___

Denial of service attacks include (select one or more):

Buffer overflow attack

Smurf attack

Ping flood attack

SYN flood attack

All of the above

Answer: _E:____

Virus

• A disgruntled employee creates a utility for purging old emails from the server. Inside the utility is code that that will erase the server’s hard drive contents on January 1st, 2016. This is an example of which of the following attacks?

Logic Bomb

Spoofing

Trojan horse

Botnet

Rootkit

Backdoor

Answer: G____

Mary is the cofounder of Acme Widgets, a manufacturing firm. Together with her partner, Joe, she has developed a special oil that will dramatically improve the widget manufacturing process. Mary and Joe plan to make large quantities of the oil by themselves in the plant after the other workers have left to keep the formula secret. They would like to protect this formula for as long as possible. What type of intellectual property protection best suits their needs?

Answer: D_______

• Copyright

You should clear cookies in your browser periodically because:

They (Cookies) can be used to track your web browsing behavior and invade your privacy.

They can facilitate impersonation attacks.

They can be used to spread viruses.

a. & b.

b. & c.

a., b. & c.

Answer: ___D______

A TCP/IP session hijacking can be best described as:

Answer: C___

Tracker attacks in databases get around:

Anonymization

Data transformation

Query size restriction

Data partitioning

Answer: b:_________

Answer: C________

• A race condition attack can result in:
  • A symbolic link
  • Object orientation
  • A deadlock
  • Access to low address memory locations

__________ is when the data in the SDB can be modified so as to produce statistics that cannot be used to infer values for individual record resource.

Data perturbation

Database access control

Inference channeling

Output perturbation

Answer: _D_______

With __________ the records in the database are clustered into a number of mutually exclusive groups and the user may only query the statistical properties of each group as a whole.

compromise

inference

partitioning

query restriction

Answer: _C_______

A web session (i.e., a session between a web browser and a web server) can be protected against the risk of eavesdropping in an economical and convenient manner through the use of which of the following?

IPSec

HTTP over SSL

Link encryption

Microsoft Encrypting File System (EFS)

Answer: C_____

While reviewing the security logs for your server, you notice that a user on the Internet has attempted to access one of your internal application servers. Although it appears that the user’s attempts were unsuccessful, you are still very concerned about the possibility that your systems may be compromised. Which of the following solutions are you most likely to implement?

A firewall system at the connection point to the Internet

An improved RBAC-based access control system for the application servers

File-level encryption

Kerberos authentication

Answer: B_______

What specific policy might most likely recommend removing a server from the network and re-installing all software and data?

Answer:C ________

The security risk of allowing dynamic content ( to execute) on a target machine is:

The time delay from when it is downloaded and executed could make the browser experience not very satisfying.

Malware may be included in the downloaded code and infect the target machine.

The mobile code author may never be known.

None of the above.

Answer: D_______

Answer:B_______

• Encrypting a message with a private key (of the sender) in an asymmetric system provides:

Answer:B _______

• The correct ordering of the upper layers of the OSI model are:
  • Session, application, presentation
  • Session, presentation, application
  • Session, application, presentation, physical
  • Application, presentation, session, network

In relational database parlance, the basic building block is a __________, which is a flat table.

attribute

tuple

primary key

relation

field

Answer: C___

Answer:D___

• Routers operate at the D network___________ of the OSI stack?

Answer: D_____

• Gateways operate at the _____________ of the OSI stack?

Answer: _E____

• Which e-mail security protocol(s) depend(s) upon a “Web of Trust”?

Part 3: Short Answer Questions. (2 questions at 15 points each, 30 points in all; no more than 1 page, single-spaced for the answer to each question)

Briefly describe the purpose of firewalls and how they work, including two fundamental approaches to creating firewall policies and types of firewalls

Purpose of a firewall

The primary purpose of a firewall is to safeguard the computer against electronic threads which may immerge due to email reception or browsing the web. It acts as a wall in preventing harmful software from damaging the computer. In simple terms it acts as a gatekeeper to allow certain mail or programs to access the computer while keeping others out.

Firewall filters all incoming and outgoing mails its primary function is packet filtering which travels along the network. Firewalls can also be configured to access certain websites/ services and prevent employees from accessing certain sites while on duty.

Harmful programs and phising are some of the elements that firewalls are best know for. They can stop harmful programs from accessing the computer. Viruses and malware are can also be taken care by restiricting the firewalls and upgrading your wall to meet with the latest technology.

There are many threats associated with e-mail. List those threats and describe a mitigation strategy for each.

E-mail security threats come in different types and forms they include virus, spam mail

Viruses this is one of the greatest security risk that one can face in the computer world. Viruses know ally come as an attachment from email or simply comes as a mail. It poses a great danger to the co-operate world and can bring down a whole organization. To safe guard against viruses you can create a firewall that blocks incoming and outgoing mail or you can use an up to date antivirus. Some viruses are hard to detect and can case serious damage to hardware the best practice is to always open mail from trusted sites.

Spam this involves getting mail from unknown location or simply junk mail. They can carry viruses, malicious code and proud lent salutation for private information. In the co-operate world today they try and use filters to check for spam email and even employ personnel to manually go through them as spam can cause the system lock down or disk usage which is need by the system.

Phishing this is where a trickster comes up with a way of getting private information through fake address. They normally target retailers and business men who they trick of offering them cheaper services or products online. The best practice is never to give your personal details online details like a bank account number or pin are secret that only the owner needs to know. Many organizations have fallen prey to fradusters who offer them life changing benfits if they could diverge any private information that is accorded to them. The isneccistated by the fact that they prey for opportunities that arise from a week network system that doesn’t filter network e-mails that come in through their networks.

Part 4: Essay Question. (Maximum length: one and half page, single-spaced including at least 3 references; 20 points)

While sitting in the break room at work one day, Stan is talking with his friend Joe, who is excitedly describing an idea for a new intrusion detection system (IDS). Joe describes an elegant new algorithm that will flawlessly detect intrusion attacks and respond almost instantly. Stan, who is more of an entrepreneur than inventor, quickly grasps the essence of Joe’s idea, and decides to incorporate the idea into a commercial product, without the knowledge or participation of Joe. In his scheme to commercialize Joe’s idea, Stan plans to hire a programmer to implement Joe’s algorithm, and use the software to control a novel new hardware component. Stan would like to protect the intellectual property of the algorithm, software, and hardware component, but is experiencing some guilt pangs. Discuss the legal and ethical issues of this situation.

Legal issues:

Patent the first thing that Stan should do is to patent the idea. A patent is a government license that entitles one to have exclusive rights of an idea or technology for a given period of time before it is made public (Akers, N. J. (1999). Patents vary from different regions a good example is the European type of patent is not the same as the one used in France they vary depending on the geographical location. The patent would

Patent tend to offer temporally monopoly that offers the patentee with an advantage over other competitors who might want to reinvent the technology. The patentee can also sell some rights to anyone who might want to use the technology and reinvent it (Yang(2011). For a patentee to do this he is obligated by law to disclose his inventions and related technical background information and an up-to-date state of the art basis for the invention.

Before one is granted a patent license’s one has to undergo intensive investigation and analysis to see if the idea works or is a copy or it’s the original. license. Once the patent term expires it becomes the property of the public.

In this instance Stan will need Joe since he will require him to give him all the details step by step since he is the inventor and Stan is the entrepreneur. It will also hurt their friendship if Joe will go to a different geographical location and find that his idea was stolen by his best friend.

Trade secrets these is where secrets and negotiations are made between parties with a common view of something (Pooley (1997)). This idea was first used by business who had the same idea but lacked the financial muscle for the idea to one. It was build on mutual trust between two parties and need to keep their idea safe from competitors. In these case Stan and Joe can reach an understanding to work together in that one will act as an entrepreneur while the other as a programmer (developer). The main advantage of this type of negotiations is that both of them will keep their friendship while working together. As is well know technology changes daily and programs need to be upgraded, since Joe is good with coming up with ideas it will help the application to get daily updates as demand is met while Stan will handle the end part of selling the application.

Since Joe has an idea but he has worked on it will be wise for Stan to first patent the idea. Then to use the copyright so that he can have full control of the project although he will have lost his friend but financially he will have gained from developing the program. The only limitation to this is to know if Joe can put his idea in paper since he is the developer.

Copyrights law allows the creator of an original work to have exclusive rights for the use and distribution of information.( Cornish, (2013)). However this is limited by the limitations and exceptions to copyright law. it gives a small window for creator and afterwards it goes to the public. On this case it will not help as copyrights laws commonly deal with books/ Arts and mostly publishable materials.

Ethical issues;

The complexity of deciding just who the rightful owner of the intended project . Some key ethical issues in the patenting of Joe’s work.

 Is the principle of beneficence , loving good, served more by having Joe’s work patented or rather it should not be approved.

By patenting Joe’s work will it encourage more research into more beneficial areas of the related field of research.

Is justice served by systems of intellectual property protection.

The pertinent issue of how to justly reward all the inventors is the often long process of developing useful products .For instance who to award between Joe and Stan.

How to share the benefits of the Joe’s invention with society. Ethically can anyone own a product of a design process, discovery, or even an invention?

Copyright law provisions should maintain a balance between the interest of the inventors and the copyright owners and the public .the existing legal balance is constant with the educational ethic of responsible use of copyright properties, promotes the free exchange of ideas and protects the economic interests of copyright holders.

Copyright laws should encourage enhanced ease of compliance rather than increasingly punitive enforcement measures

References

Akers, N. J. (1999). The European Patent System: an introduction for patent searchers. World Patent Information, 21(3), 135-163.

Alberts, D., Yang, C. B., Fobare-DePonio, D., Koubek, K., Robins, S., Rodgers, M., …&DeMarco, D. (2011). Introduction to patent searching.InCurrent challenges in patent information retrieval (pp. 3-43). Springer Berlin Heidelberg.

Pooley, J. (1997).Trade secrets.Law Journal Seminars-Press.

Cornish, W., Llewelyn, G. I. D., &Aplin, T. (2013). Intellectual property: patents, copyright, trade marks & allied rights.