a) Knowledge of worm life cycle helps us to make good defense mechanism against
internet worms.
i. Give the phases in the life cycle of a computer worm. [4]
ii. Explain any three effects of worms on computer security. [6]
b) Answer the following questions on Denial of Service.
i. What is denial of service (DOS) attack? [2]
ii. Describe the following examples of DOS. In your description suggest a possible
solution to each DOS attack [6]
Smurf, Ping flood, Fraggle
c) Describe briefly the role of signature detection. [2]
d)
e) Explain the difference between fabrication and modification attacks. [2]
a) Bindura University of Science Education (BUSE) is implementing an electronic voting
(e-voting) system to elect their chancellor. Only the faculty of Science are allowed to
vote online at a voting website that the university IT department is implementing.
What is the security attributes that need to be considered for the e-voting system? Be
specific. For instance, do not just say `confidentiality', but enumerate which (all)
kinds of information need to be kept confidential. Note that the security attributes
could go beyond the classical three used in CIA-triad.
[6]
b) Provide one example each for preventive, detective and corrective security controls,
for each of the following categories :
i. People
ii. technology
iii. operations [9]
c) The principle of `need to know' in information security advocates that each user
should have access to only as much information as needed to carry out the tasks they
are assigned, and no more (least privilege access). What are potential shortcomings of
such an approach to security?
[3]
f)
�g) The Rijndael algorithm uses a byte substitution table that comes from a formula
applied to $GF(2^8)$.
i. Is it necessary to use that formula? That is, would any substitution table work?
[2]
ii. What restrictions are there on the form of the table? [2]
iii. A property of the Rijndael algorithm is that it is quite regular. Why is this both a
good and a bad property for a cryptographic algorithm? [2]
b) Sometime ago LinkedIn confirmed that it had experienced a data breach that
likely compromised the e-mail addresses and passwords of 6.5 million of its
users. This confirmation followed the posting of the password hashes for these
users in a public forum. One criticism of LinkedIn is that they used unsalted
password hashes. In this question we’ll explore this criticism. Assume that each
stolen password record had two fields in it: [user_email,SHA1(password)] and
that a user login would be verified by looking up the appropriate record based
on user email, and then checking if the corresponding hashed password field
matched the SHA1 hash of the password inputted by the user trying to log in.
By contrast, if LinkedIn had used a salted scheme, then each record would have
had three fields: [user email, salt,SHA1(password+salt)] and login verification
would similarly require looking up the salt and using it when matching hashes.
Given this:
i. Suppose the attacker’s goal is to break your password via a dictionary attack. Does
the lack of salting in LinkedIn’s scheme make this goal substantially easier?
[3]
ii. Suppose the attacker’s goal is to break at least half of the passwords via a dictionary
attack. Does the lack of salting in this scheme make this goal substantially easier?
[2]
iii. Suppose you are contacted by the attacker and given a set of password hashes
(that’s, no user_name, no salt). Assuming the hash function is known, is there a
measurement you could make on order to infer if the hashes are likely salted or not?
[3]
iii. It turns out that that 20% of LinkedIn users with Yahoo Mail e-mail addresses
� used the same password at LinkedIn as Yahoo. You learn that, unlinked LinkedIn,
Yahoo salts its passwords. Should Yahoo be concerned about the LinkedIn breach or
not? [3]
c) List any five Top Cloud Security Threats of 2021. [5]
d) Briefly explain what is meant by an Authentication Header (AH) and an
Encapsulating Security Payload (ESP).
[6]
e)
a) Answer the following on network attacks.
i. Explain TCP Syn Flooding attack briefly. [2]
ii. Suggest a solution for ARP Cache poisoning attack. [2]
iii. Give names of two attacks at the network layer. [2]
b) Answer the following questions on Wi-Fi Security
i. Describe how a man-in-the-middle attack may be performed on a Wi-Fi
network and the consequences of such an attack. [6]
c) An access attack is an attempt to access another user account or network device
through improper means. As a network administrator you are responsible for ensuring
that only authorized users access the network. Unauthorized attacks are attempted
via four means, all of which try to bypass some facet of the authentication process.
Give the four attacks. [4]
f) James and Alexander are having another debate about computer and
network security. James says that it is the job of security professionals
to find all vulnerabilities and every threat and make sure the system is
always 100% secure. Do you agree with James? You should explain your
answer with nine reasons.
[10]
g) A denial of service (DoS) attack is an incident in which a user or
organization is deprived of the services of a resource they would
normally expect to have.
� h) Describe any two forms of DoS attack.
[4]
i) Due to the nature of how mobile devices function, they tend to have
unique vulnerabilities when compared to desktops and servers, each
with its own built-in defences, attack vectors, and threats. Describe the
following problems.
i Physical Size [3]
ii Data Privacy and Security Concerns [3]
iii Mobile Risks and attacks [3]
i) The Zimbabwean government recently proposed that the Cybersecurity
and Cybercrimes Bill will now incorporate the draft Data Protection Bill
and the Electronic Transactions and Electronic Commerce Bill. Describe
the incorporated bills and explain the significance of the incorporation
to the general populace of Zimbabwe.
[11]
j) Firewalls rules can be customized as per your needs, requirements and security
threat levels. You can create or disable firewall filter rules based on such
conditions. Explain any five conditions that can be used. [10]
k) A typical IPS/IDS alert contains information that can help you determine if an
event is indeed potentially malicious. Give any four kinds of information that
can be used in the determination of whether an event is potentially malicious.
[4]
l) Management has consulted you on which Operating system to use between
Windows and Linux, and you recommend the use of Linux. Explain any three
key factors that underlie Linux's superior security:
[6]
m) You are responsible for the security of cloud storage and computing service.
Naturally, you need to protect your customers’ data by fully encrypting their
reserved blocks on your server. You distinguish:
IT team: This team has access to the server and all system files for maintenance.
Executive team: This team has access to customers’ addresses and billing data.
� The customers: Each customer has access to his reserved block on the file system.
i. When a customer enters/edits their billing data, it has to be protected from
unauthorized access. Choose one of the following encryption schemata (explain
your choice): Triple DES,RSA,AES [1]
ii. Given your choice above, write for each group which key should be available to
them (write the key type or “none”): [3]
n) The IT team has access to the system files, including sensitive files such as
/etc/passwd. Describe how you prevent them from using an executive team member’s
credentials. [2]
o) Sales expert Alice (executive team) does not have PGP/RSA installed on her private e-
mail client, however she does have a public/private key pair which she uses when
communicating over her corporate mail client. She wants to send a sensitive message
to sales expert Bob as she often does, however she currently cannot use the corporate
client. She considers two options:
(1) She sends this one e-mail unencrypted.
(2) She uses an online encryption/decryption service she found at www.isilver.com,
where she can submit the message and Bob’s public key and receives a cipher text
which she sends to Bob. Bob can likewise decrypt the cipher text by uploading it
together with his private key to the same site.
Which option poses the greater security risk? Please explain! [2]
p) Which algorithm among AES,DES and RSA would you use to secure the customers’ data
inside their blocks? Explain your answer. [2]
q) Address the following questions concerning cookies.
i. How do the HTTP cookies work in general? [3]
ii. Can the HTTP cookies be used to exchange for personal information?
[2]
r) A virtual private network (VPN) is a network that uses public means of transmission
(Internet) as its WAN link and a well-designed VPN uses several methods for keeping
your connection and data secure. Give any five ways that can be employed to keep a
connection secure. [5]
