Scribd
Upload
47 views

SelfLearningAssessment 2

The document discusses security concepts related to the OSI security architecture. It contains questions and answers about OSI security issues, types of attacks (passive vs. active), security services, security mechanisms, and a network security model. The questions cover topics such as the three issues OSI security focuses on, differences between passive and active attacks, examples of passive and active attacks, the six main security services, six security mechanisms, and components and tasks of a network security model. Examples are also provided to illustrate confidentiality, integrity, and availability requirements for an ATM system and a desktop publishing system.

Uploaded by

Ankit Patel
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
47 views

SelfLearningAssessment 2

The document discusses security concepts related to the OSI security architecture. It contains questions and answers about OSI security issues, types of attacks (passive vs. active), security services, security mechanisms, and a network security model. The questions cover topics such as the three issues OSI security focuses on, differences between passive and active attacks, examples of passive and active attacks, the six main security services, six security mechanisms, and components and tasks of a network security model. Examples are also provided to illustrate confidentiality, integrity, and availability requirements for an ATM system and a desktop publishing system.

Uploaded by

Ankit Patel
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

MITS 5004

IT SECURITY
Name: Ankit Patel
Student Id: 42799

Review Questions

1. What are the three issues OSI security architecture focuses on?

Ans: The three issues on which the OSI security architecture focuses on are:
i. Security Attacks
ii. Security Mechanisms
iii.Security Services

2. What are the differences between passive attack and active attack?

Ans:
Passive attacks:
 It is an attempt to learn or make the use of information from the system that
does not affect system resources.
 Passive attack does not includes modification of the message.
 Passive attack do not cause any damage to the system.
 The entity is unaware of the attack.

Active attacks:
 It is an attempt to alter system resources or affect their operation.
 Active attack includes modification of the message.
 Active attack always causes damage to the system.
 The entity is notified about the attack.

3. Describe different types of passive attacks.

Ans: There are two types of passive attacks:


I. Release of message content: It captures and reads the content.
II. Traffic analysis: It does not reads the message but do observes the
pattern, which includes determining location and
identity of communicating parties.

4. Describe different types of active attacks.

Ans: There are four types of active attacks:


I. Masquerade: A masquerade attack uses a fake identity to access a computer,
where it is not authorized.
II. Replay: A replay attack is a form of network attack in which a valid data
transmission is fraudulently repeated or delayed.
III. Denial of Service: DOS is attack where the attackers attempt to prevent
legimate users from accessing the service.
IV. Modification of message: Message is altered, delayed or recorded to produce
unauthorized effect.

5. What are the six main security services defined by OSI security
architecture?
Briefly describe each of them.

Ans: The six main security services defined by OSI security architecture are:
I. Confidentiality: It protects the data from any unauthorized discloses.
II. Authentication: It assures that the communication is authentic.
III. Integrity: Integrity means no alteration of data.
IV. Non-Repudiation: It helps in preventing sender or receiver from receiving or
denying the message.
V. Access Control: It limits the access and controls access to the system and
applications.
VI. Availability: It assures that the service is available to legimate users.

6. Name six security mechanisms.

Ans: 1. Encipherment
2. Digital signatures
3. Access controls
4. Data Integrity
5. Authentication exchange
6. Security audit trails

7. Describe a model for network security. What are the components it should
have?
What are the basic tasks that such a model should perform?

Ans:
There should be five components in the network security model:
1. Sender (Plain Text): This is the original message send by the sender that is fed
into the algorithm.
2. Encryption Algorithm: The encryption algorithm performs various
substitutions and transformation on the plain text.
3. Secret Key: Secret keys are generated for the algorithm to encrypt or decrypt
the data.
4. Cipher text: This is the scrambled message produced as output.
5. Receiver ( Decryption) : This is essential encryption algorithm run in reverse.
It uses cipher text and the secret key and produces the original plain text.

Problems

1. Consider an automated teller machine (ATM) in which users provide a


personal identification number (PIN) and a card for account access.
Give examples of confidentiality, integrity and availability requirements
associated with the system. In each case, indicate the degree of
importance of the requirement.

Ans: The system must keep personal identification numbers confidential, both in
the host system and during transmission for a transaction.
Importance of this requirement is too high.
 The system must protect the integrity of account records and of individual
transactions.
Importance of this requirement is too high
 Availability of the host system is important to the
economic well being of the bank, but not to its fiduciary responsibility. The
availability of individual teller machines is of less concern.
Importance of this requirement is Medium.

2. Consider a desktop publishing system used to produce documents


for various organizations.
a. Give an example of a type of publication for which
confidentiality of the stored data is the most important
requirement.

Ans: To publish corporate proprietary material.

b. Give an example of a type of publication for which data


integrity is the most important requirement.
Ans: Laws or Regulations
c. Give an example in which system availability is the most
important requirement.
Ans: Publish a daily newspaper

You might also like