Information security

Lecture 1

: Choices
1-Security should be considered a balance between:
(Procedures and Availability - Protection and Procedures -
Protection and Data - Protection and Availability)

2- key components in an Information Security:

(Networks – Data – Computers – Procedures)

: True or false
- Computers can be subjects and/or objects of an attack
(true)

-Computer security began immediately after first

mainframes were developed (true)

-It is possible to obtain perfect security (false)

•Measures to protect data during their transmission over

Internet
(Internet security - Network security - Computer security -Security Attack)

• This is an attack on authenticity

 (Fabrication-Interception-Security Mechanism-Security Mechanism)

. Data Integrity:
 protection of data from unauthorized disclosure
 A mechanism (set of procedures) that is designed to detect, prevent, or
recover from a security attack
 assurance that data received is as sent by an authorized entity
 Aalgorithm that transforms plaintext to ciphertext

. compare between Authorization & Authentication

.true or false
1-Security policies are least expensive controls to execute
but most difficult to implement (true)

2-Communities of interest do not need to consider policies

as starting point for security efforts (false)

3- Security policies are least expensive controls to

execute but most difficult to implement (true)

.complete
 1. NSA stand for… (National Security Agency)
2. NIPC stand for …( National Infrastructure
Protection Center)
3. DHS stand for…( Department of Homeland
Security)
4. FBI stand for …( Federal Bureau of Investigation’s)

: …………. Malware-infected system spams all contacts found in

users’ address books. ( Mass Email)

: list 4 types of attacks??

Backdoor.. Brute force.. Denial-of-service (DoS).. Man-in-the-middle.

: define(Malware):
malicious code such as viruses, worms, Trojan

horses, bots, backdoors, spyware, adware, etc.

: which of these is Deliberate Software

Attacks..?

( Worms , Logic bombs , Backdoors , Forces

of Nature)

*ALL true except forces of nature*

 Lecture 2

Choose the correct answer :

1-………. is Weakness or fault that can lead to an exposure
( threat – Vector – Vulnerability – risk )

2-……….. determining whether an entity (person, program,

computer) has access to object
(Authentication– Authorization– Malware– Exposure)

3-………… accessing system or network using known or previously

unknown mechanism
(Backdoor– Password crack– Malicious code– Denial-of-service)

4- what is meants by Deviations in Quality of Service?

Situations where products, services not delivered as expected

5- what is meant by an Attack?

deliberate action exploiting a vulnerability

6- What are the causes of human error or failure?

Employees are the threat
– Inexperience

– Improper training

– Incorrect assumptions

7-compare about Authentication and Authorization .

Authentication:

– determining the identity of a person, computer, or service on a computer

Authorization:

– determining whether an entity (person, program, computer)

has access to object

– Can be implicit (email account access) or explicit

(attributes specifying users/groups who can

read/write/execute file)

8-compare between threat and attack .

Threat :

– Generic term for objects, people who pose potential danger

to assets (via attacks) Attack :

– Act or action that exploits vulnerability (i.e., an identified weakness) in

controlled system

9-what are the mistakes employee can lead to ?

– Revelation of classified data

– Entry of erroneous data

– Accidental data deletion or modification

– Data storage in unprotected areas

– Failure to protect information
10-compare between Viruses and Worms .
Viruses
:
– Malware propagating with human help

Malwar
e:
– Self-propagating malware over networks
11-compare between Timing attack and Side-
channel attacks .
Timing attack :

– explores contents of a Web browser’s cache to

create malicious cookie Side-channel attacks :

– secretly observes computer screen

contents/electromagnetic radiation, keystroke sounds,

etc.

True or false
(1) Electronic theft can be easily controlled than Physical theft
(false)

(2) when a web service running on a server have a vulnerability and

if it’s not connected to the network, it would be a risk (false)
risk is 0.0

(1)....................Specific object, person who poses such a danger (by

carrying out an attack) ( threat – threat agent – vulnerability – risk –

exposure )

(2).......................launch viruses, worms, Trojan horses, and active Web scripts

aiming to steal or destroy info

( Backdoor - Malicious code -

Disclosure -Vector ) (3).Is Malicious

software (malware).

( Viruses - Trojan horses - Back doors – all of them )

(4).........................is application error where more data sent to a buffer than

can be handled ( Timing attack - Buffer overflow - Side-channel

attacks - Sniffers )

lecture 3

Q1. Choose the correct answer ….?

1- …………………. Rules that mandate or prohibit behavior, enforced
by governing authority.
• Cultural mores
• Ethics
• Laws
• Policy
2- …………………. harmful actions to society, prosecuted by the state
• Civil
• Criminal
• Private
• Tort
3- Which of the following is Federal Agency………...?
• DHS
• FBI
• NSA
 • NIPC
• All of the above
4- ………. device that selectively allows information into/out of
organization
• Firewalls
• Demilitarized Zone
• Intrusion Detection Systems
• None of the above
Q2. TRUE or FALSE………………?
1- Case law is the documentation about application of law in
various cases……………. (TRUE)
2- To be enforceable, Laws must be distributed, readily
available, easily understood, and acknowledged by
employees………… (FALSE) Policy
Q3. List Security Technology Components?
• Firewalls
• Demilitarized Zone
• Intrusion Detection Systems
Q4. List types of laws...?
• Tort
• Civil
• Criminal
• Private
• Public Q5.
What is the meaning of Liability...?
• It is legal obligation beyond what’s required by law,
increased if you fail to take due care

Q6.choose The Correct Answer:-

1- …..……..Rules that define socially acceptable behavior, not

 necessarily criminal, not enforced (via authority/courts)
A) Cultural Mores
B) Ethics
C) Laws
D)Policy
2- …..……..legal obligation beyond what’s required by law,
increased if you fail to take due care
A) Liability
B) Ethics
C) Laws
D)Due diligence
3- …..……..harmful actions to society, prosecuted by the
state
A) Civil
B) Criminal
C) Tort
D) Due diligence
4- …..…….. laws governing nation or state
A) Civil
B) Criminal
C) Tort
D) Due diligence

5- …..…….. individual lawsuits as recourse for “wrongs”,

6- prosecuted by individual attorneys
E) Civil
F) Criminal
G) Tort
H) Due diligence
Q7. What should security policies contain:-
 Persons responsible for reviews
 Revision table
 How to recommend reviews
 Date of issuance and revision of the document
Q8. What is security architecture design:-
 It is divided into two types
1. Defense in depth
- Implement security in layers
2. Security Perimeter
- The point at which the security of the organization
Q9. True Or False :-
• Department of Homeland Security and Federal Bureau of
Investigation’s and National Infrastructure Protection
Center and National Security Agency Components of
security technology )True)

• Intrusion Detection Systems (IDS): detects authorized

(foreign) activity on an organization's network, individual
devices, or both (False)

Q12.what information security can do?

– Reduce likelihood that incidents result in lawsuits
– Reduce likelihood that you lose (by showing due
care, due diligence)
– Minimize damages/awards
– Help you respond effectively to incidents

Q13.what is the difference between due care and due

diligence?

Due care:-has been taken when employees know what

is/isn’t acceptable, what the consequences are
Due diligence:-sustained efforts to protect others

Lecture 4

1_What is the system ?

Collection of hardware, software, data, procedures,
networks, people, etc. that “belong together”

2_What is the meant by risk management ?

process of identifying and controlling risks facing an
organization.
3_…………is risk “left over” after identification and control
A. • Vulnerability
B. • Residual risk
C. Risk control
D. Risk identification
4_Mention four strategies to control each risk ?
 Apply safeguards (avoidance)
 Transfer the risk (transference)
 Reduce impact (mitigation)
 Understand consequences and accept risk

5_What are common methods of risk avoidance?

 Impose policy
 Educate people
 Apply technology

6_What is the techniques in avoidance ?

 Removing vulnerabilities
 Limiting access to assets
 Applying safeguards

7_Mention the Rules of thumb that we can apply?

o A vulnerability exists
o Attackers can exploit a vulnerability
 o Attacker’s cost is less than potential gain
o Substantial potential loss to organization

8_Mention the abbreviation for ?

1. (IRP): Incident response plan
2. (DRP): Disaster recovery plan
3. (BCP): Business continuity plan

9_Mention Military classification?

– Top Secret
– Secret
– Classified/Internal use only
– Public

10- What happens to victim as the result of

a successful attack ?
a)Damaged reputation
b)Lost sales
c)Replacement cost
d) All of the above

answer: d
11: What attacker “spends” to launch
attack thats means:
a)Attacker benefit
b)Attacker cost
c)Risk management
d)none of the above

Answer: b

12: .......... strategies to control each risk :

a) four
b) three
c) two
d) one

Answer: a

13:Reduce impact of risk thats means :

a)transference
b)mitigation
c)avoidance
d)acceptance

Answer:b
 14:Mention three of Problems with
Benchmarking?
1- Organizations don’t talk to each other
2- No two organization are identical
3-Best practices are a moving target

15-……….. security efforts that provide a

superior level protection of information.
a) Best business practices
b) Risk identification
c) Risk control
d) Cost-Benefit Analysis
Ans: a
16-………….. process of examining and
documenting risk present in
information systems.
a) Best business practices
b) Risk identification
c) Risk control
d) Cost-Benefit Analysis
 Ans: b
17-……….. four strategies are used to
control risks that result from
vulnerabilities.
a) Best business practices
b) Risk identification
c) Risk control
d) Residual risk
Ans: c
18-………. risk that remains to the
information asset even after the
existing control is applied.
a) Best business practices
b) Risk identification
c) Risk control
d) Residual risk
Ans: d
19-Mention problems with
Benchmarking and Best Practices.
 Organizations don’t talk to each
other.
 No two orgs. are identical.
 Best practices are a moving target.
 Knowing recent events in security
industry (benchmarking) may not
prepare for future.

20-Mention rules of thumb that we can

apply.
 A vulnerability exists.
 Attackers can exploit a vulnerability.
 Attacker’s cost is less than potential
gain.
 Substantial potential loss to
organization.
 Lecture 5

1-List three subsets of packet filtering firewalls.

Static filtering
Dynamic filtering
Stateful inspection
2-List the three goals VPN must achieve
Encapsulate incoming, outgoing data
Encrypt incoming, outgoing data –
Authenticate remote computer, user

3-Each firewall device must have own set of configuration

rules regulating its actions (True)
4-Firewall policy configuration is usually not complex and
difficult (False)
5-When security rules conflict with business performance,
security often loses (True)
6-Most organizations with Internet connection have a router
connecting to Internet (True)
7-Routers can be configured to reject packets that org.
forbids entering its network (True)
8-Most firewalls use packet tailer information to determine
whether specific packet should be allowed or denied(False)
9– Connections into trusted internal network allowed only
from DMZ bastion host servers (True)
Part 2 in lecture 5
1 ) ………………there’s a record of who accessed what .
( Confidentiality – Utility – Auditability – Accuracy )
2 ) Which of the following is an objective of network security
?
( Confidentiality – Integrity – Availability – All of the above )
3 ) Computer security began immediately after ……………….
( Mainframes – super computer – minicomputer – pc )
4 ) We need to comply with laws/regulations is ………………
( CIO – Access – Auditor – None of the above )
5 ) Security should be considered a balance between
protection and …………….
( Confidentiality – Integrity – Availability – Utility )
Part 3 in lecture 5
1:What is the importance of firewalls?
*Prevents specific types of information from moving
between the outside world ” untrusted networks”
and the outside world “ trusted networks”
2:List firewall categorization:
*Processing modes.
*Development era.
*Intended deployment structure.
*Architectural implementation.

3:select the correct answer:

Which of the following is from processing modes…?
A: circuit gateways.
B: hybrids.
C: Mac layer firewalls.
D: All of the above
4:select the correct answer:
Common architectural implementation of firewalls
is..?
A: packet filtering routers.
B:screened subnet firewalls.
C:A & B
D: circuit gateways
5: write the importance of screened host firewalls:
*Combine packet filtering routers with stand-alone
firewalls , ’ ex: proxy server ’

*Allows routers to pre-screen packets to minimize

load on internal proxy.
6: what are functions that screened subnet firewall
performs?
* protects DMS “Demilitarized Zone” systems and
information from outside threat.
* protect the internal networks by limiting how
external connections can gain access to internal
systems.
7: when does the security have been losed?
When the security rules conflict with business
performance

8: “SMTP” is an abbreviation for …”simple mail

transport protocol”…
9: “ICMP” is an abbreviation for…”internet control
message protocol”…
10: “VPNs” is an abbreviation for …”virtual private
networks”..

11: mention the goals of “VPNs”:

*encapsulate incoming and outgoing data
*encrypt incoming and outgoing data
*authenticate remote computer ,user
12: modes of “VPNs” are….?
A: transport mode
B:processing modes
C:tunnel mode
D:A & C
13:mention an example of tunnel mode:
*pulse secure application
 *Microsoft internet application gateway
14:complete:
“Most firewalls use packet header information to
determine whether specific packet should be
allowed or denied”, this describes……”firewall
rules”…

15:”limited auditing, weak authentication” , this

describes……”Drawbacks”……..

16:mention Four common architectural

implementations of firewalls:
*Packet filtering routers
*Screened host firewall
*Screened subnet firewall
*Dual-homed firewall