1. Who was known as the founder of the Internet?

2
2. When has the Internet become an interconnection of millions of networks and
why? 2
3. What is security? 3
4. What is information security? 3
5. How many fundamental characteristics does information have? 3
6. Which areas does information security include? 3
7. How many critical characteristics do information have? 4
8. What is an information system? 4
9. What is the software? Which software do you know? 4
10. What is the hardware? List some hardware components you know? 4
11. Who is considered an expert hacker? 4
12. Who are hackers? Which skill levels are divided among hackers? 5
13. What is one of the most common methods of virus transmission? 5
14. What is a thief? Which type of theft in information security do you know? 5
15. Which threat is the most dangerous in information security? Why? 5
16. What is the attack? 6
17. What attack in the information security do you know? / What information
security attacks do you know? 6
18. List some attacks in the information security you know? 6
19. What is a firewall in computing? 6
20. How many types of firewall do you know? What are they? 6
22. How are firewalls classified? 7
23. List some firewalls classified by structures? 7
24. What does the word “architecture” mean? 7
25. What common architectural implementations do you know? 7
26. What does the phrase “ firewall processing mode” mean? 8
27. What firewall processing modes do you know? Give some information to
support your answers? 8
28. What powerful security tools do you know? 8
29. What does IDPS stand for? What do you know about IDPS? What is IDPS
used for? 9
30. How many IDPS methods do you know? What are they? State your
understanding about the signature- based approach, the statistical-anomaly
approach, and the stateful packet inspection approach.(unit 4 speaking 3 trang
99) 10
31. Give your understandings about NIDP and HIDS?(unit 4 speaking 2 trang 94)
11
32. What are honeypots, Honeynets, and padded Cell Systems? 12
33. What is cryptography? What is it used for? 12
34. How many goals does cryptography have? What are they? 12
35. How many parties do you think normally participate in a two -way
communication? Who are they? 13
36. What does the phrase hash function mean? What is it? 13
37. What hash functions do you know? 13
38. Why are hash functions widely used in e-commerce? 13
39. What does the word symmetric mean? 13
40. What do you know about symmetric encryption? 14
41. What is asymmetric encryption? What do you know about it? 14
42. What is PKI? What is it used for? 15
43. What components are integrated for a typical solution PKI to protect the
transmission and reception of secure information? 15
44. What is a cyberattack? 15
45. What types of attacks cryptography do you know? State your understanding
about it. 15

1. Who was known as the founder of the Internet?

Unit 1 - Reading 1 - Page 2.
Larry Roberts was known as the founder of the Internet.
 Thêm : What did he develop ? He developed the project which was called
ARPANET from its inception.

2. When has the Internet become an interconnection of millions

of networks and why?
Unit 1 - Reading 1 - Page 5.
In the 1990s. Since its inception as a tool for sharing Defense
Department information
I think because the internet brought connectivity to virtually all computers
that could reach a phone line or an Internet - connected local area
network(LAN) . (page 5, Unit 1, reading 1) Câu này đoán, cô Hảo không
chữa phần why

3. What is security?
Unit 1 - Reading 2 - Page 9 - First paragraph
Theo giáo trình: Security is “the quality or state of being secure to be free
from danger”.
Theo cô Hảo: Security is protection from potential harms caused by
others.

4. What is information security?

Unit 1 - Reading 2 - Page 10 - First paragraph
Theo giáo trình: Information security as the protection of information and
its critical elements, including the systems and hardware that use, store,
and transmit that information.
Theo cô Hảo: Information security is the protection of information and
information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction in order to provide confidentiality,
integrity, and availability.

5. How many fundamental characteristics does information

have?
Unit 1 - Reading 3 - Page 16 to 18 - All the bold & italicize text
Information has 7 fundamental characteristics: confidentiality, accuracy,
authenticity, utility, possession, integrity and availability.
6. Which areas does information security include?
Unit 1 - Reading 2 - Page 10 - First paragraph
Information security includes the systems and hardware that use, store,
and transmit that information, the broad areas of information security
management, computer and data security, and network security.

7. How many critical characteristics do information have?

Unit 1 - Reading 3 - Page 16 to 18 - All the bold & italicize text
Information has 7 critical characteristics: availability, accuracy,
authenticity, confidentiality, integrity, utility, and possession .

8. What is an information system?

Unit 1 - Reading 4 - Page 22 - First paragraph
Information system is much more than computer hardware; it is the entire
set of software, hardware, data, people, procedures, and networks that
make possible the use of information resources in the organization.
-What is information system ?(cô Hảo)
it is a formal , sociotechnical organization system designed to collect,
process, store, and distribute information
- 6 Components of an Information System: software, hardware, data,
people, procedures, networks

9. What is the software? Which software do you know?

Unit 1 - Reading 4 - Page 23 - First paragraph (tìm ở ngoài)
Software is a collection of statements or instructions, written in one or
more different programming languages in a specified order and
comprises applications, operating systems, and assorted command
utilities.
Example: Facebook; Zing MP3, Telegram,…

10. What is the hardware? List some hardware components

you know?
Unit 1 - Reading 4 - Page 23 - Hardware’s paragraph
 Hardware is the physical technology that houses and executes the
software, stores and transports the data, and provides interfaces for the
entry and removal of information from the system.
Example: CPU, Ram, Network Card, Hard Drive,…

11. Who is considered an expert hacker?

Unit 2 - Reading 1 - Page 38 - Second paragraph - Third line
The expert hacker is usually a master of several programming
languages, networking protocols, and operating systems and also
exhibits a mastery of the technical environment of the chosen targeted
system.

12. Who are hackers? Which skill levels are divided among
hackers?
Unit 2 - Reading 1 - Page 37 & 38
Page 37 - Second paragraph: Hackers are “people who use and create
computer software to gain access to information illegally.”
Page 38 - First paragraph: There are generally two skill levels among
hackers. The first is the expert hacker, or elite hacker, who develops
software scripts and program exploits used by those in the second
category, the novice or unskilled hacker.

13. What is one of the most common methods of virus

transmission?
Unit 2 – Reading 1 - Page 34 – third paragraph
One of the most common methods of virus transmission is via e-mail
attachment files. Most organizations block e-mail attachments of certain
types and also filter all email for known viruses.

14. What is a thief? Which type of theft in information security

do you know?
Unit 2 – Reading 2 - Page 43 - Theft’s paragraph
The first line: Theft is the illegal taking of another’s property, which can
be physical, electronic, or intellectual—is a constant. When information is
copied without the owner's knowledge, its value will be diminished.
 The third line: I know two types of theft in information security: Physical
theft and Electronic theft.
+ Physical theft can be controlled quite easily by means of a wide
variety of measures, from locked doors to trained security
personnel and the installation of alarm systems.
+ Electronic theft is a more complex problem to manage and
control. If thieves are clever and cover their tracks carefully, no
one may ever know of the crime until it is far too late.

15. Which threat is the most dangerous in information security?

Why?
Unit 2 – Reading 2 – Page 41 – Third paragraph
One of the greatest threats to an organization’s information security is the
organization’s own employees.
Because employees use data in everyday activities to conduct the
organization’s business, their mistakes represent a serious threat to the
confidentiality, integrity, and availability of data —even relative to threats
from outsiders.

16. What is the attack?

Unit 2 - Reading 3 - Page 47 - First paragraph

An attack is an act that takes advantage of a vulnerability to compromise

a controlled system.

17. What attack in the information security do you know? /

What information security attacks do you know?
Reference: Học phần ATCSDL
Weak auditing (kiểm toán yếu), SQL Injection, Weak authentication ( xác
thực yếu), Database protocol vulnerabilities (lợi dụng lỗ hổng trong giao
thức CSDL), Denial of Service (tấn công từ chối dịch vụ),....

18. List some attacks in the information security you know?

Unit 2 - Reading 3 & 4 - Page 47 to 56 - All the bold text each paragraph
 Malicious code, Hoaxes, Back doors, Password crack, Brute force,
dictionary, Denial of Service (DoS), Spoofing, Man-in-the-middle, Spam,
Mail bombing, Sniffers, Social engineering, Phishing, Pharming, Timing
attack.

19. What is a firewall in computing?

Unit 3 - Reading 1 - Page 63 - First Paragraph
In computing, a firewall is a network security system that monitors and
controls incoming and outgoing network traffic based on predetermined
security rules.

20. How many types of firewall do you know? What are they?
Unit 3 - Reading 1 - Page 63 & 64 - The bold text
There are three types of firewalls: Packet filters, Stateful filters,
Application layer.
Đề cương không có câu 21

22. How are firewalls classified?

Unit 3 - Cover the whole unit.
Firewalls can be categorized by processing mode, development era
(packet filters, stateful filters, application layer), or structure used to
implement them (Commercial-Grade Firewall Appliances, Commercial-
Grade Firewall Systems, Small Office/Home Office (SOHO) Firewall
Appliances, Residential-Grade Firewall Software).

23. List some firewalls classified by structures?

Unit 3 - Reading 2 - Page 67 to 69 - All the bold & italicize text
Some firewalls are classified by structures:
+ Commercial-Grade Firewall Appliances.
+ Commercial-Grade Firewall Systems.
+ Small Office/Home Office (SOHO) Firewall Appliances.
+ Residential-Grade Firewall Software.
+ Software Versus Hardware: The SOHO Firewall Debate.
24. What does the word “architecture” mean?
The word “architecture” is called in Unit 3 - Reading 3, however, its
definition does not appear in this text. Reference from the Internet.
Architecture is the art and science of designing and managing the
construction of buildings and other structures. Architecture has many
artistic qualities but must also satisfy practical considerations.

25. What common architectural implementations do you know?

Unit 3 - Reading 3 - Page 72 - Introduction’s paragraph
There are four common architectural implementations: Packet-filtering
routers, screened host firewalls, dual-homed firewalls, and screened
subnet firewalls

26. What does the phrase “ firewall processing mode” mean?

That phrase is called in Unit 3 - Reading 4, however, its definition does
not appear in this text. Reference from the Internet.
Firewall processing mode: is a packet filtering mode that examines the
header information of a data packet, usually based on a combination of:
Internet Protocol (IP) source and destination addresses, direction
(incoming or outgoing),Transmission Control Protocol (TCP) or Datagram
Protocol (UDP) user, source, and destination request the port.
không cần nhắc đến các loại vì câu 27 có rồi, chắc chỉ cần đoạn đầu
tiên.

27. What firewall processing modes do you know? Give some

information to support your answers?
Unit 3 - Reading 4 & Further Reading - Page 79 to 86
Page 79 - Introduction’s paragraph:
There are five major processing-mode categories : packet-filtering
firewalls, application gateways, circuit gateways, MAC layer firewalls and
hybrid firewalls.
● Packet-filtering firewall examines the header information of data
packets that come into a network. (Page 79 - Second paragraph)
● Application gateway is frequently installed on a dedicated computer,
separate from the filtering router, but is commonly used in conjunction
with a filtering router. (Page 85 - First paragraph)
 ● Circuit gateway firewall operates at the transport layer and prevents
direct connections between one network and another. (Page 76 -
First paragraph)
● MAC layer firewalls are designed to operate at the media access
control sublayer of the data link layer (Layer 2) of the OSI network
model.(Page 86 - MAC’s paragraph)
● Hybrid firewall includes the elements of packet filtering and proxy
services, or of packet filtering and circuit gateways.(Page 86 -
Hybrid’s paragraph)

28. What powerful security tools do you know?

Unit 4 - Reading 4 - Page 104 - First paragraph
A class of powerful security tools that go beyond routine intrusion
detection is known variously as honeypots, or padded cell systems.

29. What does IDPS stand for? What do you know about
IDPS? What is IDPS used for?
IDPS stands for Intrusion Detection and Prevention Systems .
IDPS is the combination of IDS (Intrusion Detection System) and IPS
(Intrusion Prevention System). IDPS has abilities to detect and also prevent
the intruder from break into organization’s areas. It alerts the administrator
when it detects an attack. And it will record the information about the attack
such as: “How the attack occurred?”, “What did intruder do?” and “Which
methods did the attacker use?”.
IDPS is generally used to describe current anti-intrusion technologies.

30. How many IDPS methods do you know? What are they?
State your understanding about the signature- based approach,
the statistical-anomaly approach, and the stateful packet
inspection approach.(unit 4 speaking 3 trang 99)
Three methods dominate: the signature-based approach, the statistical-
anomaly approach, and the stateful packet inspection approach.
A signature-based IDPS (sometimes called a knowledge-based IDPS or a
misusedetection IDPS) examines network traffic in search of patterns that
match known signatures—that is, preconfigured, predetermined attack
patterns
The statistical anomaly-based IDPS (stat IDPS) or behavior-based IDPS
collects statistical summaries by observing traffic that is known to be normal

Stateful protocol analysis (SPA) is a process of comparing predetermined

profiles of generally accepted definitions of benign activity for each protocol
state against observed events to identify deviations.

31. Give your understandings about NIDP and HIDS?(unit 4

speaking 2 trang 94)
Network intrusion detection systems (NIDS) are placed at a strategic point or
points within the network to monitor traffic to and from all devices on the
network
A host-based intrusion detection system (HIDS) is an intrusion detection
system that is capable of monitoring and analyzing the internals of a
computing system as well as the network packets on its network interfaces,
similar to the way a network-based intrusion detection system (NIDS)
operates

32. What are honeypots, Honeynets, and padded Cell

Systems?
Honeypots are decoy systems designed to lure potential attackers away from
critical systems
When a collection of honeypots connects several honeypot systems on a
subnet, it may be called a honeynet
A padded cell is a honeypot that has been protected so that that it cannot be
easily compromised—in other words, a hardened honeypot
unit4- reading 4 - page 104 - second paragraph -line1,3
page 105 - second paragraph -line 1

33. What is cryptography? What is it used for?

Cryptography is the study of mathematical techniques related to aspects of
information security
it used for confidentiality, data integrity, entity authentication, and data origin
authentication, non-repudiation
unit 5 - reading 1 - page 111 - first paragraph -line 1

34. How many goals does cryptography have? What are they?
There are 4 cryptographic goals. They are confidentiality, data integrity,
authentication, non-repudiation
unit 5 - reading 1 - page 112

35. How many parties do you think normally participate in a two

-way communication? Who are they?

(Mình thấy trong giáo trình ghi khác nên bổ sung)

(Unit 5 - Reading 4 - Trang 129 - Đoạn đầu)
There are four parties:
● An entity or a party is someone or something which sends, receives, or
manipulates information. An entity may be a person, a computer
terminal, etc.
● A sender is an entity in a two-party communication which is the
legitimate transmitter of information.
● A receiver is an entity in a two-party communication which is the
intended recipient of information.
● An adversary is an entity in a two-party communication which is neither
the sender nor receiver, and which tries to defeat the information
security service being provided between the sender and receiver.

36. What does the phrase hash function mean? What is it?
Unit 6 - Reading 1 - Page 135 - Third paragraph (the sentences begin with
bold text)
Hash function means functions using hash algorithms that create a hash
value.
Hash functions are mathematical algorithms that generate a message
summary or digest (sometimes called a fingerprint) to confirm the identity of a
specific message and to confirm that there have not been any changes to the
content

37. What hash functions do you know?

Unit 6 - Reading 1 - Page 136 - Third paragraph - Line 5,6,7
Several hash functions that I know are SHA-1, MD4, SHA-256, SHA-384,
SHA-152.
More information: SHA-1 is based on principles modeled after MD4, which is
part of the MDx family of hash algorithms created by Ronald Rivest. New hash
algorithms are SHA-256, SHA-384, and SHA512. Those algorithms have been
proposed by NIST as standards for 128, 192, and 256 bits, respectively.

38. Why are hash functions widely used in e-commerce?

Unit 6 - Reading 1 - Page 135 - Third paragraph - Line 8
Because hash functions are used for confirming message identity and
integrity, both of which are critical functions in e-commerce.

39. What does the word symmetric mean?

Unit 6 - Reading 2 - Page 141 - Second paragraph
In information security, Symmetric is a term involved in encryption
methodologies that requires the same secret key to encipher and decipher the
message, as you can call symmetric encryption or private key encryption.

40. What do you know about symmetric encryption?

Unit 6 - reading 2 - Page 141 to 143
Symmetric encryption (also called private key encryption) uses a single key to
encrypt and decrypt the message, this means if either copy of the key falls into
the wrong hands, messages can be decrypted by others and the intended
receiver may not know the message was intercepted.
This method of encryption can be programmed into extremely fast computing
algorithms so that the encryption and decryption processes are executed
quickly by even small computers. Most symmetric encryption cryptosystems
widely known are DES, 3DES and AES. (không cần thiết)

41. What is asymmetric encryption? What do you know about

it?
What is asymmetric encryption?
(Unit 6 – Reading 3 – Page 146 – First paragraph – Line 2)
Asymmetric encryption (also called public-key encryption) uses two
different but related keys, and either key can be used to encrypt or decrypt the
message.
Hoặc (Cái này tra mạng, cảm giác trl sát với câu hỏi hơn – Nguồn:
techtarget.com/searchsecurity/definition/asymmetric-cryptography)
Asymmetric cryptography, also known as public-key cryptography, is a
process that uses a pair of related keys - one public key and one private key -
to encrypt and decrypt a message and protect it from unauthorized access or
use.
What do you know about it?
Asymmetric encryption can be used to provide elegant solutions to
problems of security and verification. The foundation of public key
cryptography are one-way functions. Asymmetric encryption has the
advantage that it does not force users to share (secrets) keys, and the
disadvantage that it is time-intensive and requires considerably more effort.

42. What is PKI? What is it used for?

(Unit 6 – Reading 4 – trang 151 – đoạn 2 – 3 dòng đầu)
Public-key Infrastructure (PKI) is an integrated system of software,
encryption methodologies, protocols, legal agreements, and third-party
services that enables users to communicate securely.
(Tra mạng – Nguồn: https://www.nexusgroup.com/crash-course-pki/)
PKI enables trusted electronic identities for people, services and things,
which make it possible to implement strong authentication, data encryption
and digital signatures. These security mechanisms are used to grant secure
access to physical and digital resources; secure communication between
people, services and things; and enable digital signing of documents and
transactions.

43. What components are integrated for a typical solution PKI

to protect the transmission and reception of secure
information?
(Unit 6 – Reading 4 – trang 152 – đoạn 3)
A typical PKI solution protects the transmission and reception of secure
information by integrating the following components: a certificate authority
(CA), a registration authority (RA), certificate directories, management
protocols, policies and procedures

44. What is a cyberattack?

(Unit 2 – Further reading – trang 60 – đoạn 1 – dòng 3)
 A cyberattack is any type of offensive maneuver that targets computer
information systems, infrastructures, computer networks, or personal
computer device

45. What types of attacks cryptography do you know? State

your understanding about it.
(Unit 6 – Reading 5 – trang 158 – đoạn 2)
In general, attacks on cryptosystems fall into four general categories:
man-in-the-middle, correlation, dictionary, and timing
Man-in-the-Middle Attack: This attack attempts to intercept a public key
or even to insert a known key structure in place of the requested public key.
Establishing public keys with digital signatures can prevent the traditional man
in-the-middle attack, as the attacker cannot duplicate the signatures.
Correlation Attacks are a collection of brute-force methods that attempt
to deduce statistical relationships between the structure of the unknown key
and the ciphertext generated by the cryptosystem. Correlation attacks exploit
a statistical weakness that arises from a poor choice of the Boolean function.
Dictionary Attacks: In a dictionary attack, the attacker encrypts every
word in a dictionary using the same cryptosystem as used by the target in an
attempt to locate a match between the target ciphertext and the list of
encrypted words.
Timing Attacks: In cryptography, a timing attack is a side-channel attack
in which the attacker eavesdrops on the victim’s session and uses statistical
analysis of patterns and inter-keystroke timings to discern sensitive session
information.

Câu hỏi của cô Minh Thu ôn tập:

1, What is private key encryption? And what is the primary

challenge of it?
- Symmetric encryption (also called private key encryption) uses a single key to
encrypt and decrypt the message, this means if either copy of the key falls into
the wrong hands, messages can be decrypted by others and the intended receiver
may not know the message was intercepted.
- The primary challenge of symmetric key encryption is getting the key to the
receiver, a process that must be conducted out of band (meaning through a
channel or band other than the one carrying the ciphertext) to avoid interception

2, What is the difference between DES and AES?

DES uses a 64-bit block size and a 56-bit key.
AES implements a block cipher called the Rijndael Block Cipher with a
variable block length and a key length of 128, 192, or 256 bits.

3, What layers of security should a successful organization

have in place to protect its operations?
- A successful organization should have some layer security: Physical security,
Personnel security, Operations security, Communications security, Network
security, Information security.

4, What does C.I.A stand for? What is it? What does C.I.A
triangle mean in Vietnamese? Is the C.I.A. triangle model
suitable for information security now?
-C.I.A stand for confidentiality, integrity, and availability.
-C.I.A is on the three characteristics of information
-C.I.A triangle means “mô hình bảo mật thông tin”
- No longer adequately addresses the constantly changing environment.(because
of different threats appearance)

5. Who are Whitefield Daffier and Martin Hellman? What did

they invent? What are their algorithms based on? What is one
of the most significant contributions of public-key cryptography?
-They are introduced public key cryptography in 1976
-They invented Diffie-Hellman algorithms
- The Diffie-Hellman algorithms are based on the discrete logarithm problem.
- One of the most significant contribution of public key cryptography is digital
signature
6, What are "Sniffers"? What are they used for? Why are they
dangerous?
- A sniffer is a program or device that can monitor data traveling over a
network.
- Sniffers can be used both for legitimate network management functions and
for stealing information.
-Because because many systems and users send information on local networks
in clear text.

7, What is time-memory tradeoff attack? What method can

prevent this attack?
-Time-memory tradeoff attack is a type of cryptographic attack where an
attacker tries to achieve a situation similar to the space–time tradeoff but with
the additional parameter of data, representing the amount of data available to
the attacker.
-To prevent this attack we should:
+protect the file of hashed passwords and implement strict limits to the
number of attempts allowed per login session.
+use an approach called password hash salting.

8. How many main properties does an ideal cryptographic hash

function have? What are they?
The ideal cryptographic hash function has four main properties:
* It is easy to compute the hash value for any given message
* It is infeasible to generate a message that has a given hash
* It is infeasible to modify a message without changing the hash
* It is infeasible to find two different messages with the same hash.

9, What is a padded cell? What are its benefits?

- A padded cell is a honeypot that has been protected so that that it cannot be
easily compromised—in other words, a hardened honeypot
-Its benefits are:
+Attackers can be diverted to targets that they cannot damage.
+Administrators have time to decide how to respond to an attacker
 +Attackers’ actions can be easily and more extensively monitored, and
the records can be used to refine threat models and improve system
protections.
+Honeypots may be effective at catching insiders who are snooping
around a network.

10, What is correlation attack? How to prevent it?

-Correlation attacks are a collection of brute-force methods that attempt to
deduce statistical relationships between the structure of the unknown key and
the ciphertext generated by the cryptosystem
-The only defense against this attack is the selection of strong cryptosystems
that have stood the test of time, thorough key management, and strict adherence
to the best practices of cryptography in the frequency of key changes.

11, What is a firewall? What are its benefits?

- A firewall in an information security program is similar to a building's firewall
in that it prevents specific types of information from moving between the
outside world, known as the untrusted network and the inside world, known as
the trusted network.
-In computing, a firewall is a network security system that monitors and
controls incoming and outgoing network traffic based on predetermined security
rules.
-Its benefits are:
+Firewalls help you to Prevent Unauthorized Remote Access
+Firewalls can Guarantee Security Based on Protocol and IP Address for
example in The packet-filtering firewall and in Screened host firewalls
+Firewalls Protect Seamless Operations in Enterprises

12, What are Hash functions? Why are hash functions

considered one-way operations?
-Hash functions are mathematical algorithms that generate a message summary
or digest (sometimes called a fingerprint) to confirm the identity of a specific
message and to confirm that there have not been any changes to the content.
-Because in this function the same message always provides the same hash
value.
13, What is the difference among a sender, a receiver, and an
adversary?
-A sender is an entity in a two-party communication which is the legitimate
transmitter of information.
-A receiver is an entity in a two-party communication which is the intended
recipient of information.
- An adversary is an entity in a two-party communication which is neither the
sender nor receiver, and which tries to defeat the information security service
being provided between the sender and receiver.

14, What does an encryption scheme consist of? What does

one have to do to construct an encryption scheme?
- An encryption scheme consists of a set {Ee : e e K} of encryption
transformations and a corresponding set {Dd : d e K}.
- An encryption scheme consists of a set {Ee : e e K} of encryption
transformations and a corresponding set {Dd : d e K}.

15, What do these words stand for?

MAC: Media Access Control
DES: Data Encryption Standard
PKI: Public Key Infrastructure
TCP: Transmission Control Protocol
IP: Internet Protocol
UDP: User Datagram Protocol
DS: Digital Spy
SHS: Social and Human Sciences
AES: Advanced Encryption Standard

16, Why do employees’s mistakes represent a serious threat to

the confidentiality, integrity, and availability of data? Which one
is the biggest threat to an organization?
- Because employees use data in everyday activities to conduct the
organization’s business.
- The biggest is human error or failure.
17, What are the weaknesses of the signature-based
approach?What is the solution to the weaknesses of the
signature-based approach?
- New attack strategies must continually be added into the IDPS’s database of
signatures; otherwise, attacks that use new strategies will not be recognized and
might succeed. Another weakness of the signature based method is that a slow,
methodical attack might escape detection if the relevant IDPS attack signature
has a shorter time frame
-It is to collect and analyze data over longer periods of time

18. compare virus and worms

Worms Virus

A Worm is a form of malware A Virus is a malicious

that replicates itself and can executable code attached to
spread to different computers another executable file which
via Network. can be harmless or can modify
or delete data.

The main objective of worms is The main objective of viruses is

to eat the system resources. to modify the information.

Worms can be controlled by Viruses can’t be controlled by

remote. remote.

It needs human action to

It does not need human action replicate.
to replicate

Its spreading speed is slower

Its spreading speed is faster. as compared.

REVISION- TACN- ATTT- 2022

1. Who was known as the founder of the Internet?
 Larry Roberts, known as the founder of the Internet, developed the
project which was called ARPANET from its inception .
2. When has the Internet become an interconnection of millions of networks and
why?
At the close of the twentieth century, the Internet has become an
interconnection of millions of networks. Because the Internet brought connectivity to
virtually all computers that could reach a phone line or an Internet connected local
area network (LAN)
3.What is security?
Security is “the quality or state of being secure to be free from danger.”. In
other words, protection against adversaries from those who would do harm,
intentionally or otherwise is the objective.
4. What is information security?
Information security refers to the safeguarding of information assets'
confidentiality, integrity, and availability while they are being stored, processed, or
transmitted.
5.How many fundamental characteristics does information have?
Information has 7 fundamental characteristics: confidentiality, accuracy,
authenticity, utility, possession, integrity and availability.
6.Which areas does information security include?
Information security includes the broad areas of information security
management, computer and data security, and network security.
7.How many critical characteristics do information have?
Information has 7 critical characteristics . They are availability ,
accuracy , authenticity, confidentiality, integrity, utility, possession.
8. What is an information system?
Information system (IS) is the entire set of software, hardware, data, people,
procedures, and networks that make possible the use of information resources in the
organization.
9. What is the software? Which software do you know?
Software is a set of instructions, data, or programs used to operate a computer
and execute specific tasks. In simpler terms, software tells a computer how to
function. It’s a generic term used to refer to applications, scripts, and programs that
run on devices such as PCs, mobile phones, tablets, and other smart devices.
10. What is the hardware? List some hardware components you know?
Hardware is the physical technology that houses and executes the software,
stores and transports the data, and provides interfaces for the entry and removal of
information from the system.
Example: CPU, GPU, Motherboard, Network Card,....
11. Who is considered an expert hacker?
The expert hacker, or elite hacker, who develops software scripts and program
exploits used by those in the second category, the novice or unskilled hacker.
12.Who are hackers? Which skill levels are divided among hackers?
- Hackers are “people who use and create computer software to gain access to
information illegally.”
- Two skill levels among hackers. The first is the expert hacker, or elite
hacker and the novice or unskilled hacker.
13.What is one of the most common methods of virus transmission?
One of the most common methods of virus transmission is via e-mail
attachment files.
14.What is a theft? Which type of theft in information security do you know?
- Theft is the illegal taking of another’s property, which can be physical,
electronic, or intellectual—is a constant. The value of information is
diminished when it is copied without the owner’s knowledge.
- There are two types of theft in information security : Physical theft and
Electronic theft.
15.Which threat is the most dangerous in information security? Why?
- One of the greatest threats to an organization’s information security is the
organization’s own employees.
- Because employees use data in everyday activities to conduct the
organization’s business, their mistakes represent a serious threat to the
confidentiality, integrity, and availability of data.
16. What is the attack?
- The attack is an act that takes advantage of a vulnerability to compromise a
controlled system. It is accomplished by a threat agent that damages or steals
an organization’s information or physical asset.
17. What attacks do you know about information security?
Weak auditing, SQL Injection, Weak authentication, Database protocol
vulnerabilities, Denial of Service,....
18. List some attacks in the information security you know?
- Malicious Code
- Hoaxes
- Back Doors
- Password Crack
- Brute Force
- Dictionary
- Denial-of-Service and Distributed
- Spoofing
- Man-in-the-Middle
- Spam
- Mail Bombing
- Sniffers
- Social Engineering
- Pharming
- Timing Attack
19.What is a firewall in computing?
In computing, a firewall is a network security system that monitors and controls
incoming and outgoing network traffic based on predetermined security rules.
20.How many types of firewalls do you know? What are they?
There are three types of firewalls. They are Packet filters, Stateful filters,
Application layer.
22. How are firewalls classified?
Firewalls can be categorized by processing mode, development era (packet
filters, stateful filters, application layer), or structure used to implement them
(Commercial-Grade Firewall Appliances, Commercial-Grade Firewall Systems,
Small Office/Home Office (SOHO) Firewall Appliances, Residential-Grade Firewall
Software).
23. List some firewalls classified by structures?
- Commercial-Grade Firewall Appliances.
- Commercial-Grade Firewall Systems.
- Small Office/Home Office (SOHO) Firewall Appliances.
- Residential-Grade Firewall Software.
- Software Versus Hardware: The SOHO Firewall Debate.
24.What does the word “architecture” mean?
Architecture is the art and science of designing and managing the construction
of buildings and other structures. Architecture has many artistic qualities but must
also satisfy practical considerations.
25. What common architectural implementations do you know?
There are four common architectural implementations: Packet-filtering
routers, screened host firewalls, dual-homed firewalls, and screened subnet firewalls
26. What does the phrase “ firewall processing mode”
Firewall processing mode: is a packet filtering mode that examines the header
information of a data packet, usually based on a combination of: Internet Protocol
(IP) source and destination addresses, direction (incoming or outgoing),Transmission
Control Protocol (TCP) or Datagram Protocol (UDP) user, source, and destination
request the port.
27. What firewall processing modes do you know? Give some information to
support your answers?
There are five major processing-mode categories : packet-filtering firewalls,
application gateways, circuit gateways, MAC layer firewalls and hybrid
firewalls.
● Packet-filtering firewall examines the header information of data packets
that come into a network.
● Application gateway is frequently installed on a dedicated computer,
separate from the filtering router, but is commonly used in conjunction with
a filtering router.
● Circuit gateway firewall operates at the transport layer and prevents direct
connections between one network and another.
● MAC layer firewalls are designed to operate at the media access control
sublayer of the data link layer (Layer 2) of the OSI network model.
● Hybrid firewall includes the elements of packet filtering and proxy services,
or of packet filtering and circuit gateways.
28.What powerful security tools do you know?
A class of powerful security tools that go beyond routine intrusion detection is
known variously as honeypots, or padded cell systems.

29. What does IDPS stand for? What do you know about IDPS? What is IDPS
used for?
IDPS stands for intrusion detection and prevention system (IDPS).
IDPS is the combination of IDS (Intrusion Detection System) and IPS
(Intrusion Prevention System). IDPS has abilities to detect and also prevent the
intruder from breaking into the organization's areas. It alerts the administrator when
it detects an attack. And it will record the information about the attack such as: “How
the attack occurred?”, “What did the intruder do?” and “Which methods did the
attacker use?”.
Intrusion detection and prevention system (IDPS) is generally used to describe
current anti-intrusion technologies
30. How many IDPS methods do you know? What are they? State your
understanding about the signature- based approach, the statistical-anomaly
approach, and the stateful packet inspection approach.
- Three methods dominate: the signature-based approach, the statistical-
anomaly approach, and the stateful packet inspection approach.
- A signature-based IDPS (sometimes called a knowledge-based IDPS or a
misusedetection IDPS) examines network traffic in search of patterns that
match known signatures—that is, preconfigured, predetermined attack patterns
- The statistical anomaly-based IDPS (stat IDPS) or behavior-based IDPS
collects statistical summaries by observing traffic that is known to be normal
- Stateful protocol analysis (SPA) is a process of comparing predetermined
profiles of generally accepted definitions of benign activity for each protocol
state against observed events to identify deviations.

33. Give your understanding about NIDS and HIDS?

- Network intrusion detection systems (NIDS) are placed at a strategic point or
points within the network to monitor traffic to and from all devices on the
network
- A host-based intrusion detection system (HIDS) is an intrusion detection
system that is capable of monitoring and analyzing the internals of a
computing system as well as the network packets on its network interfaces,
similar to the way a network-based intrusion detection system (NIDS) operates
32. What are the honeypots, Honeynets, and padded Cell Systems?
- Honeypots are decoy systems designed to lure potential attackers away from
critical systems
- When a collection of honeypots connects several honeypot systems on a subnet,
it may be called a honeynet
- A padded cell is a honeypot that has been protected so that that it cannot be
easily compromised—in other words, a hardened honeypot
33. What is cryptography? What is it used for?
Cryptography is the study of mathematical techniques related to aspects of
information security. It is used for confidentiality, data integrity, entity authentication,
and data origin authentication.
34. How many goals does cryptography have? What are they?
 There are 4 cryptographic goals. They are confidentiality, data integrity,
authentication, non-repudiation
35. How many parties do you think normally participate in a two -way
communication? Who are they?
There are four parties:
● An entity or a party is someone or something which sends, receives, or
manipulates information. An entity may be a person, a computer terminal, etc.
● A sender is an entity in a two-party communication which is the legitimate
transmitter of information.
● A receiver is an entity in a two-party communication which is the intended
recipient of information.
● An adversary is an entity in a two-party communication which is neither the
sender nor receiver, and which tries to defeat the information security service
being provided between the sender and receiver.
36. What does the phrase hash function mean? What is it?
- Hash function means functions using hash algorithms that create a hash value.
- Hash functions are mathematical algorithms that generate a message summary
or digest (sometimes called a fingerprint) to confirm the identity of a specific
message and to confirm that there have not been any changes to the content
37. What hash functions do you know?
Several hash functions that I know are SHA-1, MD4, SHA-256, SHA-384, SHA-
152.
38. Why are hash functions widely used in e-commerce?
Because hash functions are used for confirming message identity and integrity, both
of which are critical functions in e-commerce.
39. What does the word symmetric mean?
In information security, Symmetric is a term involved in encryption methodologies
that requires the same secret key to encipher and decipher the message, as you can
call symmetric encryption or private key encryption.
40. What do you know about symmetric encryption?
Symmetric encryption (also called private key encryption) uses a single key to encrypt
and decrypt the message, this means if either copy of the key falls into the wrong
hands, messages can be decrypted by others and the intended receiver may not know
the message was intercepted.
41. What is asymmetric encryption? What do you know about it?
 Asymmetric cryptography, also known as public-key cryptography, is a
process that uses a pair of related keys - one public key and one private key - to
encrypt and decrypt a message and protect it from unauthorized access or use.
Asymmetric encryption can be used to provide elegant solutions to problems
of security and verification. The foundation of public key cryptography are one-way
functions. Asymmetric encryption has the advantage that it does not force users to
share (secrets) keys, and the disadvantage that it is time-intensive and requires
considerably more effort.
42. What is PKI? What is it used for?
Public-key Infrastructure (PKI) is an integrated system of software, encryption
methodologies, protocols, legal agreements, and third-party services that enables
users to communicate securely
PKI enabled trusted electronic identities for people, services and things, which
make it possible to implement strong authentication, data encryption and digital
signatures. These security mechanisms are used to grant secure access to physical
and digital resources; secure communication between people, services and things;
and enable digital signing of documents and transactions.
43. What components are integrated for a typical PKI to protect the transmission
and reception of secure information?
A typical PKI solution protects the transmission and reception of secure
information by integrating the following components: a certificate authority (CA), a
registration authority (RA), certificate directories, management protocols, policies
and procedures.
44. What is a cyberattack?
A cyberattack is any type of offensive maneuver that targets computer
information systems, infrastructures, computer networks, or personal computer
devices.
45. What types of attacks cryptography do you know? State your understanding
about it.

In general, attacks on cryptosystems fall into four general categories: man-in-

the-middle, correlation, dictionary, and timing
Man-in-the-Middle Attack: This attack attempts to intercept a public key or
even to insert a known key structure in place of the requested public key. Establishing
public keys with digital signatures can prevent the traditional man in-the-middle
attack, as the attacker cannot duplicate the signatures.
 Correlation Attacks are a collection of brute-force methods that attempt to
deduce statistical relationships between the structure of the unknown key and the
ciphertext generated by the cryptosystem. Correlation attacks exploit a statistical
weakness that arises from a poor choice of the Boolean function.
Dictionary Attacks: In a dictionary attack, the attacker encrypts every word in
a dictionary using the same cryptosystem as used by the target in an attempt to locate
a match between the target ciphertext and the list of encrypted words.
Timing Attacks: In cryptography, a timing attack is a side-channel attack in
which the attacker eavesdrops on the victim’s session and uses statistical analysis of
patterns and inter-keystroke timings to discern sensitive session information.