COP4521 Homework 7 Name: FSU login: 1. (10 points) What are the objectives of computer security? Answer: To preserve the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). 2. (10 points) Explain the terms: confidentiality, integrity, availability, authenticity, and accountability. Answer: Confidentiality includes data confidentiality and privacy. Data confidentiality assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed. Integrity includes data integrity and system integrity. Data integrity assures that information and programs are changed only in a specified and authorized manner. System integrity assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. Availability assures that systems work promptly and service is not denied to authorized users. Authenticity assures that users are who they say they are and that each input arriving at the system came from a trusted source. Accountability is the requirement for actions of an entity to be traced uniquely to that entity. 3. (20 points) What is attack surface? Why is it important? Answer: Attack surface consists of the reachable and exploitable vulnerabilities in a system. It is important because it is where the attacker and defender meet: a secure system should minimize its attack surface. 4. (20 points) Explain how Feistel encryption works, what are the types of basic operations used for transforming plaintext to ciphertext in Feistel encryption? Answer: Feistel encryption is a block cipher. The inputs to the encryption algorithm are a plaintext block of length 2w and a key K. The plaintext block is divided into two halves, LE_0 and RE_0. The two halves of the data pass through n rounds of processing and then combine to produce the ciphertex block. Each round i has as inputs LE_{i-1} and RE_{i-1} derived from the previous round and a subkey K_i derived from K. All rounds have the same structure. A substitution is performed on the left half of the data. This is done by applying a round function F to the right half of the data and then taking the exclusive-OR (XOR) of the output of the function and the left half of the data. The round function is parameterized by the round subkey K_i. Following the substitution, a permutation is performed. The types of basic operations used for transforming plaintext to ciphertext in Feistel encryption is substitution and transposition. 5. (20 points) What are the differences and similarity between viruses and worms? Answer: Main similarity: Both are malware that can replicate itself and infect files and systems, both have similar life cycles. Main difference: Worms actively seeks out more machines over the network to infect while virus does not. 6. (20 points) What are the types of firewalls? If FSU wants block all traffic from the university to http://www.amazon.com/. Which type of firewall should be used? Answer: Types of firewalls: packet filtering firewall, stateful inspection firewall, application proxy firewall, circuit-level proxy firewall. To block all traffic to the amazon website, a packet filering firewall should be used since the ip address and the port number of the website would all traffic to the website to be blocked.