Finishing is not easy to point a praise chant
Information Security Introduction (3rd Edition) exercises reference answers
(Cattle less Cuibao Jiang Chang Li Jian)
Chapter One Introduction
1, talk about your understanding of the information.
A: The information is the status and state of the movement of things change in a way.
2. What is IT?
A: Broadly speaking, IT is able to extend or information means and methods of human capacity expansion.
Book, information technology and computer means in communication support for acquisition, processing, storage, conversion, transmission and display text, numbers, images, video, audio and voice information, and information and service providing apparatus comprising two general term for a method and apparatus of large area.
Some people think that IT simply is 3C: Computer + Communication + Control.
? 3, information security, basic properties mainly in several aspects
A: (1) Integrity (Integrity)
(2) confidentiality (Confidentiality)
(3) Availability (Availability)
(4) non-repudiation (Non-repudiation )
(5) controllability (controllability)
? 4, information security threat What are the main
a:
(1) information disclosure
(2) undermine the integrity of information
(3) denial of service
(4) illegal use of (unauthorized access)
(5) tapping
(6) analysis of traffic flow
(7) fake
(8) controls the bypass
(9) authorizing violations
(10) Trojan horse
(11) trap-door
(12) repudiation
(13) playback
(14) computer virus
(15) workers accidentally
(16) discarded the media
(17) a physical intrusion
(18) steal
(19) business spoofing
5, how to achieve information security?
A:: Information security mainly through the following three areas
A Security Information Technology: Information encryption, digital signatures, data integrity, authentication, access control, security, database, network control technology, anti-virus technology, security audits, business filling, routing control mechanism, notarization mechanism;
B information security: security management is an integral part of information security has motility. Most security incidents occur and security risks, not entirely technical reasons, but often due to poor management caused. Security Management include: personnel management, equipment management, space management, storage media management, software management, network management, and cryptographic key management.
C relevant laws of information security. The law may make people aware of the information security management and application of what is illegal, consciously abide by the law and not to engage in illegal activities. Law plays an important role in protecting information security for the illegal acts occurred, can only rely on the law to punish, the law is the ultimate means of protecting information security. At the same time, by deterrent laws also allow an attacker to generate fear, a police reached Correctional hundred, to curb the effects of crime.
The second chapter confidential information technology
1, in order to achieve security, classical cryptography and modern cryptography relies on the elements of information What is the difference?
A: classical cryptography, the secret data confidentiality encryption algorithm.
Modern cryptography, the security of the data based on the secret key instead of the algorithm.
2, cryptology which is divided into several stages? What are their characteristics?
A: The first stage: from 1949 to thousands of years ago.
Classical encryption
before the emergence of computer technology
cryptography as an art rather than a science
second stage: from 1949 to 1975.
Mark: Shannon published "Communication Theory of Secrecy System"
cryptography into orbit science
major technologies: symmetric key encryption algorithm, single key
third stage: after 1976
mark: Diffie, Hellman published the "New Directions of Cryptography "
opened a new era of public-key cryptography.
3, by using the number keys, cryptography can be divided into several categories? If the plaintext encryption according to information?
A: symmetric cryptosystem (single key cryptosystem) and asymmetric cryptography (public key cryptography).
Stream ciphers and block ciphers.
4. What are the main guiding principles of block cipher design is? What are the main means to achieve?
A: The principle of chaos and proliferation principles in order to ensure the security of a password, Shannon proposed.
b. for the design principles to achieve, block ciphers can use the software and hardware. Based on the different nature of software and hardware, design principles of a block cipher may be implemented according to a predetermined method considered.
Software design principles: the use of sub-blocks and simple operation. Cryptographic operations performed on the sub-block, sub-block length required can be naturally adapted to the software program, such as 8,16,32 bits like. In a software implementation, according to the bit permutation it is difficult to achieve, so we should try to avoid using it. Some cryptographic operation on the sub-block should be carried out a number of software operation easy, it is preferable to use some standard processor has some basic instructions, such as addition, multiplication and shift the like.
Hardware design principles: the encryption and decryption devices can be used to achieve the same. Try to use regular structure, because the password should be a standard component architecture so that it can be adapted to a very large scale integrated circuits.
In addition, the simplicity principle, a necessary condition, scalability is also a consideration.
thought c. Most block cipher adopted Feistel cipher structure, to achieve confusion and diffusion function by means of substitution and replacement.
5. What are common attack on block ciphers?
A: ciphertext-only attack known plaintext attack chosen plaintext attack, chosen ciphertext attacks.
6. What is the importance of public-key cryptosystem appear? It is a symmetric cryptosystem with the similarities and differences of what?
A: The public-key cryptosystem is an important event a landmark study of the meaning of the password. Public key cryptosystem uses different encryption keys and decryption keys from each other during transmission of the message, and in consideration of the time factor, the encryption key is derived from the decryption key corresponding thereto have not realizable . So far, freed from the shackles of cryptography keys must be secure transmission, the prospect of cryptography suddenly.
Compared with the symmetric cipher,
the same point:
can be used for data encryption;
can be implemented by hardware;
different points:
Symmetric cryptography encryption and decryption keys are the same, but different public key cryptosystem using the encryption key and decryption key;
public key cryptography based on mathematical problems, but not symmetric cryptosystem;
public key cryptosystem distributing simple. Key encryption key can be made to the present disclosure, the decryption key by the user-control, and not a symmetric cryptosystem;
encryption speed public key cryptosystem is slower, faster symmetric cryptosystem;
Cryptosystem adapt to network development, to meet the requirements for secure communications between users strangers;
reduce public key system each user's secret key stored amount. Network, each user only needs to save his own secret decryption key, encryption key used to communicate with other users of the key can be obtained from this;
7, calculated from the security point of view, to build public-key cryptosystem math problems common What are?
A: The big integer factorization problem of
the discrete logarithm problem
a discrete logarithm problem on the elliptic curve
linear coding decoding problem
of nonlinear inverse problem of weak weak reversible finite automata
8, in the DES algorithm, the effect of S- cartridge that?
A: Each S- cassette into four 6-bit input output. It is non-linear, determines the safety of the DES algorithm.
9. What do you think AES DES have advantages over?
A: (1) AES key length may be increased as needed, and DES is constant;
(2) the Rijndael encryption algorithm, each round eliminating constants different symmetry key, which is a non-extended linear eliminates the possibility of the same key; decryption using different transforms, eliminates the possibility of weak DES keys and semi-weak in the presence of a key; in short, the Rijndael encryption algorithm, the key of choice without any restriction.
(3) on a limited domain / finite ring about the nature of the encryption and decryption to provide a good theoretical basis, so that both high-intensity algorithm designers can hide information, but at the same time to ensure that the algorithm is reversible, and because in some key constants Rijndael algorithm ( For example: in the very clever choice), such that the decryption algorithm can be performed at high speed with the support of integer instructions and logic instructions.
(4) AES security to be significantly higher than DES.
10, in reality, there is cryptosystem absolutely safe?
A: No.
11. What is the main difference between information hiding and data encryption are?
A: The difference:
different goals: encryption only hides the content of the information; information hiding not only hides the content, but also to cover up the presence information.
Different ways: encryption rely on mathematical operations; and information hiding to make full use of the redundant carrier space.
Different applications: encrypted only concerned with the security of the encrypted content, and information hiding also concerned about the relationship between the carrier and the hidden information.
Contact:
theoretically borrow from each other, complement each application. The information is encrypted, and then hide
12, the main method of information hiding what?
A: The space domain algorithm and transform domain algorithm.
Chapter III Information Technology Certification
1, outlining what is a digital signature.
A: The digital signature is performed by a one-way function of the message to be transmitted to the packet source authentication process to obtain and verify an alphanumeric string is changed packet, the alphanumeric string known as the message authentication message code or a message digest, which is implemented by the digital signature of the one-way hash function; user data with its private key to encrypt the resulting hash digest of the original data when the public-key signature, then the information used by the receiver information sender's public key digital signature obtained after the original message attached to decrypt the hash digest, and by comparison with the hash digest with the raw data received from its own generated, you can be sure whether the original information has been tampered with, so ensure the non-repudiation of data transmission. This is a public key signature technology.
2, if there are more than two people to digest digital signature, it is called a double signature. In the Secure Electronic Transaction protocol (SET) in respect to the use of this signature. Think about it, what does this mean for our lives to have any real effect?
A: The technology uses a dual signature in the SET protocol, the payment and order information is signed, thus ensuring the business can not see payment information, and can only see order information. Meaning is: Since the cardholder made the transaction to the bank's payment instructions by forwarding businesses, in order to avoid the transaction process business cardholder steal credit card information, and to avoid tracking bank cardholder behavior, violation of consumer the privacy, but at the same time not affect the reasonable verification of the cardholder merchants and banks issued information only when the merchant agreed to cardholders purchase request, will allow the bank to the merchant negative charges, SET protocol uses dual signature to solve this problem.
3, chapter (Certified Information Technology) talked about several identification technology, you find against their concrete realization of it from real life? Can you think of a better example of an update.
The answer slightly.
4, Hash function may be what kinds of attack? Do you think one of the most important is what kind?
A: brute-force attack, birthday attack and meet halfway attacks.
5, you can design a two-factor authentication in conjunction with a variety of authentication methods do? The theoretical aspects give a specific algorithm.
The answer slightly.
6, imagine if you designed a website for the College, for the perspective of safety and use, and can use what security principles in this chapter.
A: (1) a digital signature to solve repudiation, forgery, tampering and posing issues,
(2) the use of electronic ID identification technology based on cryptography: Use password ways and certified way. (3) high security requirements in the system, with a password or the holder can not provide a secure protection, may be utilized to implement the individual physical characteristics. This identification technologies are: handwritten signature recognition technology, fingerprint recognition technology, voice recognition, retinal pattern recognition technology, iris pattern recognition technology and face recognition.
Chapter IV PKI and PMI Certified Technology
1, complete KPI application should include which parts?
1 CB 2 4 CA3 registry certificate management protocol directory 5 6 7 operating agreement personal security environment
release 2 ,. certificate and certificate revocation information mainly those ways? And discuss the advantages and disadvantages of these approaches
1 regularly publish CRL issued CRL time-sharing mode 2 Mode 3 time-sharing segment posted CRL model 4Delta-CRL publishing mode
3, .PMI and PKI difference is mainly reflected in those areas?
PKI prove who the user is, and the user's identity information stored in the user's public key certificate.
PMI to prove what permissions the user, what attributes, you can do, and user attribute information stored in the authorization certificate
Chapter V key management technology
1, why should the introduction of key management technology?
A: (1) theoretical considerations
communicating parties during the communication, we must solve two problems:
A must frequently update or change the key;.
B How can securely update or change the key.
(2) Human Factors
crack ciphertext good very difficult, difficult to even professional cryptanalyst sometimes helpless, but because key personnel inadvertently may cause leaks, loss, etc., man-made circumstances more often than encryption system but also more complex designer could have imagined, so the need for a specialized institutions and systems to prevent the occurrence of these situations.
(3) technical factors
. A user-generated key is likely to be fragile;
. B keys are safe, but there are likely to be key protection failure.
2, key management system which involves aspects of key management?
A: The key distribution, key injection, key storage, key revocation and key replacement.
3. What is the key escrow?
A: The key escrow refers to the user in the CA Application Data encryption certificate before, must put their key into t t a reliable component to the trustee. Any trustee can not be a key recovery complete user part of the user's own password storage. T the only individual storage keys together to get the full key of the user.
Chapter VI Access control
1. What is access control? Access control which includes several elements?
Access control refers to the different body authorized to access certain controls based on policy or rights to the object itself or of its resources.
Access control consists of three elements, namely: subject, object and control strategies.
Body: the operation is active entity may be applied to other entities, abbreviated as S.
Object: a passive acceptance of other entities access entity, abbreviated as O.
Control strategies: operational behavior is the main set of objects and constraints set, abbreviated as KS.
2. What is the discretionary access control? What is Mandatory Access Control? Both access control What is the difference? Tell me, would you choose mandatory access control under what circumstances.
Discretionary Access Control model is a model based on discretionary access control policy that allows legitimate users access policy object defined as a user or group of users, while preventing unauthorized users from accessing objects, some users also can independently put their own It has the object to grant access to other users.
Mandatory Access Control model is a multi-level access control policy, its main feature is the system of mandatory access control and controlled access to the main object, the system pre-assign different security levels to access the main attributes and controlled object, in the implementation of access when the control system to access the main level of security and controlled object attributes are compared, and then decide whether to access the main access to the controlled object.
Differences: discretionary access control model, user and object resources have been given a certain level of security, users can not change the security level and the object itself, only administrators can determine access rights for users and groups; mandatory access control model system in advance and controlled access to the main object is to assign different levels of security attributes, to achieve a one-way flow of information through hierarchical security label.
Mandatory Access Control in general and controlled access to the main object of a clear classification when used.
3. What is the significance of that audit? You by what means to achieve the objectives of the audit? In addition to the content of our books in terms of, can you think of any other way to do audits?
Auditing is an important and complementary access control, auditing what information resources are available to the user, time use and how to use for recording and monitoring. Meaning that the object of the audit monitor their own security, ease of leak filled, track unusual events, so as to achieve the purpose of deterrence and to track the illegal users.
Auditing ways:
based on the rule base: data network known attacks for feature extraction, after these features are described in a scripting language and other methods into the rule base, when the security audit, and will be collected these rules are some to compare and match operations (keywords, regular expressions, fuzzy approximation), which found possible network attacks.
First, the object to create a statistic description, such as network traffic mean, variance, etc., the value of these feature amounts under normal circumstances the same base, then the actual network situation data comparison, when far found: statistical method based normal circumstances, you can determine the presence of attacks
addition, knowledge of the latest relevant field of artificial intelligence, neural networks, data mining, etc. can also be introduced to the different levels of security audit in the past, bringing new vitality to the security auditing techniques.
4, in chapter 6.5 we describe the three trust models, in fact, can also be extended to these three models, which is mixed trust model. You can combine models on our books, imagine how the implementation model trust model peer and hierarchical trust model combining it? It can, give a specific structure of the model.
Model trust model peer and hierarchical trust model combined with the realization:
the entire trust domain is divided into several small domains trust, build confidence level model in various small trusted domain, such a simple model structure, easy to manage, easy to implement. Peer model to build trust between the trusted root trust each small domain, in order to meet the dynamic changes in the organizational structure of the trust. FIG schematic model is as follows:
Chapter VII of network attacks and preventing
the general procedure 1, outlined cyber attack
1 attack hide the identity and location of the target system information collection 2 3 4 goal vulnerability information mining analysis to obtain permission to use 5 attacks hidden back door opens 6 7 8 attack implement attack eraser
2, access to relevant information, give preventive measures against cyber attack methods mentioned in this chapter
a: a little
3, brief network security policy
network security strategy is to network security objectives, expectations and goals, as well as realize that they have to use discussed strategies to provide management direction and support for network security, network security is the basis of all the activities, guide the development and implementation of enterprise network security architecture. It includes not only the local area network of information storage, processing and transmission technology, also including the protection of all business information, data, files, and manage device resources and means of operation.
4, network security principles, including those two aspects? Discuss their advantages and disadvantages?
Actively prevent and guard against negative
positive prevention: The biggest advantage is that you can stop unknown attacks, and for this way, the establishment of a safe and effective model can react to various attacks. But the model sometimes it is very difficult for normal network behavior
negative Prevention: the ability for known attack, attack signature database build, and then look for matching behavior in network data, and thus play a role in blocking or found. The disadvantage is that use negative security products can not deal with unknown attacks, and the need to constantly update the signature database
5, talk about your understanding and awareness of network security model.
Slightly
Chapter VIII of the security system
1, in addition to the basic operating system security mechanisms authentication mechanisms, access control mechanisms, security auditing mechanisms, note also the need for further improvement of operating system security point of view from which
2, briefly for several applications software systems major security threat
of buffer overflow attacks, heap overflow attacks, attacks a stack overflow, format string exploits, etc.
3, outlined how to effectively prevent attacks against a database of
1 writing secure Web page 2 database server security settings
4, explained the importance of database backup systems for security
backup for the security of the system means it will always be indispensable it provides security to the system last barrier. When other security measures fail, the backup for our timely data recovery provides a convenient and reliable barrier
Chapter 9 Network Security Technology
1. What is a firewall, what it should have the basic functions?
Internet firewall is a (set of) system, it can enhance network security within the organization, to strengthen inter-network access control to prevent illegal use of resources external users of the internal network, internal network protection equipment is not destroyed to prevent the internal network of sensitive data stolen.
The basic function of a firewall is to filter network traffic shield to prevent unauthorized access to and from the computer network.
2, which has several firewall architecture, what their strengths and weaknesses, how to choose a firewall architecture?
(1) dual-homed host firewall
dual-homed host logon by the user directly to the dual-homed host up to provide services that many need to open an account on a dual-homed host, which is very dangerous:
the presence of (a) user accounts will give intruders provide a relatively easy path invasion, each account has a generally reusable passwords (i.e. usually password, one-time password and relative), so that an intruder easily cracked. Many ways to crack the code available, there is dictionary attack, forced or obtained by searching the network eavesdropping.
(B) If there are a lot of accounts on a dual-homed host, administrators maintain it is very strenuous.
(C) User accounts can reduce the stability and reliability of the machine itself.
(D) because the user's behavior is unpredictable, as there are many user accounts on a dual-homed host, this will give a great deal of trouble intrusion detection.
(2) be shielded host firewall
Generally, routers only provide a very limited service, the router easier to implement than to defend the host defense, this point can be seen that the shielded host structure can provide better security than the dual-homed host and availability.
However, if the attack managed to invade bastion host, then there is no network security stuff between the bastion host and the rest of the internal hosts. Router will also be such a problem if the router is compromised, the entire network is open to raiders. Therefore, the screened subnet architecture is becoming increasingly popular.
(3) to be screened subnet firewall
using a bastion host subnet mask architecture intruder can not easily be controlled, if the bastion host is controlled, the intruder still can not directly attack the internal network, internal network remains protected inside the filter router.
(4) Other forms of firewall architecture: internal routers will be masked and the external router subnet structures combined; screened subnet structure combined bastion host and the external router; use multiple bastion host; using multiple external router; use a plurality of peripheral networks.
When selecting a firewall practice, the need to balance security firm conditions and equipment limitations, in order to use the simplest device to achieve a relatively high degree of safety.
3, through surveys and Web search, list some of the actual firewall products, as well as some of their main arguments.
4, vpn works briefly, why you want to use VPN technology?
5. What is intrusion detection, whether it can be used as a security policy alone?
Intrusion detection refers to find intrusion. It collects information through a number of key points in a computer network or computer system and to analyze the information collected to determine whether there is a violation of the security policy of the network or system and signs of being attacked. IDS is to complete intrusion detection software, hardware, and combinations thereof, it attempts to detect, identify and isolate "invasion" attempt inappropriate or unauthorized use of a computer.
Intrusion detection system in general after the firewall detects network activity in real time. In many cases, due to the ban can be recorded and network activity, so the intrusion detection system is a continuation of the firewall. They can work with routers and firewalls and is generally not used alone as a security policy.
6. Describe how the intrusion detection systems and firewalls coordination.
First, install a firewall, and to develop appropriate security policies to be implemented, thus completing the first layer of protection to the network. After the firewall intrusion detection systems in real-time detection of network activity. Scanning intrusion detection system currently active in the network, network traffic monitoring and recording, to filter network traffic from the host line card in accordance with defined rules, real-time alerts. Network administrators analyze intrusion detection system to leave a record, updating the security policy of the firewall and intrusion detection systems to enhance security of the system.
7, outlining the principles of security scanning technology.
The basic principle is to simulate hacker attacks target known security vulnerabilities that may exist itemized testing, security vulnerability detection can be performed on various objects workstations, servers, switches, databases, etc.
8. What is the physical isolation network?
The so-called physical isolation, passage means in the internal network and the external network not physically connected to each other, two completely independent systems physically. To achieve the object of the external network and the internal network physical isolation, we must ensure that do the following:
(1) external networks physically cut off conduction.
(2) cut off the internal and external networks physically radiation.
(3) two partitions on a physical storage network environment.
9, internal and external network isolation technology is mainly divided into several categories?
User-level physical isolation: (1) Dual physical isolation system; (2) two hard physical isolation system; (3) a single hard disk physical isolation system.
Network-level physical isolation: (1) Isolation hub; (2) Internet relay server information; (3) isolating the server.
10, the main content of network security, including what?
11, to detect computer viruses What are the main?
(1) Method wherein the code
(2) and the checksum method
(3) behavioral assay
(4) software simulation
(5) VICE prophet scanning
methods 12, against computer virus test gives
an irregular some not easily beware of websites that spread e-mail viruses 3 for unknown channels, floppy disk, U disk and other portable access device, before using narcotics 4 should always focus on some sites, BBS report released virus 5 for important documents, data do 6 regular backups can not because of fear of the virus do not dare to use the network, the network will lose its significance as
13, features wireless network security threats are there?
1 3 Mobility dynamic topology of the second terminal using a wireless medium 4 limited bandwidth limited resources of the terminal 5
14, wireless network security measures, including what?
A link encryption data confidentiality ① ② ③ end encryption the encrypted node
2 connected to the integrity of data integrity ① ② ③ connectionless integrity domain selected from the data file integrity integrity ④
3 authentication ① ② entity authentication data origin authentication
4 access control
5 repudiation