Scribd
Upload
124 views

Tutorial 1

[1] The document distinguishes between vulnerability, threat, and control. A vulnerability is a weakness that can be exploited, a threat is a potential for harm, and a control reduces vulnerabilities. [2] It compares data integrity, which ensures authorized changes to information, and system integrity, which ensures the system performs as intended without unauthorized manipulation. [3] A threat is a potential for violation while an attack is a realized threat causing harm. An example of each is given.

Uploaded by

Heng Phin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
124 views

Tutorial 1

[1] The document distinguishes between vulnerability, threat, and control. A vulnerability is a weakness that can be exploited, a threat is a potential for harm, and a control reduces vulnerabilities. [2] It compares data integrity, which ensures authorized changes to information, and system integrity, which ensures the system performs as intended without unauthorized manipulation. [3] A threat is a potential for violation while an attack is a realized threat causing harm. An example of each is given.

Uploaded by

Heng Phin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

BAIT1093 INTRODUCTION TO COMPUTER SECURITY

Tutorial 1: Introduction

1. Distinguish between vulnerability, threat and control.


Vulnerability
* It is defined as a weakness in the security of the system for example, in the case of the
procedures, designs or implementation, they can be exploited easily to cause to the information
security.
Threat
It is defined as the set of circumstances to the computing system that process the potential to
cause harm or damage to the computing system, Represent the potential security harm to an asset.
Control
It is defined as a device, action, procedure or the technique that reduces the vulnerability.

2. What is the difference between data integrity and system integrity?

Data integrity System integrity

Assures that information and programs are The quality that a system has when it
changed only in a specified and authorized performs its intended function in an
manner unimpaired manner, free from unauthorized
manipulation of the system

3. What is the difference between the term threat and attack? Give one example for each term.
Threat Attack

a threat that is carried out and leads to an


Threat is capable of exploiting vulnerability undesirable violation of security An attempt to
and it is the potential security harm to an asset expose, steal, destroy of an asset with an
for example unauthorized disclosure, unauthorized access. For example
potential of violation modification of message

4. What is the difference between passive and active security threats?

Passive Active

It deals with eavesdropping on, or It include the modification of transmitted


monitoring, transmissions. data and attempts to gain unauthorized
- access to computer system
Electronic mails, file transfer is example of -
transmissions that can be monitored Threat of unauthorized change to the state
- of the system
Threat of unauthorized disclosure of
information without changing the state of
system

5. List and briefly define categories of passive and active network security attacks. Use diagrams
to explain your answer.
(1) Release of message content
For a release of message content, a telephonic conversation, an E-mail message or a
transferred file may contain confidential data. A passive attack monitors the contents of
the transmitted data. Passive attacks are very difficult to detect because they do not
involve any alteration of the data.

(2) Traffic analysis


traffic analysis attacks are based on what the attacker hears in the network. ... The
attacker simply listens to the network communication to perform traffic analysis to
determine the location of key nodes, the routing structure, and even application behavior
patterns.
Active attack
[1] Masquerade
Masquerade attack takes place when one entity pretends to be a different entity. A Masquerade
attack involves one of the other forms of active attacks

[2] Replay
A replay attack occurs when a cybercriminal eavesdrops on a secure network communication,
intercepts it, and then fraudulently delays or resends it to misdirect the receiver into doing what
the hacker wants.

[3] message modification attack


In a message modification attack, an intruder alters packet header addresses to direct a message to
a different destination or to modify the data on a target machine. ... With a message modification
attack, the threat actor intercepts a message, changes it and then sends it on to the intended
recipient.

[4] Denial of Service


A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making
it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with
traffic, or sending it information that triggers a crash.

6. Consider an online internet banking system in which users provide a password and account
number for account access. Give examples of confidentiality, integrity and availability
requirements associated with the system and in each case, indicate the degree of importance
of the requirement.

Confidentiality

o The system must keep personal identification number confidential, both in the host system and
during transmission for a transaction.

- Integrity

o Must protect the integrity of account records and individuals’ transactions

- Availability

o Availability of the host system is important to the economic well being of the bank, but not

to its fiduciary responsibilities. The availability of individual teller machine is less concern.
7. Differentiate between a network attack surface and a software attack surface.

Network attack surface


Vulnerabilities over an enterprise network. Wide area network (WAN), LAN or internet

Software attack software


Vulnerabilities in application utility or operating system code.
Focus on web server software

Past Year Questions

8. Since the beginning of the Information Technology era in the 90’s, the term security is widely
used and applied until today. No doubt, security has become more crucial in every aspect of
Information Technology.

(i) Briefly distinguish the differences between computer security and Internet security.
Support each explanation with ONE (1) example.
Computer security mean that it will happen on a standalone computer’s software and
hardware.
o Example – the individual computer only will be affected by the attacker
-
Internet security mean the individual computer or other devices and the network they
connected will be affected by attacker. Example – those devices included the printer, phone and
etc.
(ii) In your opinion, why is it so important to understand these 2 terms in the question
above? Provide TWO (2) reasons to support your answer.
Cyber security
- Because the network is involved and protected our personal information, intellectual
property, data and industry information, avoided those attackers to get those data.
-
Computer security
- Because it can protect your personal data and to maintain the healthy of the computer
to ensure when you are using your computer in faster and smoother performance.

9. “Inside attack is more dangerous than outside attack.” Do you agree with the statement?
Justify your answer.

10. Differentiate authenticity from authorization. Give ONE (1) example for each.

202109 1

You might also like