Question 1:

A- Compare between >

-Virus , wormes
Viruses:
-Is self-reproducing automation ,is not an independent program.
-Makes one or more copies of itself, and when these copies are executed, more
copies are made, and infinity.
Wormes:
Is an independent program that can replicate itself and spreads to different sites
over a network.

-Firewalls Filter , Firewalls gatway

The filter:
- executes a set of rules that have been defined by the firewall administrator at
configuration time.
Gateway:
-intercepts the traffic and authenticates users at the TCP/IP application level.
B-State the filter and prox function for all firewall
Question 2
A. Show by drawing the attack types.
B.

Solution

An Access control list

(Acl for Address file)
Aly(Wrie ,read) , Magdy(Write , read) , Ahmed(Read)
(Acl For payroll Application)
Aly(read) , Magdy(read) , Ahmed(Print)
(Acl For Inventory file)
Aly(Print) , Magdy(Edit) , Ahmed(Edit)

A Capability list
Cl for Aly
Address file (Write , read) , Payroll application (Read) ,Inventory file (print)
Cl for Magdy
Address file (Write , read) , Payroll application (Read) ,Inventory file (Edit)
Cl for Ahmed
Address file ( read) , Payroll application (print) ,Inventory file (Edit)
Question 3
A-Show the major steps for desiging a virus
1- Locate the first executable instruction in the target program.
2- Replace that instruction with an instruction to jump to the memory location
next to the last instruction of the target program.
3- Insert the virus code for execution at the end of the target program.
4- Insert an instruction at the end of the virus program to simulate the original
first instruction of the target program that the virus replaced in step 2.
5- Add another instruction at the end of the virus code to jump back to the
second instruction of the target program.

B-Requirements of one-way hash functions:

1- The one-way hash function H can be applied to a data block M of arbitrary
size.
2- The resulting message digest, d, is of fixed size, the message digest
size is usually 128 bits or 160 bits.
3- The one-way hash function H is easy to implement in both hardware
and software.
4- Given the message digest d, it is very hard to find the original message M.
5- Given the message M, it is very hard to find a data block N such that H
(N) = H (M).
6- It is very hard to find any two data blocks x and y such that: H (x) = H (y).
Question 4
A- what is meant by audit trail and state Aduit requerments
Audit Trail: The process of automatic recording and saving of several
significant system events.
Audit Requirements :
1. Automatically collects information on all the security – sensitive activities.
2. Stores the information using a standard record format.
3. Creates and saves the audit records automatically without requiring any
action by the administrator.
4. Protects the audit records log under some security scheme.
5. Minimally affects the normal computer system operation and performance
b-

H=
(2*3+2*1)+(2*15+2*2)+(2*13+2*3)+(2*16+2*4)+(2*21+2*5)+(2*20+2*6)+
(2*5+2*7)+(2*18+2*8)+(2*19+2*9)+(2*3+2*10)+(2*9+2*11)+(2*5+2*12)+
(2*14+2*13)+(2*3+2*14)+(2*5+2*15)=
(6+2)+(30+4)+(26+6)+(32+8)+(42+10)+(40+12)+(10+14)+(36+16)+(38+18)+
(6+20)+(18+22)+(10+24)+(28+26)+(6+28)+(10+30)=
8+34+32+40+52+52+24+52+56+26+40+34+54+34+40=578.
Question 5
A- Discuss in tail the computer Security Concept
1. Identification Users are identified to a computer or an application through a
user identifier or user-id.
2. Authentication used to verify the identity of user. This verification requires
the exchange of shared secrets between the user and the application.
3. Authorization process of giving access rights to each user ID.
4. Access Control Process of enforcing access rights for network resources.
5. Confidentiality Process used to protect secret information from unauthorized
disclosure.
6. Integrity Data allows the detection of unauthorized modification of data.
7.repudiation-Non Is the capability to provide proof of the origin of data or
proof of the delivery of data.
8. Denial of Service attack is one in which the attacker takes over or consumes
a resource so that no one else can use it.
B-
Question 6

1>Instrusion detection system.

2>Firewall.
3>one time password.
4>Digital signature.
5>workstation monitoring.
6>Access control.
7>Encribution.
8>Prox.
9>one way hash function.
10>Domain name.