Homework 3

Due Wed. May 31, 2006 before midnight. Email the answers to my Helios account.

  1. Bishop 18.2 - What are the values of doing formal evaluation? What do you see as the drawbacks of evaluation?
  2. Bishop 22.5 - As encryption conceals the contents of network messages, the ability of intrusion detection systems to read those packets decreases. Some have speculated that all intrusion detection will become host-based once all network packets have been encrypted. Do you agree? Justify your answer. In particular, if you agree, explain why no information of value can be gleaned from the network; if you disagree, describe the information of interest.
  3. Pfleeger 5.1 - A principle of the Bell-LaPadula model was not mentioned in this chapter. Called the tranquility principle, it states that the classification of a subject or object does not change while it is being referenced. Explain the purpose of the tranquility principle. What are the implications of a model in which the tranquility principle is not true?
  4. Pfleeger 5.7 - Write a set of rules combining the secrecy controls of Bell-LaPadula model with the integrity controls of the Biba model.
  5. Pfleeger 7.19 - A port scanner is a tool useful to an attacker to identify possible vulnerabilities in a potential victim's system. Cite a situation in which someone who is not an attacker could use a port scanner for a nonmalicious purpose.
  6. Pfleeger 7.21 - Compare copper wire, microwave, optical fiber, infrared and (radio frequency) wireless in their resistance to passive and active wiretapping.
  7. Pfleeger 7.29 - A distributed denial of service attack requires zombies running on numerous machines to perform part of the attack simultaneously. If you were a system administrator looking for zombies on your network, what would you look for?
  8. Pfleeger 7.33 - Why is segmentation recommended for network design? That is, what makes it better to have a separate network segment for web servers, one for the back-end office processing, one for testing new code, and one for system management?
  9. Pfleeger 7.57 - Cite a reason why an organization might want two or more firewalls on a single network.
  10. Pfleeger 7.61 - Why does a stealth mode IDS need a separate network to communicate alarms and to accept management commands?