Reference no: EM133492836
Question 1: A password may become known to other users in a variety of ways. Is there a simple method for detecting that such an event has occurred? Explain your answer.
Question 2: Make a list of six security concerns for a bank's computer system. For each item on your list, state whether this concern relates to physical, human, or operating-system security.
Question 3: Discuss how the asymmetric encryption algorithm can be used to achieve the following goals.
a. Authentication: the receiver knows that only the sender could have generated the message.
b. Secrecy: only the receiver can decrypt the message.
Question 4: Consider a system that generates 10 million audit records per day. Assume that, on average, there are 10 attacks per day on this system and each attack is reflected in 20 records. If the intrusiondetection system has a true-alarm rate of 0.6 and a false-alarm rate of 0.0005, what percentage of alarms generated by the system corresponds to real intrusions?
Question 5: Consider a computer system in which computer games can be played by students only between 10 P.M. and 6 A.M., by faculty members between 5 P.M. and 8 A.M., and by the computer center staff at all times. Suggest a scheme for implementing this policy efficiently.
Question 6: How does the principle of least privilege aid in the creation of protection systems?