INFORMATION SYSTEMS AND SECURITY AUDIT 1. Define the following terms: (6 Marks) -Integrity In information security, integrity means that data cannot be modified undetectably. This is not the same thing as referential integrity in databases, although it can be viewed as a special case of Consistency as understood in the classic ACID model of transaction processing. Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality. – Confidentiality
Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored.
If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred. – Non-repudiation In law, non-repudiation implies one’s intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction. Electronic commerce uses technology such as digital signatures and public key encryption to establish authenticity and non-repudiation. 2.
Describe the function of Record Layer in SSL Architecture (2 Marks) The SSL Record Protocol provides basic security services to various higher-layer protocols. In particular, the HTTP, which provides the transfer service for Web client/server interaction, can operate on top of SSL. Three higher-layer protocols are defined as part of SSL: the Handshake Protocol, the Change CipherSpec Protocol, and the Alert Protocol. These SSL-specific protocols are used in the management of SSL exchanges. 3. List the four phases of virus nature (2 Marks)
The first phase of a virus code attack is the placement of the code where it may be executed so that it can install itself in the main memory. Listed below are some methods adopted for the installation of viral code in the computer memory. The first phase of a virus code attack is the placement of the code where it maybe executed so that it can install itself in the main memory. The second phase involves saving the viral code to hard or floppy disk in such a way as to make it difficult to be detected and removed.
The layout of MicroSoft Disk Operating System (MS-DOS) provides the following areas in a hard or floppy disk which is largely hidden from users but accessible to DOS commands only. One of the most common techniques used by virus writers is to copy Boot Sector 0 to an unused sector on the disk and then overwrite Boot Sector 0 with viral code. Whenever the disk is booted, the viral code is executed and loaded into the memory. The viral code then loads the original boot sector from its new position and passes control to it, and then system is able to continue apparently normally.
The third phase involves a test for a condition which if met, will activate the virus. A condition may be a specified time, date or after a specified number of copies of the viral code have been made. The fourth and final phase is the action phase of the virus. During this phase, the virus attacks the target system and the effect of the attack may be destructive or non-destructive. 4. Briefly describe the three cryptographic algorithms (5 Marks) DES This is the ‘Data Encryption Standard’. This is a cipher that operates on 64-bit blocks of data, using a 56-bit key. It is a ‘private key’ system. RSA
RSA is a public-key system designed by Rivest, Shamir, and Adleman. HASH A ‘hash algorithm’ is used for computing a condensed representation of a fixed length message/file. This is sometimes known as a ‘message digest’, or a ‘fingerprint’. MD5 MD5 is a 128 bit message digest function. It was developed by Ron Rivest. AES This is the Advanced Encryption Standard (using the Rijndael block cipher) approved by NIST. 5. Using Diffie-Hellman Algorithm show that KA=KB , use n=7 and g=3 (5 Marks) 6. Explain the process of generating Cipher and Decrypting Cipher using RSA (5 Marks) The algorithm is based on modular exponentiation.
Numbers e, d and N are chosen with the property that if A is a number less than N, then (Ae mod N)d mod N = A. This means that you can encrypt A with e and decrypt using d. Conversely you can encrypt using d and decrypt using e (though doing it this way round is usually referred to as signing and verification). • The pair of numbers (e,N) is known as the public key and can be published. • The pair of numbers (d,N) is known as the private key and must be kept secret. The number e is known as the public exponent, the number d is known as the private exponent, and N is known as the modulus.
When talking of key lengths in connection with RSA, what is meant is the modulus length. An algorithm that uses different keys for encryption and decryption is said to be asymmetric. Anybody knowing the public key can use it to create encrypted messages, but only the owner of the secret key can decrypt them. Conversely the owner of the secret key can encrypt messages that can be decrypted by anybody with the public key. Anybody successfully decrypting such messages can be sure that only the owner of the secret key could have encrypted them.
This fact is the basis of the digital signature technique. 7. Without a diagram show DES steps and list formula of determining DES 16 rounds of Permutations for left and Right Block (5 Marks) DES exhibits the complementation property, namely that if we consider a triple length key to consist of three 56-bit keys K1, K2, K3 then encryption is as follows: • Encrypt with K1 • Decrypt with K2 • Encrypt with K3 Decryption is the reverse process: • Decrypt with K3 • Encrypt with K2 • Decrypt with K1 [pic] where [pic]is the bitwise complement of x. EK denotes encryption with key K.
P and C denote plaintext and ciphertext blocks respectively. The complementation property means that the work for a brute force attack could be reduced by a factor of 2 (or a single bit) under a chosen-plaintext assumption. DES also has four so-called weak keys. Encryption (E) and decryption (D) under a weak key have the same effect: EK(EK(P)) = P or equivalently, EK = DK. There are also six pairs of semi-weak keys. Encryption with one of the pair of semiweak keys, K1, operates identically to decryption with the other, K2: [pic]or equivalently, [pic]
It is easy enough to avoid the weak and semiweak keys in an implementation, either by testing for them explicitly, or simply by choosing keys randomly; the odds of picking a weak or semiweak key by chance are negligible. The keys are not really any weaker than any other keys anyway, as they do not give an attack any advantage. 1. Describe VOIP and explain SIP session setup as applied in VOIP Security VOIP refers to Voice over internet protocol. SIP (Session Initiation Protocol) is an application-layer control protocol that can establish, modify, and terminate multimedia sessions such as Internet telephony calls (VOIP).
SIP can also invite participants to already existing sessions, such as multicast conferences. SIP supports five facets of establishing and terminating multimedia communications in VOIP security: • User location: determination of the end system to be used for communication; • User availability: determination of the willingness of the called party to engage in communications; • User capabilities: determination of the media and media parameters to be used; • Session setup: “ringing”, stablishment of session parameters at both called and calling party; • Session management: including transfer and termination of sessions, modifying session parameters, and invoking services. 2. Describe various types of Wireless Security protocols WEP encryption In the WEP (Wired Equivalent Privacy) encryption security method, wireless stations must use a pre-shared key to connect to your network. This method is not recommended, due to known security flaws in the WEP protocol. It is provided for compatibility with existing wireless deployments. Note: The router and the wireless stations must be configured with the same WEP key.
WPA-Personal: password authentication, encryption The WPA-Personal (Wi-Fi Protected Access) security method (also called WPA-PSK) uses MIC (message integrity check) to ensure the integrity of messages, and TKIP (Temporal Key Integrity Protocol) to enhance data encryption. WPA-Personal periodically changes and authenticates encryption keys. This is called rekeying. This option is recommended for small networks, which want to authenticate and encrypt wireless data. Note: The router and the wireless stations must be configured with the same passphrase. WPA2 (802. 11i)
The WPA2 security method uses the more secure Advanced Encryption Standard (AES) cipher, instead of the RC4 cipher used by WPA and WEP. When using the WPA-Personal security methods, the ZoneAlarm enables you to restrict access to the WLAN network to wireless stations that support the WPA2 security method. If this setting is not selected, the ZoneAlarm router allows clients to connect using both WPA and WPA2. 4. To describe various types of Network firewalls and why they are vital component for maintaining a secure environment. Discuss how you can use various types of firewalls to be able to describe network forensics. . Explain various usage of biometrics and how they are used using real world examples IS AUDIT Case Study Background Displaytech, Inc. makes and sells with superior image quality for electronic viewfinders in consumer digital still cameras, camcorders, and mobile communication devices. Founded in 1985, it employs 50 employees at its headquarters in Longmont, Colorado. Displaytech also has a partnership facility in Tokyo, Japan. The Challenge Displaytech experienced employee downsizing and shortly afterward hired a new management team.
Its computer network was not given proper attention or resources during the transition. The new team was concerned with the system’s security and stability. Displaytech wanted an unbiased assessment of the current network system with two specific goals: to identify vulnerable areas that could easily be breached and to define critical areas of the network that would likely impact the business during hardware or configuration failures. The company needed the assessment report to be easily translated into an action plan. It wanted to address network issues as quickly and efficiently as possible.
The Result Mile High Networks conducted a security and stability audit of the entire network system including servers, routers and firewalls. Each component was evaluated with emphasis on device configuration and log files. Additionally, the entire network was evaluated for how the business was using resources to help identify vulnerable areas. Mile High Networks: • Interviewed key department personnel to identify critical data and ascertain how the network was being used. • Reviewed system logs for all network components to determine stability issues. Reviewed all network hardware identified as business critical to determine single points of failure. • Evaluated all network perimeter device configurations that could make the network vulnerable. • Evaluated company practices that could lead to system breaches. Assignment Assuming you are head of Mile High Networks that conducted security and stability audit. Write a comprehensive audit report giving detailed recommendations / Action plan. NB: Follow procedures of writing a academic research paper, Minimum of 8 pages. Check IS Audit power point