Your bag is empty
Don't miss out on great deals! Start shopping or Sign in to view products added.
Shop What's New Sign inSolution Manual for Network Security Essentials: Applications and Standards, 6th Edition
Preview Extract
SOLUTIONS MANUAL
N ETWORK S ECURITY
E SSENTIALS : A PPLICATIONS
AND S TANDARDS
S IXTH E DITION
W ILLIAM S TALLINGS
Copyright 2016: William Stallings
ยฉ 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
TABLE OF CONTENTS
Chapter 1 Introduction ……………………………………………………. 5
ย
Chapter 2 Symmetric Encryption and Message Confidentiality ……. 11
ย
Chapter 3 Public-Key Cryptography and Message Authentication … 22
ย
Chapter 4 Key Distribution and User Authentication ………………… 29
ย
Chapter 5 Network Access Control and Cloud Security …………….. 38
ย
Chapter 6 Transport-Level Security ……………………………………. 41
ย
Chapter 7 Wireless Network Security ………………………………….. 44
ย
Chapter 8 Electronic Mail Security ……………………………………… 48
ย
Chapter 9 IP Security …………………………………………………….. 53
ย
Chapter 10 Malicious Software………………………………………….. 60
ย
Chapter 11 Intruders …………………………………………………….. 67
ย
Chapter 12 Firewalls ……………………………………………………… 74
ย
Chapter 13 Network Management Security …………………………… 81
ย
Chapter 14 Legal and Ethical Aspects …………………………………. 85
ย
Chapter 15 SHA-3 ………………………………………………………… 92
ย
-4ยฉ 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
CHAPTER 1 INTRODUCTION
ANSWERS TO QUESTIONS
1.1 The OSI Security Architecture is a framework that provides a systematic
way of defining the requirements for security and characterizing the
approaches to satisfying those requirements. The document defines
security attacks, mechanisms, and services, and the relationships
among these categories.
1.2 Passive attacks have to do with eavesdropping on, or monitoring,
transmissions. Electronic mail, file transfers, and client/server
exchanges are examples of transmissions that can be monitored. Active
attacks include the modification of transmitted data and attempts to
gain unauthorized access to computer systems.
1.3 Passive attacks: release of message contents and traffic analysis.
Active attacks: masquerade, replay, modification of messages, and
denial of service.
1.4 Authentication: The assurance that the communicating entity is the
one that it claims to be.
Access control: The prevention of unauthorized use of a resource (i.e.,
this service controls who can have access to a resource, under what
conditions access can occur, and what those accessing the resource are
allowed to do).
Data confidentiality: The protection of data from unauthorized
disclosure.
Data integrity: The assurance that data received are exactly as sent by
an authorized entity (i.e., contain no modification, insertion, deletion, or
replay).
Nonrepudiation: Provides protection against denial by one of the
entities involved in a communication of having participated in all or part
of the communication.
Availability service: The property of a system or a system resource
being accessible and usable upon demand by an authorized system
entity, according to performance specifications for the system (i.e., a
system is available if it provides services according to the system design
whenever users request them).
-5ยฉ 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
1.5 See Table 1.3.
1.6 Economy of mechanism: the design of security measures embodied in
both hardware and software should be as simple and small as
possible.
Fail-safe defaults: access decisions should be based on permission
rather than exclusion.
Complete mediation: every access must be checked against the access
control mechanism.
Open Design: the design of a security mechanism should be open rather
than secret.
Separation of privilege: a practice in which multiple privilege attributes
are required to achieve access to a restricted resource.
Least Privilege: every process and every user of the system should
operate using the least set of privileges necessary to perform the
task.
Least common mechanism: the design should minimize the functions
shared by different users, providing mutual security.
Psychological acceptability: the security mechanisms should not
interfere unduly with the work of users, while at the same time
meeting the needs of those who authorize access.
Isolation: a principle that applies in three contexts. (1) public access
systems should be isolated from critical resources (data, processes,
etc.) to prevent disclosure or tampering. (2) the processes and files
of individual users should be isolated from one another except where
it is explicitly desired. (3) security mechanisms should be isolated in
the sense of preventing access to those mechanisms.
Encapsulation: a specific form of isolation based on object-oriented
functionality.
Modularity: refers both to the development of security functions as
separate, protected modules and to the use of a modular architecture
for mechanism design and implementation.
Layering: the use of multiple, overlapping protection approaches
addressing the people, technology, and operational aspects of
information systems.
Least Astonishment: means that a program or user interface should
always respond in the way that is least likely to astonish the user.
1.7 An attack surface consists of the reachable and exploitable
vulnerabilities in a system. An attack tree is a branching, hierarchical
data structure that represents a set of potential techniques for
exploiting security vulnerabilities.
ANSWERS TO PROBLEMS
-6ยฉ 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
1.1 The system must keep personal identification numbers confidential, both
in the host system and during transmission for a transaction. It must
protect the integrity of account records and of individual transactions.
Availability of the host system is important to the economic well being
of the bank, but not to its fiduciary responsibility. The availability of
individual teller machines is of less concern.
1.2 The system does not have high requirements for integrity on individual
transactions, as lasting damage will not be incurred by occasionally
losing a call or billing record. The integrity of control programs and
configuration records, however, is critical. Without these, the switching
function would be defeated and the most important attribute of all availability – would be compromised. A telephone switching system must
also preserve the confidentiality of individual calls, preventing one caller
from overhearing another.
1.3 a. The system will have to assure confidentiality if it is being used to
publish corporate proprietary material.
b. The system will have to assure integrity if it is being used to laws or
regulations.
c. The system will have to assure availability if it is being used to
publish a daily paper.
1.4 a. An organization managing public information on its web server
determines that there is no potential impact from a loss of
confidentiality (i.e., confidentiality requirements are not applicable),
a moderate potential impact from a loss of integrity, and a moderate
potential impact from a loss of availability.
b. A law enforcement organization managing extremely sensitive
investigative information determines that the potential impact from a
loss of confidentiality is high, the potential impact from a loss of
integrity is moderate, and the potential impact from a loss of
availability is moderate.
c. A financial organization managing routine administrative information
(not privacy-related information) determines that the potential
impact from a loss of confidentiality is low, the potential impact from
a loss of integrity is low, and the potential impact from a loss of
availability is low.
d. The management within the contracting organization determines
that: (i) for the sensitive contract information, the potential impact
from a loss of confidentiality is moderate, the potential impact from a
loss of integrity is moderate, and the potential impact from a loss of
availability is low; and (ii) for the routine administrative information
(non-privacy-related information), the potential impact from a loss of
confidentiality is low, the potential impact from a loss of integrity is
low, and the potential impact from a loss of availability is low.
-7ยฉ 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
e. The management at the power plant determines that: (i) for the
sensor data being acquired by the SCADA system, there is no
potential impact from a loss of confidentiality, a high potential impact
from a loss of integrity, and a high potential impact from a loss of
availability; and (ii) for the administrative information being
processed by the system, there is a low potential impact from a loss
of confidentiality, a low potential impact from a loss of integrity, and
a low potential impact from a loss of availability. Examples from FIPS
199.
1.5
Release
of
message
contents
Traffic
analysis
Masquerade
Peer entity
authentication
Y
Data origin
authentication
Y
Access control
Y
Confidentiality
Traffic flow
confidentiality
Replay
Modification Denial
of messages of
service
Y
Y
Data integrity
Y
Non-repudiation
Y
Y
Availability
Y
-8ยฉ 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
1.6
Release
of
message
contents
Encipherment
Traffic
analysis
Masquerade
Replay
Y
Y
Y
Y
Modification Denial
of messages of
service
Y
Digital signature
Access control
Y
Y
Data integrity
Y
Y
Y
Y
Authentication
exchange
Y
Traffic padding
Y
Y
Y
Y
Routing control
Y
Y
Y
Notarization
Y
Y
Y
1.7
Open Safe
Pick Lock
Learn
Combination
Find Written Combo
Threaten
Cut Open
Safe
Install
Improperly
Get Combo
from Target
Blackmail
Eavesdrop
Listen to
Conversation
Bribe
Get Target to
State Combo
-9ยฉ 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
1.8 We present the tree in text form; call the company X:
Survivability Compromise: Disclosure of X proprietary secrets
OR 1. Physically scavenge discarded items from X
OR 1. Inspect dumpster content on-site
2. Inspect refuse after removal from site
2. Monitor emanations from X machines
AND 1. Survey physical perimeter to determine optimal monitoring position
2. Acquire necessary monitoring equipment
3. Setup monitoring site
4. Monitor emanations from site
3. Recruit help of trusted X insider
OR 1. Plant spy as trusted insider
2. Use existing trusted insider
4. Physically access X networks or machines
OR 1. Get physical, on-site access to Intranet
2. Get physical access to external machines
5. Attack X intranet using its connections with Internet
OR 1. Monitor communications over Internet for leakage
2. Get trusted process to send sensitive information to attacker over Internet
3. Gain privileged access to Web server
6. Attack X intranet using its connections with public telephone network (PTN)
OR 1. Monitor communications over PTN for leakage of sensitive information
2. Gain privileged access to machines on intranet connected via Internet
-10ยฉ 2017 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Document Preview (8 of 96 Pages)
You are viewing preview pages of the document. Purchase to get full access instantly.
-37%
Solution Manual for Network Security Essentials: Applications and Standards, 6th Edition
$18.99 Save:$11.00(37%)
Store
Evelyn Miller
Best Selling
The World Of Customer Service, 3rd Edition Test Bank
$18.99 Save:$11.00(37%)
Chemistry: Principles And Reactions, 7th Edition Test Bank
$18.99 Save:$11.00(37%)
Test Bank for Strategies For Reading Assessment And Instruction: Helping Every Child Succeed, 6th Edition
$18.99 Save:$11.00(37%)
Solution Manual for Designing the User Interface: Strategies for Effective Human-Computer Interaction, 6th Edition
$18.99 Save:$11.00(37%)
Data Structures and Other Objects Using C++ 4th Edition Solution Manual
$18.99 Save:$11.00(37%)
Test Bank for Hospitality Facilities Management and Design, 4th Edition
$18.99 Save:$11.00(37%)
