1. Explain in detail any three security requirements of a programming language.

Memory protection
If a memory reference is local to R then only statements in R can assign to it or take its contents.
However, any imaginable kind of restricted access (e.g. read-only, write-only, and increment-
only) can be allowed programs outside R by providing them with an appropriate procedure
defined inside R.

Type checking
These include providing earlier (and usually more accurate) information on programmer errors,
providing documentation on the interfaces of components (e.g., procedures, functions, and
packages or modules), eliminating the need for run-time type checks, which can slow program
execution, and providing extra information that can be used in compiler optimizations.
Exception Handling.
Programming languages should have exception handlers. Exceptions are anomalies than can
occur during execution of a program, and need to be caught, to ensure continued execution of the
program.

2. Briefly explain why it is important to consider security in the design of Operating

Systems.

To ensure confidentiality. In the case of a group of users creating accounts on a single

operating system, there is need for data confidentiality between the users. Each user
should not be able to use confidential files from the session of another user.

Integrity. Data integrity is very crucial to an operating system. This involves the
correctness of data stored on a computer. Without security, data can be maliciously
modified, thereby losing its integrity.

Availability. An operating system has to be reliably accessible at any given point in

time. To ensure continued availability, security policies have to be implemented to
prevent modification of the systems important files.
 3. Assuming that as a network engineer, you are supposed to implement a firewall,
how would you go on to select the right firewall for the organization?

Consider number of users accommodated on the network system.

Amount of RAM, i.e. Use Dynamic RAM where the number of users is little and
Static RAM for an increased number of users.
Security policies should cover prime types of attacks that the organization needs to
protect itself from.
The cost of the firewall.
Consider the value of assets to be protected, i.e. easily recoverable or not easy to
recover.

4. Briefly explain the SNORT intrusion detection mechanism.

Snort starts by parsing the command line arguments and sets the flag, to fill and initialize the PV
structure. Followed by initialization of log-in rules. Linked lists are generated according to rules
files, while calling correlated routine initialization preprocessing module, output module.
Captures the packet by calling LINPAC structure function and process the corresponding packet.

Snort network protocol analytic function is called to hierarchically parse the

Packet and then store the parsed results into the structure packet. Packet structure
Stores useful packet information extracted from the data package to facilitate
Follow-up procedure calls. It is mainly stored in a pointer pointing to the packet
Header information, and a pointer to the layers of the packet header structure information,
source/destination port number and the IP address, data pointer, data
Length of the data packets, TCP/IP decoding information, and so on.

After the completion of packet parsing, Snort will compare the parsed results
And given rules to determine whether intrusion occurred when the packet behavior
Consistent with a rule, the system will start process according to the rules of the
Appropriate way, and finally through the output module for logging or alarm.

The diagram shows SNORT workflow clearly showing the intrusion detection
mechanism.

5) State any data protection law and explain what it entails. [3]
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not
be further processed in any manner incompatible with that purpose or those purposes. This
means that anyone who accesses any data that belongs to someone or which is someone elses
work should only use it for the specific purpose for which they have attained it for otherwise
they are violating the protection laws should they go beyond what they have accessed it for.
6) Distinguish Host-based IDS and Network based IDS. [4]

Host-based IDS Network based

Focus on activity on the client or server
machine they're installed on.
aimed at collecting information about
activity on a particular single system, or
host
Only examine application activities
Can examine whether any attacker is
successful or not
IDS.
Use sensors with NICs (network interface
cards) set to promiscuous mode to monitor
network activity
collect information from the network itself
rather than from each separate host
Examine network, transport and application
level protocol activity
Only give an alert to the attack

7) Give any two advantages and two disadvantages of VPN. [4]

Advantages of VPN
1. It offers a much higher level of secure communication as compared to other remote
methods of communication due to the advanced technologies that are used to protect the
network from unauthorized access. It has secure Communication between Sites
2. Scalability - are very flexible in terms of growing with the company and adding new
users to the network. This type of infrastructure allows for scalability without having to
add new components to accommodate the growth.
Disadvantages of VPN
The design and security implementation for a virtual private network can be
complex meaning that it requires a professional with a high level of understanding
for the best type of VPN configuration and some of the security issues that can
occur when using an VPN.
The use of mobile devices to initiate connectivity to the virtual private network
can cause security issues especially if the connection is wireless thus an added
solution is sometimes needed to tighten up security when logging on to the VPN
with a mobile device.
VPN requires attention in setting clear security system to prevent acts of
cybercrime due to the provision of public access.
7) Honeypots and Tarpits are used in intrusion detection. Give two advantages and
two disadvantages of Tarpits. [4]
Advantages of Tarpits
 Easy and cheap to use
Can customize for specific worms for example it can analyse incoming packets to
port 80 and only tarpit web connections from worms
Disadvantages of Tarpits
Can cause some operating systems to crash
Might trap valid host

8) Give any three benefits of Virtual Machines. [3]

Easy maintenance, application provisioning, availability and convenient recovery
Multiple OS environments can exist simultaneously on the same machine,
isolated from each other
Virtual machine can offer an instruction set architecture that differs from real
computer's

9) Give any two attacks that can occur on mobile devices as well as two that can occur on
web servers. [4]

Two attacks that can occur on mobile devices

Malware thus Virus hosted on a legitimate code, replicable spread worms,
Trojan horses with action in purpose
Network exploit thus hackers take advantage of vulnerability or flaw of users
web browser on mobile device in Wi-Fi communication to attack victims by use
of malicious code or data

Two attacks that can occur on web servers

Session hijacking - consists of the exploitation of the web session control
mechanism, which is normally managed for a session token by stealing or
predicting a valid session token to gain unauthorized access to the Web Server.
Username enumeration - is a type of attack where the backend validation script
tells the attacker if the supplied username is correct or not by attempting to use
 some trivial usernames with easily guessable passwords, such as test/test,
admin/admin, guest/guest etc.
10) Distinguish Tunnel Mode and Transport Mode.
Tunnel Mode
It is widely implemented in site-to-site VPN
scenarios
Protects the internal routing information by
encrypting the IP header of the original
packet. The original packet is encapsulated
by a another set of IP headers
It supports the NAT traversal
Additional headers are added to the packet;
so the payload MSS is less.
[4]
Transport Mode
The IPsec Transport mode is implemented
for client-to-site VPN scenarios
Encrypts only the payload and ESP trailer;
so the IP header of the original packet is not
encrypted.
It does not support the NAT traversal
MSS is higher, when compared to Tunnel
mode, as no additional headers are required.