Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Memory protection
If a memory reference is local to R then only statements in R can assign to it or take its contents.
However, any imaginable kind of restricted access (e.g. read-only, write-only, and increment-
only) can be allowed programs outside R by providing them with an appropriate procedure
defined inside R.
Type checking
These include providing earlier (and usually more accurate) information on programmer errors,
providing documentation on the interfaces of components (e.g., procedures, functions, and
packages or modules), eliminating the need for run-time type checks, which can slow program
execution, and providing extra information that can be used in compiler optimizations.
Exception Handling.
Programming languages should have exception handlers. Exceptions are anomalies than can
occur during execution of a program, and need to be caught, to ensure continued execution of the
program.
Integrity. Data integrity is very crucial to an operating system. This involves the
correctness of data stored on a computer. Without security, data can be maliciously
modified, thereby losing its integrity.
Snort starts by parsing the command line arguments and sets the flag, to fill and initialize the PV
structure. Followed by initialization of log-in rules. Linked lists are generated according to rules
files, while calling correlated routine initialization preprocessing module, output module.
Captures the packet by calling LINPAC structure function and process the corresponding packet.
After the completion of packet parsing, Snort will compare the parsed results
And given rules to determine whether intrusion occurred when the packet behavior
Consistent with a rule, the system will start process according to the rules of the
Appropriate way, and finally through the output module for logging or alarm.
The diagram shows SNORT workflow clearly showing the intrusion detection
mechanism.
5) State any data protection law and explain what it entails. [3]
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not
be further processed in any manner incompatible with that purpose or those purposes. This
means that anyone who accesses any data that belongs to someone or which is someone elses
work should only use it for the specific purpose for which they have attained it for otherwise
they are violating the protection laws should they go beyond what they have accessed it for.
6) Distinguish Host-based IDS and Network based IDS. [4]
9) Give any two attacks that can occur on mobile devices as well as two that can occur on
web servers. [4]
Protects the internal routing information by Encrypts only the payload and ESP trailer;
encrypting the IP header of the original so the IP header of the original packet is not
packet. The original packet is encapsulated encrypted.
by a another set of IP headers
It supports the NAT traversal It does not support the NAT traversal
Additional headers are added to the packet; MSS is higher, when compared to Tunnel
so the payload MSS is less. mode, as no additional headers are required.