Direction: Use a word processor (Microsoft Word) to answer the questions in the exercise.
Question 1. Malicious Email
Items a-g below are email scenarios where you are the receiver of the email. Answer the questions in each item and justify your answers.
a. You received an unexpected email with an attachment named,
\"SecurityPatches4You.exe\from an unknown sender. What type(s) of malicious code (virus, worm, or Trojan horse) may be included in the email? How did the email reach you? Would you open the attachment?
All above can be included, it reached me by the internet,I wouldn’t open it
b. You received an unexpected email with an attachment named, \"SecurityPatches4You.exe\from your friend Joe. What type(s) of malicious code (virus, worm, or Trojan horse) may be included in the email? How did the email reach you from Joe? Would you open the attachment? All above can be included, by the internet, I wouldn’t open it unless I have got communicated with Joe
c. You received an unexpected email with an attachment named,
\"finalDraft.doc\from your friend Joe. What type(s) of malicious code (virus, worm, or Trojan horse) may be included in the email? How did the email reach you from Joe? Would you open the attachment?
All above can be included , by the internet , I wouldn’t open it unless I have got communicated with Joe
d. You received an expected email with .doc attachment from your friend Joe (assume hidden extensions are exposed). What type(s) of malicious code (virus, worm, or Trojan horse) may be included in the email? How did the email reach you? What would you do and why?
All above can be included , by the internet , I wouldn’t open it unless I have got communicated with Joe
e. You received an unexpected email with no attachment from your friend Joe. The email instructs you to click on the enclosed URL. What type(s) of malicious code (virus, worm, Trojan horse, or mobile code) may be included in the email? How did the email reach you fro Joe? What would you do and why?
All above can be included , by the internet , I will phone joe to ask the usage of the URL , after that I will decided whether to open it or not because his email may be used by others
f. You received an unexpected, digitally signed email with no attachment from your friend Joe. The email instructs you to deposit $10,000 to Joe’s bank account. How did the email reach you? What would you do and why? By the internet , I will try to get communicate with joe to make sure whether he need money and then decided what to do , because his email may be used by others
g. You received an expected, digitally signed email without an attachment from your friend Joe. Joe also confirmed that he sent the email. The email instructs you to deposit $20,000 to Joe’s bank account. How did the email reach you? What would you do and why?
By the internet , I will try to get communicate with joe to make sure whether he need money and then decided what to do , because his email may be used by others
Question 2. Cryptography
In this section, you will encode/decode simple messages using different cryptography methods.
a. Consider the alphabet shift cipher. Complete the following table:
Plaintext Encryption Technique Ciphertext Software Systems b. What is the maximum number of ways you can replace a character using the above alphabet shift cipher? What is the size of the key space? What is a weakness of the alphabet shift cipher above? 25, it is easy to break
c. How does using a secret passphrase as the encryption key compare to using the alphabet shift cipher?
It can make the key space larger, so it is not easy to break
Let us try using a passphrase to encrypt the message \"Meet at noon.\" with a larger key space. The key is \"CBA\". In this case, only encrypt alphabet letters.
d. What is the encrypted message? Pgfw cu qqpq
Now let us explore how to use private/public keys and digital signature. Suppose Jean is sending her friend Erin a secret note with a digital signature.
e. How does Jean include a digital signature? What key does Jean use to encrypt the entire message including the digital signature?
f. How does Erin decrypt the message, and verify that the message was from Jean?、
she use secret passphrase to decrypt the message
Shift right 4 by characters Shift right by 3 characters Wsjxaevi Vbvwhpv Question 3. Trusting Web Sites
A new e-commerce company, eSale.com has launched. It sells named-brand clothing at discounted prices.
a. When you access the site, a certificate warning appeared, how would you go about deciding whether to accept the certificate or not? I will search the internet to find some information about the site b. You decided to trust the site, and input your personal information. After you have submitted your personal information, a page returned asking you to confirm the information on the page. How can you be sure that your information was served back through a secure connection?
If the address is right, I could be sure my information was served back.
c. If a malicious intruder cracked your password and gained access to the site via your account, list two malicious activities the intruder can perform, and list two malicious activities the intruder cannot perform. A He can use my ID to enter the site, he can get my information in the site
B he can’t change my personal information, he can’t change my passwords
d. On the other side, as a network administrator working for eSale, list three actions you would perform after you found out that illegitimate users have been tampering with data on your site (assuming you already have a firewall)?
I will change the information back first, then I will check the loss we had, after that I will try to find the intruder
Question 4. Data Backups
Consider the process of restoring data to a server from backup media. Assume the server failed Friday, November 14, at 3:00 P.M.
For each backup procedure below, indicate what data is lost, and describe the procedures for restoring data. a. Full backup every Friday at 6:00 P.M.
the data from last Friday to this Friday will be lost
b. Full backup every Friday at 6:00 P.M. and differential backup every Wednesday at 6:00 P.M.
t the data from last Friday to this Wednesday will be lost
c. Full backup every Friday at 6:00 P.M. and incremental backup every Monday, Tuesday, Wednesday, and Thursday at 6:00 P.M. the data from last Friday to this Thursday will be lost
Your grade will be based upon the following: Questions
1. Malicious Email (35%) 2. Cryptography (40%)
3. Trusting Web Sites (13%) 4. Data Backups (12%)
因篇幅问题不能全部显示,请点此查看更多更全内容