Computer Security

25%) Assume an attacker has compromised a number of broadband connected
computers to use as zombie systems for a distributed denial of service (DOS) attack.
If the ISP provides a maximum uplink data rate of 768 Kbps in ADSL, what is the
maximum number of 128-byte IMP echo request (ping) packets a single zombie
computer can send per second? How many such zombie systems would the attacker
need to flood a target server connected in:
(a)A Fast Ethernet.
(b) A Gigabit Ethernet.
2. (15%) UNIX treats file directories in the same fashion as files; that is, both are defined by the
same type of data structure, called an inode. As with files, directories include a nine-bit
protection string. If care is not taken, this can create access control problems. For example
consider a file with protection mode 644 (octal) contained in a directory with protection mode
730. How might the file be compromised in this case? What can we do to stop this vulnerability
without changing the protection mode 730 for the directory?(20%) As part of a formal risk assessment of information systems in a small
accounting firm with limited IT support, you have identified the assets “integrity of
customer and financial data report files on desktop systems” and “database and its
backup systems” and the threat “corruption of these files due to import of a worm/virus
onto system” and “synchronization of database and its backup.” Suggest reasonable
values for the items in the risk register shown in Table 14.5 for this asset and threat.
and provide justifications for your choices.
2. (40%) Comparing with one-factor authentication, two-factor authentication provides
more protection to the user identity in online services. Please compare three different
types of currently available techniques for second factor with regarding to
(a) Men-in-the-Middle prevention
(b) Password cracking
(c) Eavesdropping
(d) Trojan horse or Key logging
(e) Loss of second factor