Aug 1999 SC223 : Computer Security (Question 1) Suggested solutions

August 1999
SC223 : COMPUTER SECURITY

QUESTION 1 (Compulsory)

Total Marks: 20 Marks

Click here to access other questions

SUGGESTED SOLUTIONS
Solutions and allocated marks are indicated in green.
Return to Question 1

(a)	Explain the characteristics of computer intrusion.	[2]
	In any system, the weakest point is the most vulnerable. One can expect an intruder to use any available means of penetration.
(b)	Explain briefly the purpose of a public key protocol.	[2]
	Used between communicating entities to authenticate systems. Also used to hide the messages.
(c)	Identify any two major goals of legal issues in computer security.	[2]
	Protection of code and data Protection of access to programs Protection of computing against criminals
(d)	Name the two basic methods by which a system can provide security.	[2]
	System Access Controls (1 mark) and Data Access Controls.
(e)	Identify and explain any two categories of vulnerabilities in PC security.	[4]
	User responsibility Improper procedure for use Hardware concerns Software concerns
(f)	List three advantages and one disadvantage of conducting a disaster simulation.	[4]
	Advantages: Ensure that employees are aware of the plan and are able to response to it. Test whether the backup arrangement is working effectively. Results are useful for subsequent evaluation to enhance the plan.
(g)	List and explain the different forms of non-repudiation services provided in networks.	[4]
	Nonrepudiation with proof of origin: proof of origin is provided to the recipient of the message. Nonrepudiation with proof of delivery: proof of delivery is provided to the sender of a message.