Assignment 3

On chapter 6 and 7

 

Due: September 8, 2009, Midnight EST

Total: 25

               Important Note:

·         Do not give URL or link in your answer. Write in your own language.

·         If you get information from some Internet site, you may want to include the website as a reference. But your answer must contain complete explanation or rationale in your own language.

 

1.  For an NIDS system, locations for sensors should be chosen carefully.  How would you decide these locations for wireless NIDS sensors in a wireless network? Give explanation of your choice.              5 pts

 

 

2.   An example of a host-based intrusion detection tool is the tripwire program. Read how this program works from http://www.interpol.int/public/Forensic/IFSS/meeting13/Reviews/Digital.pdf. It uses a protected database of cryptographic checksums for each file checked and compares this value with that recomputed on each file as it is scanned. It must be configured with a list of files and directories to check what changes are permissible with each. What are the advantages and disadvantages of using such a tool?  What is the amount of work for configuring the program and for the system administrator monitoring the program?  5 pts

 

3.  There is a flaw in the virus program of figure 7.1 (textbook, page 221). What is it?      5 pts

 

4. Consider the following piece of code:

begin

 print(*begin print(); end.*);

end

 What do you think the program was intended to do? Does it work?                        5 pts

 

5. Consider the following fragments and indicate what type of malicious software these are and why:    2+3 pts

a.     legitimate code

   if data is Friday the 13^th;  crash computer; legitimate code

 

b.    username = read_username();

password = read_password();

if username is “14350h4ck”

   return ALLOW_LOGIN;

if username and password are valid

    return ALLOW_LOGIN;

else return DENY_LOGIN;