midterm 1 solution-Fall05

Security in Computing (3rd Edition)

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner MT 1 Soln Problem 1. [Short answer] (30 points) Give brief answers (one or two sentences) to each of the following. (a) What is the principle of least privilege? Why is it important? It states that programs and users should receive only the minimal amount of privilege needed to function correctly, and nothing more. This limits the amount of damage done by the program if it is buggy or hacked. (b) Is a TCP connection secure against eavesdropping? Why or why not? No. TCP sends data in cleartext (unencrypted), so an eavesdropper can see all data transmitted. (c) You have a copy of Anthony Joseph’s certiFcate chain: his certiFcate is signed by the EECS department; the EECS department’s certiFcate is signed by UC Berkeley; UC Berkeley’s certiFcate is signed by Verisign. Whose public keys do you need to know in advance in order to obtain the correct public key for Anthony? Verisign’s key suffices. In fact, any one of the public keys mentioned is enough. Problem 2. [Packet flters] (20 points) (a) We have an internal webserver, used only for testing purposes, at IP address on our internal corporate network. The packet Flter is situated at a chokepoint between our internal network and the rest of the Internet. Can such a packet Flter block all attempts by outside hosts to initiate a direct TCP connection to this internal webserver? If yes, show a packet Fltering ruleset that provides this functionality; if no, explain why a (stateless) packet Flter cannot do it. Yes. An ruleset such as the following will do the trick:
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This homework help was uploaded on 01/29/2008 for the course CS 194 taught by Professor Joseph during the Fall '05 term at Berkeley.

Page1 / 3

midterm 1 solution-Fall05 - CS 161 Fall 2005...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online