Worth 2 Points Each Problem Essay

Excerpt from Essay :

It also has only printable characters


The character is unsuitable since it contains more than 8 characters. It can be guessed by dictionary attack since it is a common name


The password is unsuitable since it has more than 8 characters. Can be guessed by a dictionary attack since it is a common name


The password is suitable since the character length does not exceed eight characters and it contains printable characters


The password is too obvious so it is unsuitable


The password is suitable since it does not contain more than 8 characters. It also contains printable characters.

Problem 3.6

95*95*95*95*95*95*95*95*95*95 + 6.4 million

=95^10/6.4 million

Chapter 4

Question 4.1

DAC is used to define the basic access control policies to various objects. These are set according to the needs of the object owners. The MAC are access control policies that are system-controlled. The system in this case dictates as well as controls the acess levels to various objects.

Question 4.2

RBAC is a completely separate as well as distinct model from DAC and MAC. There are however several relationships between them. As an example, RBAC can effectively simulate DAC and MAC. MAC can also be employed in the implementation of RBAC whenever the role hierarchy is in the form of a tree as oppose to being a partial order.

Question 4.5

Access right are authorization levels that are set for files, folders, partitions and hard drives in order to dictate the level of access, data manipulation as well as general uses of the computing resources.

Problem 4.3


The advantages of using four modes instead of two are;

The ability to implement a fine-grained security policy

The ability to provide a distinction within system kernel code.


Uses too much system resources (Memory in particular)


Yes. A case with more than four modes is achievable. Examples are User-mode debugging, Target application execution, Sleep mode and Kernel-mode debugging.

VAX, x86 can support four modes. The earlier archs (Multics) supported even more modes

Chapter 5.5

The concept of cascading authorization is a security access control technique that works whenever two or more subjects are given the permission of granting as well as revoking some aspects of the access rules to other system subjects. The outcome is the creation of a cascade revocation chain.

Question 5.6

An inference threat is recorded of a given user can effectively deduce sensitive data/information from the otherwise non-sensitive data. It can lead to the exposure of confidential information as well as loss of data and its integrity.

Problem 5.5

In order to effectively determine which value of X's successful grants of EMPLOYEE must subjected to revocation, we must form a list of all remaining grants of X's.










The list of X's grant to others must also be drawn










The grant of DELETE privilege by X at a time when t-25 must get revoked as a result of its earliest remaining DELETE privilege that was receive at the time t-30. The X's grants if INSERT and READ are however allowed to remain since they are at that moment 'supported' by the incoming grants that occurred at an earlier time.

Chapter 6

6.3. Describe the difference between host-based IDS and network-based IDS

A host-based IDS is installed on a given machine and then performs its duties of monitoring the abnormalities in the oncoming traffic. A network IDS on the other hand resides on a span port of a switch from where it monitors all of the information that emanates from the firewall in to the internal network. A larger network may have several strategically positioned sensors.

6.4. What are the three benefits that can be provided by an IDS

1. Should an intrusion be promptly detected, the intruder can effectively be identified as then ejected from the system in good time before any damage is done to thedata or the system. The system is important since it can help prevent further damage should the intrusion be detected early

2. An effective IDS can act as an effective deterrent in the prevention of intrusions

3. Intrusion detection allows for the collection of information on various intrusion techniques. The information can then be used in strengthening of the IDS.


• Ever running

• Tolerant to fault

• Resist to Subversions (Attacks on the IDS)

• Very little overhead

• Highly scalable

• Degradation of the IDS service should never affect the rest of the network.

• Has dynamic configuration to adjust its settings according to the intrusion condition


Depending on the specific network conditions and the environment, network-based IDS may have advantages as well as disadvantages. The disadvantages may include a higher learning curve in the installation, editing as well as maintenance of the software. One must be familiar with the command line interface of some of the software. The creation of the policy as well as editing of the policy posses another challenge. The advantages include;

Running of software like Tripwire on a platform which is Unix-based can be very daunting for a person…

Cite This Essay:

"Worth 2 Points Each Problem" (2011, September 23) Retrieved August 23, 2017, from

"Worth 2 Points Each Problem" 23 September 2011. Web.23 August. 2017. <

"Worth 2 Points Each Problem", 23 September 2011, Accessed.23 August. 2017,