Information security system

W assume is the OSI certificate computer architecture? Ans) A Systematic way of life of defining the requirements for protective cover and characterizing the cominges to satisfying them is broadly defined as OSI protective cover organisation architecture. This was developed as an international standard. Foc commits of OSI warranter Architecture 1) certificate polish ups action that compromises the security of instruction owned by an organization. 2) Security mechanism designed to detect, pr even offt, or tame from a security beleaguer. ) Security profit intended to counter security attacks. 1. ) What the battle between dormant and active security threats? Ans) Passive Threats makes attempt to learn or make use of goods and services of information from the musical arrangement but does not affect both remains resources whereas active threats involve adaptation of the data stream. So in passive attack a hacker intrudes your system, and waits for nigh precious in formation. In an active attack a hacker tries to buy the farm the valuable information by using his abilities quite an than depending on the stupidity of the victim. drill for passive attack A account logger which casts the foreplay given by the victim to a hacker via a network (LAN). Example for Active attack Using animal force to crack the password of a system. 1. 5) List and briefly define categories of security helping Ans) The major categories of security service argon namely Confidentially The safeguard of data from unauthorized disclosure by encryption and decryption-preserving authorized restrictions on information entre and disclosure, including means for protecting personalised privacy and proprietary information.Authentication The assurance that the communication entity is the one that it claims to be. The problem of authorization is a good deal thought to be identical to hat of authentication many widely follow standard security protocols, obligatory regulat ions, and even statutes are based on this assumption. right The assurance that data arrived are exactly as sent by an authorized entity.End user allow for receive what is sent-guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity Access chasteness The prevention of unauthorized use of a resource means this service controls that arrest access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do.Ability metre for access-ensuring timely and reliable access to and use of information Availability The property of a system or a system resource being accessible and operating(a) upon demand by an authorized system entity, according to performance specifications for the system. Nonrepudiation Provides protection against defense reaction by one of the entities involved in Chapter 2 2. 2) How many anchors are call for for 2 people to communicate via a harmonious cipher? Ans ) still one make is required for 2 people to communicate via a symmetric cipher. The lynchpin scattering impart send the same key/ single key for encryption and ecryption process. . 9) List and briefly defines trio uses of a cosmos key cryptosystem Ans) encryption/decryption The transmitter encrypts a heart and soul with the recipients public key. Digital signature The sender signs a put across with its underground key. sign language is achieved by a cryptographic algorithmic program applied to the message or to a small block of data that is a function of the message. Key exchange cardinal sides cooperate to exchange a session key. Several different approaches are possible, involving the toffee-nosed key(s) of one or both parties. 2. 10) What is the diversion between cliquish key and a inexplicable key?Ans) Secret key is use in symmetric encryption. both sender and murderer have obtained copies of a mystery story key in upright fashion and keep the key secured. The secluded key is used with public key in asymmetric encryption. The sender will send encryption document with the receiver public key, then the receiver will decrypt the document with his/ her private key. The private key is not shared with anyone. The mystic key must be contractable to or shared with all parties by a method outside the communications link it is intended to secure. 2. 13) How can public key encryption be used to distribute a secret key?Ans) Several different pproaches are possible, involving the private key(s) of one or both parties. one(a) approach is Diffle-Hellman key exchange. Another approach is for the sender to encrypt a secret key with the recipients public key. The key distribution uses the asymmetric encryption to send secret key to the receiver by her/ his public key. Then the receiver will use his/ her private key to decrypt to get her/ his secret key. Problem 2. 9)Construct a take in similar to figure 2. 9 that includes a digital signature to authenticate the message in the digital envelope. Sol) We can try the creation of digital envelope as a solution.