BIT3102 BBIT301 BCT2106 BCT2209  INFORMATION SYSTEMS SECURITY AND CRYPTOGRAPHY,NETWORK SECURITY, INFORMATION SECURITY POLICY, PRINCIPLES OF INFORMATION SECURITY.

UNIVERSITY EXAMINATIONS: 2017/2018
EXAMINATION FOR THE DEGREE OF BACHELOR OF SCIENCE IN
INFORMATION TECHNOLOGY
BIT 3102/BBIT 301/BCT 2106/BCT 2209: INFORMATION SYSTEMS
SECURITY AND CRYPTOGRAPHY/ NETWORK SECURITY/
INFORMATION SECURITY POLICY/ PRINCIPLES OF INFORMATION
SECURITY
FULL TIME/PART TIME/DISTANCE LEARNING
DATE: AUGUST, 2019 TIME: 2 HOURS
INSTRUCTIONS: Answer Question One & ANY OTHER TWO questions.

QUESTION ONE [30 MARKS]
a) Discuss any five critical areas physical security must address. 5 Marks
b) Describe how public key encryption is used to establish the authenticity of a message that
is exchanged between two parties, say Alice and Bob. 5 Marks
c) Biometric measurements or personal attributes are used for authentication. These
attributes are unique to the individual seeking to authenticate identification.
(i) List any four types of biometrics that are used for authentication 2 Marks
(ii) Discuss the two types of errors that occur when biometrics are used for
authentication. 4 Marks
d) With the aid of a diagram, explain in detail how an e-banking trojan is deployed to
manipulate banking transactions. 6 Marks
e) Outline any four motives behind information security attacks. 4 Marks
f) Application Embedded Secret Computation is a piece of program code embedded within
an application and performing some secret undocumented computation whenever the application
is running. Describe how the salami attack is conducted 4 Marks
QUESTION TWO [20 MARKS]
a) Discuss how hashing is used in password protection. 3 Marks
b) With the aid of diagrams, outline the procedure for creating:
(i) Signed certificate 5 Marks
(ii) Self-signed certificate. 5 Marks
c) Explain in detail how the RSA algorithm operates. 7 Marks
QUESTION THREE [20 MARKS]
a) (i) Briefly describe how a sniffer works. 2 Marks
(ii) With the aid of a diagram, describe the network components used for lawful
intercept. 4 Marks
b) With the aid of a relevant diagram, explain the Defence-in-Depth strategy. 6 Marks
c) Explain briefly any five information technology attack vectors. 5 Marks
d) Explain any three common motives for committing cybercrimes 3 Marks
QUESTION FOUR [20 MARKS]
Read the following case study carefully and answer the questions that follow.
An international band of cyber crooks that worked its way into dozens of banks has experts
warning of a “new era” of cyber crime where criminals steal directly from banks instead of their
customers. And the problem could soon spread to other industries, experts warn. On Monday,
Moscow-based security firm Kaspersky Lab released a report showing that a gang of international
hackers have stolen as much as $1 billion from 100 banks across 30 countries by installing malware
that allowed them to take control of the banks’ internal operations.
While such hacks have been attempted before, the scale and sophistication of the attacks, which
spanned several nations over several years, has experts worried that this represents a new trend.”
The recent news of bank thefts around the world is an example of the new normal in terms of cyber
attacks leveraging insider threats,” says Eric Chiu, president and co-founder of HyTrust, a cloud
services company.
Previously, the biggest cyber threat to banks was of hackers going after customers, including lifting
their personal financial information and skimming their cards. They were so good at taking control
of the banks’ operations they could remotely dispense cash from ATMs where mules were waiting
on the other end. One bank lost up to $7.3 million this way, the report said.
“These thefts are a significant evolution in approach,” says Mike Lloyd of at RedSeal, a security
analytics company. The success of the method could mean it spreads to other industries, warns
Michael Daly, chief technology office for Raytheon’s cyber-security business.
“It’s definitely not limited to banks,” says Daly, who said it could happen to any company with
business-to-business transactions. The Kaspersky report declined to name the banks
a) With the aid of a diagram explain the procedure used by hackers to set up and exploit
victims using botnet 6 Marks
b) With the aid of a diagram explain how an attacker would set up a botnet and cause a
denial of service attack. 6 Marks
c) With the aid of a diagram explain the typical organizational chart of organized
cybercrime. 4 Marks
d) Discuss how mobile-based social engineering is used to defraud people. 4 Marks
QUESTION FIVE [20 MARKS]
a) Discuss any three design principles for secure systems. 6Marks
b) Differentiate between the following:
(i) Trojan horse and rootkit 2 Marks
(ii) Virus and worm 2 Marks
(iii) cyber terrorist and suicide hacker. 2 Marks
c) What security issues arise from mobile App Stores? 4 Marks
d) State any four indications of system intrusions. 4 Marks

(Visited 161 times, 1 visits today)
Share this:

Written by