PROGRAMME: ICE
COURSE CODE: EIE 524
ASSIGNMENT
1.2 What is the difference between passive and active security threats?
Passive attacks have to do with eavesdropping on, or monitoring transmissions. Email, file
transfers, and client/server exchanges are examples of transmissions that can be monitored.
Active attacks include the modification of transmitted data and attempts to gain unauthorized
access to computer systems.
1.3 List and briefly define categories of active and passive security attacks.
Passive: Unauthorized Disclosure
Active:
- Deception
- Disruption
- Usurpation (An event that results in control of system services of functions by an
unauthorized entity)
- Denial of service
1.4 List and briefly define categories of security services.
Authentication - Services that checks if the end user is legitimate or performs peer entity
authentication and data origin authentication to check if the origin of data is legitimate.
Access Control – provides the protection against unauthorized use and modification of data
Data Confidentiality – provides data security from unknown unauthorized access.
Nonrepudiation – provides proof of origin and delivery of data so that both sender and
receiver cannot deny of the data transmission.
Availability Service – service that ensure that data and resources are available for authorized
end users.
Data Integrity
COURSE CODE: EIE 524
ASSIGNMENT
1.2 What is the difference between passive and active security threats?
Passive attacks have to do with eavesdropping on, or monitoring transmissions. Email, file
transfers, and client/server exchanges are examples of transmissions that can be monitored.
Active attacks include the modification of transmitted data and attempts to gain unauthorized
access to computer systems.
1.3 List and briefly define categories of active and passive security attacks.
Passive: Unauthorized Disclosure
Active:
- Deception
- Disruption
- Usurpation (An event that results in control of system services of functions by an
unauthorized entity)
- Denial of service
1.4 List and briefly define categories of security services.
Authentication - Services that checks if the end user is legitimate or performs peer entity
authentication and data origin authentication to check if the origin of data is legitimate.
Access Control – provides the protection against unauthorized use and modification of data
Data Confidentiality – provides data security from unknown unauthorized access.
Nonrepudiation – provides proof of origin and delivery of data so that both sender and
receiver cannot deny of the data transmission.
Availability Service – service that ensure that data and resources are available for authorized
end users.
Data Integrity
