计算机安全课后题

计算机安全课后习题答案含题目及答案中英文对照EdwardElric原理与实践1-1-计算机安全原理与实践课后习题答案第一章概述OverviewPe6-Pc4P1.1-Pe36-Pc24①Consideranautomatetellmachine(ATM)inwhichusersprovideapersonalidentificationnumber(PIN)andacardforaccountaccess.Giveexamplesofconfidentiality,integrity,andavailabilityrequirementsassociatedwiththesystemand,ineachcase,indicatethedegreeifimportanceiftherequirement.思考在自动柜员机（ATM）上，用户提供银行卡和个人标识码（PIN）用于账户访问。给出与系统相关的机密性、完整性和可用性要求的例子，并说明每种情况下的要求的重要性等级。答：Thesystemmustkeeppersonalidentificationnumbersconfidential,bothinthehostsystemandduringtransmissionforatransaction.Itmustprotecttheintegrityofaccountrecordsandofindividualtransactions.Availabilityofthehostsystemisimportanttotheeconomicwellbeingofthebank,butnottoitsfiduciaryresponsibility.Theavailabilityofindividualtellermachinesisoflessconcern.P1.5-P37-Pc25UseamatrixformattoshowtherelationshipbetweenX.800securityservicesandsecuritycorrespondtoservices.Eachcellinthematrixshouldbechecked,ornot,toindicatewhetherthecorrespondingmechanismisusedinprovidingthecorrespondingservice.使用矩阵形式来说明X.800安全服务和安全机制间的关系。矩阵的列对用安全机制，行对应安全服务。矩阵中的每一个单元用来表示是否有相应的机制提供对用的服务。①R：思考题；P：习题；Pe：英文书页码；Pc：中文书页码。-2-P1.6-P37-Pc25DrawamatrixsimilartothatfortheprecedingproblemthatshowstherelationshipbetweenX.800securityservicesandnetworksecurityattacks.画一个类似于上述问题的矩阵，给出X.800安全服务与网络安全攻击的关系。P1.7-P37-Pc25DrawamatrixsimilartothatfortheprecedingproblemthatshowstherelationshipbetweenX.800securitymechanismsandnetworksecurityattacks.画一个类似于上述问题的矩阵，给出X.800安全机制与网络安全攻击的关系。第六章入侵检测InstructionDetectionPe176-Pc116R6.10-Pe209-Pc138Whatisthedifferencebetweenadistributedhost-basedIDSandaNIDS?基于主机的分布式IDS和NIDS之间的区别是什么？答：ANIDSexaminespackettrafficdirectedtowardpotentiallyvulnerablecomputersystemsonanetwork.Ahost-basedsystemexaminesuserandsoftwareactivityonahost.AdistributedIDSisacollectionofhost-basedIDSsthatcooperate,butthefocusremainsonhostactivityratherthannetworkactivity.监测网络上流向潜在的易受攻击的计算机系统的数据包流量，而基于主机的IDS系统检测的是主机上的用户和软件活动-3-R6.11-Pe209-Pc138DescribethetypesofsensorsthatcanbeusedinaNIDS.描述可被用于NIDS的传感器类型。答：Aninlinesensorisinsertedintoanetworksegmentsothatthetrafficthatitismonitoringmustpassthroughthesensor.Apassivesensormonitorsacopyofnetworktraffic;theactualtrafficdoesnotpassthroughthedevice.内嵌传感器将被插入到网络段，以使正在监控的流量必须通过传感器。另一种是被动传感器，监控网络流量的备份，实际的流量并没有通过这个设备。R6.12-Pe209-Pc138WhatarepossiblelocationsforNIDSsensors?NIDS传感器可能的位置是什么？答：1.justinsidetheexternalfirewall;2.betweentheexternalfirewallandtheInternetorWAN;3.attheentrancetomajorbackbonenetworks;tosupportworkstationLANs.1.在外部防火墙之中2.在外部防火墙和以太网/网络之间3.在主要支柱网络的入口处，用来维护局域网。R6.13-Pe209-Pc138Whatisahoneypot?蜜罐的含义是什么？答：Honeypotsaredecoysystemsthataredesignedtolureapotentialattackerawayfromcriticalsystems.蜜罐是为了引诱潜在的攻击者原理关键系统而设计的障人耳目的系统。第七章恶意软件MaliciousSoftwarePe215-Pc142P7.1-Pe246-Pc163Whatistheroleifcompressionintheoperationifavirus?病毒执行过程中压缩的作用是什么？答：Avirusmayusecompressionsothattheinfectedprogramisexactlythesamelengthasanuninfectedversion.病毒在压缩可能使得被感染程序正好与未被感染时的长度想同。P7.2-Pe246-Pc163Whatistheroleofencryptionintheoperationofavirus?病毒执行过程中加密的作用是什么？答：Aportionofthevirus,generallycalledamutationengine,createsarandomencryptionkeytoencrypttheremainderofthevirus.Thekeyisstoredwiththevirus,andthemutationengineitselfisaltered.Whenaninfectedprogramisinvoked,thevirususesthestoredrandomkeytodecryptthevirus.Whenthevirusreplicates,adifferentrandomkeyisselected.先通过部分病毒代码生成一个随机的密钥，然后用密钥加密其余部分。密钥保存在病毒代码中。当被感染的程序执行时，先要使用这个随即密钥解密被加密的部分。再感染过程中，病毒会重新生成随即密钥。因为对每一个病毒实例都使用不同的密钥进行加密，所以在病毒代码很难找到用于模式匹配的固定字节。P7.3-Pe246-Pc163Whataretypicalphasesofoperationofavirusorworm?病毒或蠕虫执行过程中的典型阶段是什么？答：Adormantphase,apropagationphase,atriggeringphase,andanexecutionphaseP7.6-Pe246-Pc163Ingeneralterms,howdoesawormpropagate?在一般情况下，蠕虫是如何传播的？答：1.Searchforothersystemstoinfectbyexamininghosttablesorsimilarrepositoriesofremotesystemaddresses.2.Establishaconnectionwitharemotesystem.-4-3.Copyitselftotheremotesystemandcausethecopytoberun.1通过检查主机列表或者相似的远程系统地址库，来寻找要感染的系统。2与远程主机建立连接。3将自己复制到远程主机上，并使该拷贝运行。P7.8-Pe246-Pc163Whatisthedifferencebetweenabotandarootkit?bot和rootkit有什么不同？答：Abot(robot),alsoknownasazombieordrone,isaprogramthatsecretlytakesoveranotherInternet-attachedcomputerandthenusesthatcomputertolaunchattacksthataredifficulttotracetothebot'screator.Arootkitisasetofprogramsinstalledonasystemtomaintainadministrator(orroot)accesstothatsystem.Rootaccessprovidesaccesstoallthefunctionsandservicesoftheoperatingsystem.Therootkitaltersthehost'sstandardfunctionalityinamaliciousandstealthyway.第八章拒绝服务攻击DenialofServicePe249-Pc166R8.1-Pe271-Pc180Defineadenial-of-service(DoS)attack.试述拒绝服务（DoS）攻击的定义。答：Adenialofservice(DoS)attackisanactionthatpreventsorimpairstheauthorizeduseofnetworks,systems,orapplicationsbyexhaustingresourcessuchascentralprocessingunits(CPU),memory,bandwidth,anddiskspace.DoS是一种通过耗尽CPU、内存、快带以及磁盘空间等系统资源，来阻止或削弱对网络、系统或应用程序的授权使用的行为。R8.2-Pe271-Pc180Whattypesofresourcesaretargetedbysuchattacks?那些类型的资源被DoS攻击作为攻击目标？答：Resourcesthatcouldbeattackedincludeanylimitedresourcessuchas:networkbandwidth,systemresources,orapplicationresou