Unit 2 CONFIDENTIALITY POLICIES | Computer system security Important Question AKTU

In this Article, We are discussing for important questions in Unit 2 CONFIDENTIALITY POLICIES | Computer system security Important Question AKTU. Hope this Article will Help You & Best of Luck.

Dudes 🤔.. You want more useful details regarding this subject. Please keep in mind this as well.

Important Questions For Computer System Security: 
*Unit-01     *Unit-02    
*Unit-03    *Unit-04 
*Unit-05    *Short-Q/Ans
*Question-Paper with solution 21-22 

Q1. Define and explain the term confidentiality policy.

Ans.

• 1. A confidentiality policy is a security policy dealing only with confidentiality.
• 2. One of the components of privacy, which is a problem acknowledged in many government institutions’ legislation, is confidentiality.
• 3. It placed restrictions on what information could be legally gathered from people. The disclosure and use of that information are also subject to limitations.
• 4. Unauthorized disclosure can result in penalties that include jail or fines .
• 5. Confidentiality policies place no trust in objects.
• 6. Whether that object can be disclosed is determined by the policy statement. Nothing regarding whether or not to believe the object is stated.

Q2. Describe Mandatory Access Control (MAC).

Ans.

• 1. The operating system places restrictions on a subject’s ability to access or interact with an object using a type of access control known as mandatory access control (MAC).
• 2. The operating system (OS) or security kernel firmly enforces the MAC requirements, which are specified by the system administrator and cannot be changed by end users.
• 3.Each file system item is given a categorization label as part of mandatory access control’s operation. Confidential, Secret, and Top Secret are several classifications.
• 4. Each user and device on the system is assigned a similar classification and clearance level.
• 5. The OS or security kernel will evaluate the entity’s credentials when a person or device tries to access a particular resource to decide whether access will be granted.
• 6. MAC requires rigorous planning and ongoing monitoring to maintain all resource objects and user classifications up to date, despite being the most secure access control configuration possible.
• 7. Comparable to lower-level Discretionary Access Control (DAC), which permits individual resource owners to create their own rules and assign security constraints, MAC is the highest level of access control.

Q3. Describe confinement principle in brief .

Ans.

• 1. The confinement principle forbids a server from disclosing information that a service user deems private or confidential.
• 2. The confinement principle deals with preventing a process from taking disallowed actions.
• 3. Take a look at a client/server scenario: the client requests data from the server, which utilizes the data to complete the function and then delivers the results (data) back to the client.
• 4. In confinement principle, access control affects the function of the server in two ways:
  • a. Goal of service provider : The server must make sure that only resources that the client is authorized to access are included in the resources it accesses on their behalf.
  • b. Goal of the service user : The server must take care to prevent disclosing client data to any other entity that is not permitted to view client data.

Q4. Discuss confinement techniques in details.

Ans. Following are the various confinement techniques :

1. Chroot (change root) :

• a. On Unix operating systems, a chroot operation modifies the apparent root directory for the currently active process and any descendants it may have.
• b. Programs running in this altered environment are unable to access files outside of the specified directory tree. They are basically restricted to a directory tree as a result, giving them the nickname “chroot jail.”
• c. The goal is to establish a directory tree in which all the system files required for a process to execute can be copied or linked.
• d. Then, we start the process operating in that chrooted environment by changing the root directory to be at the base of this new tree using the chroot system function.
• e. It cannot read or write maliciously to those locations because it cannot really reference routes outside the modified root.

2. Jailkits :

• a. Jailkit is a collection of tools that uses chroot() or other particular commands to restrict user accounts to a set of files.
• b. Creating a chroot shell limits a shell to a single command and allows automation utilising its tools.
• c. Jailkit is a specialized tool that is developed with a focus on security.
• d. If the configuration is not secure, it will terminate safely and provide informative log messages that describe what went wrong to the system log.
• e. Jailkit is known to be used in network security appliances.

3. FreeBSD jail :

• a. Based on the Berkeley Software Distribution (BSD) edition of the Unix operating system, FreeBSD is a well-known free and open source operating system.
• b. It runs on processors such as the Pentium that are compatible with Intel’s x86.
• c. A Linux substitute that can run Linux applications is FreeBSD.
• d. System administrators can split a computer system built from FreeBSD into numerous separate small systems called jails, all sharing the same kernel, with very little overhead thanks to the jail mechanism, an implementation of FreeBSD’s OS-level virtualization.
• e. A small shared environment hosting company felt the need for the FreeBSD jails because they wanted to create a clean, distinct boundary between their own services and those of their clients, mostly for security and management simplicity.

4. System call interposition :

• a. System call interposition is a potent method for controlling and keeping track of programme behaviour.
• b. It enables security systems to keep track of every contact the application has with the file system, network, and other delicate system resources.

Q5. Discuss briefly the term rootkit.

Ans.

• 1. A rootkit is a type of computer programme that actively conceals its existence while continuing to grant privileged access to a machine.
• 2. A rootkit is a group of programmes that made it possible to log in as the administrator of a machine or network.
• 3. On Unix and Linux systems, the Admin account is referred to as “Root,” while “kit” refers to the software parts that make up the tool.
• 4.The majority of the time, RootKits are linked to malware like Trojans, worms, and viruses that hide their existence and behaviour from users and other system processes.
• 5. A rootkit enables us to keep control over a machine without the user or owner being aware of it.
• 6. The controller of a rootkit can remotely execute files and modify system settings on the host machine once it has been installed.
• 7. An infected computer’s rootkit can also access log files and track the activities of the genuine computer owner.
• 8. Rootkits can be detected using detection methods which include :
  • a. Behavioural-based methods
  • b. Signature scanning
  • c. Memory dump analysis

Q6. Explain the types of intrusion detection system.

Ans. Following are the types of intrusion detection system :

1. Network Intrusion Detection System (NIDS) :

• a. It is an independent platform that tracks numerous hosts and detects intrusions by looking at network traffic.
• b. It connects to a network hub, a network switch set up for port mirroring, or a network tap to obtain access to network traffic.
• c. Sensors are positioned in an NIDS at network choke points to monitor, frequently in the Demilitarized Zone (DMZ) or at network borders.
• d. All network traffic is observed by sensors, which examine each packet’s content for harmful activity.
• e. An example of a NIDS is Snort.

2. Host-based Intrusion Detection System (HIDS) :

• a. It consists of a host-based agent that monitors system calls, application logs, file-system updates, and other host actions and state to detect intrusions.
• b. Sensors in HIDS typically consist of a software agent.
• c. Intrusion detection systems can also be system-specific using custom tools and honeypots.
• d. IDS is described as an alarm system that is intended to find unwanted access in the context of physical building security.
• e. An example of a HIDS is OSSEC (Open source HIDS Security).

3. Perimeter Intrusion Detection System (PIDS) :

• a. detects and locates efforts to breach the perimeter barriers surrounding vital infrastructure.
• b. The PIDS monitors disturbances on the perimeter fence using electronics or more sophisticated fiber optic cable technology. If an intrusion is detected and recognised by the system as an intrusion attempt, an alarm is set off.

4. VM based Intrusion Detection System (VMIDS) :

• a. It detects intrusions using virtual machine monitoring.
• b. The Intrusion Detection System with Virtual Machine Monitoring can be deployed using this..
• c. It is the most recent type and it is still under development.
• d. Since we can monitor all activity with this, there is no need for a separate intrusion detection system.

Computer System Security Quantum, Syllabus, Important Questions

Computer System Security Quantum PDF: | AKTU Quantum PDF:

AKTU Important Links | Btech Syllabus

Important Links-Btech (AKTU)