ISS610S Theory Test 16 March 2018

Student number: ________________________________

Name: ________________________________

Time: 50 minutes Total marks: 35

Instructions
1. Switch off your cell phone
2. Answer all questions
3. Consider the scenario when answering questions

Scenario
During the 2008 U.S presidential campaign, vice presidential candidate Sarah Palin’s personal
email account was hacked. Contents of email messages and Palin’s contact list were posted
on a public bulletin board. Governor Palin’s email account was gov.palin@yahoo.com. The
account ID was well known because of news reports of an earlier incident involving Palin’s
using her personal account for official state communications. The attacker pretended to be
Palin and claimed she had forgot her password. Yahoo asked Kernell (the 20-year-old who
was convicted of the crime) the security questions Palin had filed with Yahoo on opening the
account
• Birth date; (found on Wikipedia)
• Postcode; public knowledge
• Where she met her husband – part of her unofficial biography circulating during the
campaign
With those 3 answers Kernell was able to change her password to ‘popcorn’. From that point
on the real Palin could not access her own email account because she did not know the
password.

Questions
1. Kernell used reconnaissance to obtain information about Sarah Palin.
a. What is a reconnaissance attack? [1]
 Reconnaissance also known as information gathering is the unauthorized
discovery and mapping of systems, services, or vulnerabilities
b. In this case what type of reconnaissance attack was used [1]
Social engineering
c. Kernell impersonated Sarah Palin. The act of impersonating Sarah Palin was it a
threat or an attack on Sarah Palin. Explain your answer. [2]
it was a threat. Any sensible explanation - because impersonating Sarah had the
potential to harm Sarah. Without actually taking action just taking action there
is only potential to harm
d. Which security characteristics were violated when the emails were posted on a
public bulletin board. Explain your answer [4]
Confidentiality – because the emails and contacts were now available to
unauthorized people
Integrity – because the emails had been posted by an unauthorized person
e. Besides the security characteristics you mentioned in (1d). Mention 3 other IT
systems security characteristics. [3]
Availability, authentication, accountability
f. Could the attack on Sarah Palin’s email have escalated to a phishing attack?
Motivate your answer. [2]
Yes. Because the attacker could have simply sent a trick email to one of Sarah’
Contacts asking for sensitive info or ask them to visit dubious websites.
g. What is a phishing email [1]
An email message that tries to trick the recipient into disclosing private
data or taking an unsafe action

2. The attack on Sarah Palin’s email was carried out using a web browser. In this case Yahoo
failed to validate the Identity supplied and the correct person.
a. Which authentication mechanism was used by Sarah to gain access to her email
account? [1]
What you know
b. What other authentication mechanisms are available? [2]
What you are, what you have
c. Could the use of biometrics have improved the authentication process? [3]
Yes, because the attacker might have been asked for a scan of any biometric
(fingerprint, iris, so on) and it would have failed because they do not have the
same biometrics as Sarah
d. Tokens can also be used for authentication. What is the difference between a
static and a dynamic token? [2]
A static tokens remain fixed whereas the values of a dynamic token changes.
e. Explain how the use of an dynamic token could have deterred the attack on Sarah
Palin’s Email [2]
 If Sarah had been using a dynamic token when the password was being changed
she would have been asked to provide the value on the token and she would
have been alerted to the fact that someone was trying to change her password.
The attacker would not have been successful because he would have had no
access to the dynamic token.

3.
a. Explain the difference between a virus and a worm [3]
Viruses need user intervention to spread while a worm spreads on its own.
Worms exploit vulnerabilities in networks to spread – while viruses spread laterally on
the system
b. Is a worm a threat to your network or a vulnerability [2]
A worm is a threat to your network because it has the potential to cause harm

4.
a. One function of an intrusion detection is to audit system configuration for
vulnerabilities and misconfigurations. What will be the result of such an audit?
[2]
A report on whether controls are resulting in misconfigurations and
vulnerabilities. Or none if there is nothing to report

b. Which of pattern based or heuristic IDS would be able to carry out the audit in
(4a)? [2]
Pattern based because it would be able to identify when patterns are not
followed in terms of how the system should be configured. Or heuristic would
work because it can also build a normal pattern on system configurations .
c. How would you protect an IDS from network attacks [2]
By deploying it in stealth mode, this means it will no longer be visible to the
attacker