Network Security : IP Security & Malicious Software

 

Do the following review questions:

  • 9.1 Give examples of applications of IPsec.
  • 9.2 What services are provided by IPsec?
  • 9.3 What parameters identify an SA and what parameters characterize the nature of a particular SA?
  • 9.4 What is the difference between transport mode and tunnel mode?
  • 9.5 What is a replay attack?
  • 9.6 Why does ESP include a padding field?
  • 9.7 What are the basic approaches to bundling SAs?
  • 9.8 What are the roles of the Oakley key determination protocol and ISAKMP in IPsec?

 

  • 10.1 What are three broad mechanisms that malware can use to propagate?
  • 10.2 What are four broad categories of payloads that malware may carry?
  • 10.3 What are typical phases of operation of a virus or worm?
  • 10.4 What mechanisms can a virus use to conceal itself?
  • 10.5 What is the difference between machine-executable and macro viruses?
  • 10.6 What means can a worm use to access remote systems to propagate?
  • 10.7 What is a drive-by-download and how does it differ from a worm?
  • 10.8 What is a logic bomb?
  • 10.9 Differentiate among the following: a backdoor, a bot, a keylogger, spyware, and a rootkit? Can they all be present in the same malware?
  • 10.10 List some of the different levels in a system that a rootkit may use.
  • 10.11 Describe some malware countermeasure elements.
  • 10.12 List three places malware mitigation mechanisms may be located.
  • 10.13 Briefly describe the four generations of antivirus software.
  • 10.14 How does behavior-blocking software work?
  • 10.15 What is a distributed denial-of-service system?

Submit a Microsoft Word document