Sample Final

1. A company designs and implements software. It needs a web site to sell its products, and needs to be able to forward email from external sources (such as customers) to the developers. But it is concerned about putting systems on the developers' network onto the Internet. They company hired a consultant, who recommended that the company design a network that included a DMZ.
   1. Please explain what a DMZ is.
   2. Why did the consultant recommend this?
2. Cathy is running a program on a Multics system. Her program tries to access data that Frances owns. The data has access bracket (4, 6).
   1. Cathy's program is running in ring 7, and Frances has set the access control list of her data to allow Cathy to read the data. Can Cathy's program read the data?
   2. Cathy's program is running in ring 5, and Frances has set the access control list of her data to allow Cathy to read and append to the data. Can Cathy's program append to the data?
   3. Cathy's program is running in ring 3, and Frances has set the access control list of her data to allow Cathy to write to the data. Can Cathy's program read the data?
3. Paul wants to send Anne a message containing a memo of 25 pages, written in English. He decides to use RSA. He plans to place a single letter into each block, filling the rest of the block with 0 bits. He will use very large primes; assume for this problem that the resulting modulus n cannot be factored. Is this a secure cipher? That is, do you think Evil Earl break it? Why or why not?
4. Define each of the following terms in one short sentence:
   1. capability list
   2. proxy firewall
   3. polymorphic virus
   4. Trojan horse
   5. anomaly detection