CH13R2: Describe four types of secrecy practiced by enterprises.
CH13R5: Give two examples of social engineering attacks.
CH13R11: Briefly describe five different types of security audits.
CH14R7: Describe how Diffie-Hellman and RSA are used to share a secret on a network.
CH14R10: Explain how the different IPSec modes apply encryption either above or below the IP layer.
Question: CH13R2: Describe four types of secrecy practiced by enterprises. CH13R5: Give two examples of soc……
Expert Answer
answers
a) the secrecy of an organization comes under 4 categories: trade secrets, obligations, secrecy culture and publicity.
Don't use plagiarized sources. Get Your Custom Essay on
Question: CH13R2: Describe four types of secrecy practiced by enterprises. CH13R5: Give two examples of soc……
Get an essay WRITTEN FOR YOU, Plagiarism free, and by an EXPERT!
- Trade secrecy: – this happens when company keeps certain information a secret which may give their competitor an advantage in the market.
- Obligation: – when the company has legal or contractual obligation in order to keep certain information as secrets or any other information that can cause harm to the organization.
- Secrecy culture: – when the organization tends to keep their internal activities as secrets.
- Publicity: – it means the organization withholds the information from the public.
b) Two example of social engineering attacks:
- Phishing: -this is a common type of social engineering attack which recreates the website or a portal of some renowned organization and send the link to targets with the help of social media platforms or emails.
- Pretexting: this is another attack that is based on a scripted scenario which is presented in front of the target and used to extract PII or any other information.
c) 5 types of security audits:
- Information security audits: this reviews the control over software development, access to computer system and even data processing.
- Operational security audits: this gives a detailed analysis of goals, procedures, planning processes regarding the business strategy of an organization.
- Financial Audits: this analysis is related to the information entered in the financial statement and this audit also looks at whether the bank details of the employees are genuine or not.
- Compliance audit: in this audit the outside party verifies whether the enterprise is following particular procedures or not.
- Network security audit: this audit looks at the network security of an organization and checks the loopholes present in the network.
d) Both RSA and Diffie-Hellman are effective in sharing the secret key over the network. In case of Diffie-Hellman both the user needs to create and share their public keys over the network. But in case of RSA, one user can easily encrypt the file and share it without generating any public key. Moreover, RSA uses different key every time they share something on the network. But in case of Hellman, it is mandatory for one of the users to share the new key pair in case they want a different shared secret.
e) within IPsec there are two general types of protection used:
- Authentication using Authentication Header
- Encapsulating using Encapsulating Security Payload
There are different formats for an IPSec packets. Even the authentication header can be omitted and ESP has different formats depending what needs to be archived. ESP provides two different modes for IPsec:
- Tunnel Mode: it is used in between gateways or even at the end station to the gateway. Moreover, the gateway is acted as a proxy for those hosts who are behind it. It is even used to encrypt traffic between secure IPsec gateways.
- Transport Mode: It is used in between end-station and a gateway, if the gateway is acted as a host. This mode is also used to setup an encrypted Telnet session.
