1. In this module, you learned that random numbers (or, at least, pseudorandom numbers) are essential in cryptography, but it is extremely difficult even for powerful hardware and software to generate them. Go online and conduct research on random number generators. What are the different uses of these tools besides cryptography? How do they work? Explain your answer using your own words in 2-3 paragraphs. 2. 11.1 List and briefly define three classes of intruders. 11.2 What are two common techniques used to protect a password file? 11.3 What are three benefits that can be provided by an intrusion detection system? 11.4 What is the difference between statistical anomaly detection and rule-based intrusion detection? 11.5 What metrics are useful for profile-based intrusion detection? 11.6 What is the difference between rule-based anomaly detection and rule-based penetration identification? 11.7 What is a honeypot? 11.8 What is a salt in the context of UNIX password management? 11.9 List and briefly define four techniques used to avoid guessable passwords.

1. Random number generators (RNGs) are essential in many areas besides cryptography. One common use of RNGs is in simulations and modeling, where random numbers are needed to generate realistic scenarios or outcomes. For example, in a weather simulation, random numbers can be used to represent variations in temperature or wind speed. RNGs are also used in gaming and gambling to ensure fairness and unpredictability. In these applications, RNGs generate random numbers that determine outcomes such as dice rolls or card shuffling.

There are different types of RNGs that work in different ways. One type is called a hardware RNG, which uses physical processes or phenomenon to generate random numbers. For example, a hardware RNG may use electrical noise, radioactive decay, or even atmospheric noise to generate random numbers. Another type is called a pseudorandom number generator (PRNG), which uses algorithms to generate numbers that appear random. These algorithms use a seed value as input and produce a sequence of numbers that appear random, but are actually deterministic. In other words, given the same seed value, a PRNG will produce the same sequence of numbers.

PRNGs are commonly used in software applications because they are easier to implement and faster than hardware RNGs. However, PRNGs have limitations in terms of their randomness. The quality of randomness depends on the seed value and the algorithm used, and if an attacker can predict the seed value, they can predict the sequence of numbers generated by the PRNG. This is why RNGs used in cryptography require strong randomness and are often implemented using a combination of hardware and software techniques to ensure high-quality random numbers.

In summary, random number generators have diverse applications beyond cryptography. They are used in simulations, gaming, and gambling to generate unpredictable outcomes. RNGs can be implemented as hardware or software-based, with hardware RNGs relying on physical processes to generate random numbers and software PRNGs using algorithms. While software PRNGs are more commonly used due to their ease of implementation, they have limitations in terms of their randomness and can be predictable if the seed value is known. Strong randomness is crucial for cryptographic applications, and RNGs used in cryptography often employ a combination of hardware and software techniques to generate high-quality random numbers.

2. 11.1 In the context of computer security, there are three main classes of intruders: 1) Masqueraders, 2) Misfeasors, and 3) Clandestine users. Masqueraders are individuals who pretend to be legitimate users by using stolen or spoofed credentials. They gain unauthorized access to a system by impersonating someone else. Misfeasors, on the other hand, are legitimate users who have access to a system but use it in an unauthorized or malicious way. For example, a misfeasor could abuse their privileges to steal sensitive data or disrupt system operations. Clandestine users, also known as covert users, are individuals who gain unauthorized access to a system without being detected. They often exploit vulnerabilities or backdoors to bypass security measures and remain hidden.

11.2 Two common techniques used to protect a password file are encryption and hashing. Encryption transforms the password file into a ciphertext using an encryption algorithm and a secret key. Only authorized users with the correct key can decrypt the ciphertext and obtain the original passwords. Hashing, on the other hand, applies a one-way function to the passwords, converting them into fixed-length hash values. These hash values are stored in the password file instead of the actual passwords. When a user enters their password, it is hashed and compared to the stored hash value. If the hashes match, the password is considered valid. Hashing is preferred over encryption for password storage because it is computationally inexpensive and irreversible.

11.3 Intrusion detection systems (IDSs) provide several benefits in detecting and preventing unauthorized access and attacks. First, IDSs can detect and alert administrators about potential security breaches or unexpected activities. They monitor network traffic, system logs, and other sources of information to identify patterns or anomalies that may indicate unauthorized access or malicious behavior. Second, IDSs can provide real-time monitoring and response capabilities. They can automatically respond to detected threats by blocking network traffic, terminating suspicious processes, or reconfiguring security settings. This can help prevent further damage or mitigate the impact of an attack. Third, IDSs can gather valuable information about the nature of attacks and the tools used by attackers. This information can be used to improve network and system security by patching vulnerabilities, updating security policies, or implementing additional security measures.

11.4 Statistical anomaly detection and rule-based intrusion detection are two approaches used in IDSs. Statistical anomaly detection involves establishing a baseline of normal behavior and then detecting deviations from that baseline. It uses statistical algorithms to analyze network traffic, system logs, or other sources of data and identify anomalies that may indicate an attack or unauthorized activity. Rule-based intrusion detection, on the other hand, uses predefined rules or signatures to detect known patterns of attacks. These rules are based on known attack patterns, vulnerabilities, or malicious behaviors. When network traffic or system events match these predefined rules, an alert is generated to notify the administrator. The difference between the two approaches lies in their detection methods. Statistical anomaly detection focuses on detecting deviations from normal behavior, while rule-based intrusion detection focuses on detecting known attack patterns or signatures.