exercises

profilejrsmith91
exercises.docx

Chapter 1: Exercises 1, 2, 4

Exercise 1: Assume that a security model is needed to protect information used in the class you are taking—say, the information in your course’s learning management system. Use the CNSS model to identify each of the 27 cells needed for complete information protection. Write a brief statement that explains how you would address the components represented in each of the 27 cells.

Answer: The information in the class can be present on the blackboard which could be the subject names, subject courses along with the description and presentation slide for each and every subject. The users can access the blackboard using their authenticated name and password unknown to others. We can use CNSS security model to manage the security of the information related to students in order to ensure the following:

1) Confidentiality: It means that information is accessed by only authenticates users and no unknown users can access it. This can be achieved by using individual username and password for a blackboard which unique for every student and this will ensure only the students can log in to their own accounts and access the information related to the subjects.

2) Integrity: Data should be consistent and accurate and should not be modified. The information required by the student like presentation slides, the last year examinations questions etc should be as it is the way it is loads into the systems and should not be modified by any means during its passage from system to the user.

3) Availability: Data should be available as and when it is required. Student can just login and request any information like subject content study material etc. and this should be available as soon as the user press enters depending on the kind of information he/she needs but only to the person who has the username and password belonging to the account.

4) Storage: The data should be present in the memory storage and a backup needs to be created so that if it gets deleted we can restore it .The data is easily accessible from the memory and once the student wants any information he can directly get it as data is stored on the memory of the internet database easily accessible by the unique student.

5) Transmission: The data transmission from the database to the user should be done properly without any changes to the information. It should be fast and smooth so that user gets results in the shortest possible time.

6) Processing: The processing maybe needed by student to calculate their percentage or find out the highest marks. These are supported by this model as it helps in performing calculations the way student wants.

Exercise 2: Consider the information stored in your personal computer. Do you currently have information stored in your computer that is critical to your personal life? If that information became compromised or lost, what effect would it have on you?

Answer: In the context of the given question, yes I do have sensitive information saved on my computer like my financial statements, bank transaction records, passwords and some important office files which if stolen can be a risk to my privacy. This can be an easy access for the hacker to enter into my personal life and cause damage. My personal computer holds credit card numbers, bank account details, passwords, medical information, websites I have visited, personal family pictures, some private letters and all my business ideas. Basically my whole life is on my personal computer and if it fell into the wrong hands someone might use it to commit fraud against me. I will have to take action quickly to minimize the potential for the theft of my identity. I will have to close compromised credit card accounts immediately and put an initial fraud alert on my credit report. I will have to place new passwords on old and new accounts that I open. I think getting my personal information compromised would leave me very paranoid and I will be watching for signs that my information is being misused and I think at the end it will leave me feeling much violated.

Exercise 4: Search the Web for “The Official Phreaker’s Manual.” What information might help a security administrator to protect a communications system?

Answer: The Official Phreaker’s Manual before I discuss the information that might help a security administrator to protect a communications system I want to explain the word Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. Since Phone phreaking is the act of using mischievous and mostly illegal methods to avoid paying for a telecommunications invoice, order, transfer, or other service. It often involves usage of illegal boxes and machines to defeat security that is set up to avoid such tactics. This security includes “blocking networks”—networks that under certain conditions may be unable to form a transmission path from one end to the other. In general, all networks used within the Bell Systems are of the blocking type. Security administrators could benefit from studying “The Official Phreaker’s Manual” because it could allow them to better protect their communications systems. From the system administrator’s point of view, this information could reveal many common ways of finding loopholes and alternate methods around communications system security measures. The manual could also help system administrators use different approaches in implementing a more extensive security program