Free Essay

Computer Security

In:

Submitted By cherries
Words 2608
Pages 11
Computer Security

Assignment 2
Solutions

ECE568, Winter 2011

Introduction
Answer the following questions.
When a word count restriction is given for a question, exceeding it will result in marks being deducted. If your answer is more than twice the maximum length, you will get zero for the question. Please include a word count for all your answers. We recommend that you use a utility like wc on ECF to count the number of words in your answer.
Your answers should be written in proper English, with full sentences. We reserve the right to deduct marks for poor English, unintelligible answers or illegible handwriting. All answers should be written in your own words - no copy-pasting! The completed assignments should be submitted in hardcopy during class on April 4, 2011.
Note that all written assignments should be done individually.

1

DES and differential cryptanalysis
Read http://securespeech.cs.cmu.edu/reports/coppersmith.pdf and answer the following questions:
1. Out of the 3 types of attacks an adversary can mount on a cryptographic algorithm, which ones does differential cryptanalysis utilize? [1 mark]
2. When was differential cryptanalysis first discovered? Which organization had knowledge of it at the time? [2 marks] 3. When did differential cryptanalysis first appear in public literature? List the title and the authors of the paper.
[2 marks]
4. What is an active S-box as described in the article? Why is it important to maximize the number of active
S-boxes? What property, discussed in class, does having the average number of active S-boxes per round be greater than 1 imply? [50 words] [10 marks]

1.1

Solution

1. Chosen Plaintext
2. 1974, IBM and the NSA
3. 1990, Eli Biham, Adi Shamir: Differential Cryptanalysis of DES-like Cryptosystems
4. An S-box is active in a round if the set of 6-bits that are input to the box are not all zero. Having the average number of S-boxes per round be greater than one implies that a large number of S-boxes will be active over the
16 rounds (as explained in the article). This means that there will be a large number of 1’s distributed over the rounds and as a result, any single S-box will cause other S-boxes to be active in later rounds. This implies that the cryptographic algorithm is likely to have good diffusion properties.

2

Rainbow tables

Read http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/ and answer the following questions:
1. Find pre-images the following MD5 hash values [4 marks]:
• dd458505749b2941217ddd59394240e8
• b83b444c23f3d9dd2ddaa82335097548
2. How much disk space is required to store a complete rainbow table for an ideal cryptographic hash function that has a hash value length of n bits? [1 mark]
3. How much disk space is required to store a complete rainbow table for the following hash functions? Use scientific notation and keep 3 significant figures. [4 marks]
Page 1 of 7

Computer Security

Assignment 2
Solutions

ECE568, Winter 2011

• MD5
• SHA-1
• SHA-256
• SHA-512
4. Given a complete rainbow table, what is the cost to perform a preimage attack? What is the probability of success? [2 marks]
5. Given a complete rainbow table, what is the cost to perform a collision attack? What is the probability of success? [2 marks]
6. Is the technique presented in the blog post still relevant in 2011? Justify. [20 words] [5 marks]
7. What is a simple to use defense against rainbow table based attacks? [20 words] [2 marks]

2.1

Solution

Because of the vague wording in this question, answers are provided for your benefit. The quesiton will not be graded.
1. The pre-images are as follows:
• md5(568) = dd458505749b2941217ddd59394240e8
• md5(penguins1) = b83b444c23f3d9dd2ddaa82335097548
2. Note that the question assumed that the rainbow table is a complete table of pre-images for every possible hash value (i.e. no reduction function). In practice, rainbow tables always have reduction functions to make storage for the pre-images feasible. In addition, rainbow tables are typically incomplete so not every hash value will have a pre-image in the table. Since the question implies that the rainbow table is complete, then there must be an entry for each hash value. The question doesn’t specify the size of an entry, so the answer is given as the number of entries in the table, which is just 2h ashs ize.
• MD5: 21 28 entries
• SHA-1: 21 60 entries
• SHA-256: 22 65 entries
• SHA-512: 25 12 entries
3. A pre-image attack requires one look up. Given a complete rainbow table, the probabiility is 100%.
4. A collision attack can be performed by generating a random string, computing the hash of the string and then doing a lookup into the table. The probability of success is also 100%.
5. The technique in the blog is not relevant given the wide availability of rainbow tables on the internet.
6. A simple defense is to salt your password so that the entries in a precomputed rainbow table are not valid.

3

Kerboros versus Public key infrastructure
1. What is the trusted third party called in Kerberos? Briefly describe its functions.[30 words] [5 marks]
2. What is the trusted thirs party called in PKI? Briefly describe its functions.[30 words] [5 marks]
3. Consider a DDOS attack on Kerboros’s central server. Which property of security (confidentiality, availability, integrity) has been violated from the user’s perspective? Explain. [2 marks]
4. Now consider a DDOS attack on a PKI’s central server. Which property of security has been violated from the user’s perspective? Explain. [2 marks]
Page 2 of 7

Computer Security

Assignment 2
Solutions

ECE568, Winter 2011

5. Consider a Kerboros system in which the central server has been silently compromised. Which property of security has been violated from the user’s perspective? Explain. [2 marks]
6. Consider a PKI system in which the central server has been silently compromised. Which property of security has been violated from the user’s perspective? Explain. [2 marks]

3.1

Solution

1. The trusted third party can be called the Key Distribution Center, or Authentication Server and Ticket Granting
Server, which make up the former.
2. A (Root) Certificate Authority.
3. Availability, when the central server is not available, then the user cannot access any resources.
4. None, unavailability of the CA just means new keys cannot be certified. However, existing users with keys are not affected.
5. Confidentiality and/or integrity. Compromising the server means the adversary can eavesdrop on all connections as well as forge new connections.
6. Confidentiality and/or integrity depending on what the certified keys are used for. Confidentiality if they are encryption keys. Integrity if they are signing keys.

4

Public Key Encryption
An alternative public key scheme, based on Diffie-Hellman works as follows:
• Alice selects a large prime number p and a generator g for the field defined by modp. Alice randomly selects a value x, 1 ≤ x ≤ p − 2 and computes g x modp. The tuple {p, g, g x } becomes Alice’s public key, and x is Alice’s private key.
• Bob, who wants to send Alice a message m, get’s Alice’s public key through some certfied method. To encrypt m, he randomly selects a value y, 1 ≤ y ≤ p − 2 and computes A = g y modp and B = m · (g x )y modp and sends
{A,B} to Alice.
• Alice can recover m by computing B/Ax modp

Answer the following questions:
1. Is this scheme secure? If so, what difficult problem must the adversary solve to recover m without Alice’s private key? Explain. [40 words] [4 marks]
2. Why are x and y restricted to the given range? What is wrong with using x, y = 0 or x, y = p − 1? [20 words]
[2 marks]
3. Suppose Bob is lazy and does not use a true random number generator. What weaknesses are introduced if y is not secret? What if the same y is used to encrypt multiple messages? [50 words] [6 marks]
4. How does this scheme compare to RSA in terms of computational requirements for Bob? Assume the same size modulus/key length is used for both. Explain. [20 words] [5 marks]
5. How does this scheme compare to RSA in space requirements for transmitting the encrypted mesage? Assume the same size modulus/key length is used for both. Explain. [20 words] [5 marks]

Page 3 of 7

Computer Security

4.1

Assignment 2
Solutions

ECE568, Winter 2011

Solution

1. The scheme is as secure as Diffie-Hellman. Alice can recover m because she knows the value of x. To do the same, the adversary must recove x, which means thata he must be able to perform discrete log. Discrete log is a problem believed to be computationally hard.
2. x = 0 is not defined in the field of p, i.e. g 0 modp is not permitted. x = p − 1 means that g x modp = 1 via fermat’s little theorem. Thus, the adversary will be able to easily deduce the value of x.
3. By using the same y for several messages, this means that A = g y modp will be the same for all of those messages. Say we have two messages m and m , which encrypt to B and B respectively and the same y is used for both encryptions. Then we can see that m = B/Ax and m = B /Ax or Ax = B /ma . Subsituting this back into the first equation we can recover m = B · m /B .
4. This scheme has roughly double the computational requirements as RSA since it requires two exponentiations, one for A and one for B.
5. This scheme has roughly twice the space requirements since two values of size p must be sent as part of the cipher text.

5

Information Flow Models
Given the following relationships between security categories and levels, answer the questions below:
• Confidentiality levels: T S > S.
• Confidentiality categories: CA , CB , CC .
• Integrity levels: C > N C.
• Subjects:
– SA : (T S, {CA , CB }), N C
– SB : (S, {CC }), N C
– SC : (S, {CA , CC }), C
• Objects:
– OA : (T S, {ø}), N C
– OB : (T S, {CA , CC }), N C
– OC : (S, {CC }), C
1. Ignore the integrity information and list the objects each subject can read and/or write using the Bell-LaPadula
Policy. [6 marks]
2. Ignore the confidentiality information and list the objects each subject can read and/or write using the Biba
Policy. [6 marks]
3. Suppose both confidentiaility and integrity access controls are active simultaneously. Indicate which subjects are then able to access which objects for both read and/or write. [6 marks]

Page 4 of 7

Computer Security

5.1

Assignment 2
Solutions

ECE568, Winter 2011

Solution

Note that the original question was phrased assuming Lipner’s policy, which has integrity categories. However, Lipner’s is no longer covered in the course and we use Biba that does not have integrity categories. Thus, the question will be graded without taking integrity categories into account.
1. Bell-Lapadula:
• SA : Read = {OA }, W rite = {ø}
• SB : Read = {OC }, W rite = {OB , OC }
• SC : Read = {OC }, W rite = {OB }
2. Biba:
• SA : Read = {OA , OB , OC }, W rite = {OA , OB }
• SB : Read = {OA , OB , OC }, W rite = {OA , OB }
• SC : Read = {OC }, W rite = {OA , OB , OC }
3. Combined:
• SA : Read = {OA , }, W rite = {ø}
• SB : Read = {OC }, W rite = {OB }
• SC : Read = {OC }, W rite = {OB }

6

Multi-factor authentication

Bob recently signed up for telephone banking. He was given a dongle which works in conjunction with his PIN.
Answer the following questions.
1. Briefly explain how this security scheme should work.[50 words] [5 marks]
2. Is this scheme secure against theft of the dongle? Explain. [20 words] [5 marks]
3. If the telephone company guarantees that all phone lines are free from eavsdropping, does this eliminate the need for the dongle? Explain. [20 words] [5 marks]
4. List all the cryptographic primitives used in this scheme. Clearly identify which ones reside in the dongle and which ones reside on the bank’s servers.[20 words] [2 marks]
5. There is a serial number on each dongle. What purpose does this serve? [10 works] [1 mark]
6. Does this serial number need to be randomly generated? Does this serial number need to be kept secret by
Bob? Explain. [30 words] [5 marks]
Page 5 of 7

Computer Security

6.1

Assignment 2
Solutions

ECE568, Winter 2011

Solution

1. The security token contains a secret key that is used to run a stream cipher continuously. Since the the server share the same stream cipher and the same secret key, the output of the stream cipher is identical and thus can be used as a shared secret between Bob and the Bank.
2. Yes, if the security token is lost or stolen Bob simply needs to report the loss and the bank will assign him a new one. With multi-factor authentication the compromise of a single factor does not compromise the entire system. 3. Yes, security token, along with Bob’s PIN number helps to authenticate Bob as Bob. Even if a secure channel exists the bank has no way of verifying the person using the secure channel is indeed Bob.
4. A stream cipher is used in this scheme. The same cipher is used on both the security token and the authentication server.
5. The serial number serves to identify the secret stream cipher key of each authentication token.
6. The serial number does not need to be random as it reveals no information about the key (which shoudl be random). It merely serves as an identifier so it only needs to be unique. As a result, it also does not need to be kept secret. It servers no purpose after the token has been activiated.

7

Web Security
1. Explain the same origin policy. What attacks does it prevent?[40 words] [5 marks]
2. What are drive-by downloads? What are some defenses against it?[30 words] [5 marks]

7.1

Solution

• The same origin policy allow scripts originating from the same site to interact with each other and the site contents, but prevents them from accessing contents and scripts originating from other sites. It prevents attacks that aim to steal private user information.
• Drive-by downloads is a category of attacks that download malicious files unto a user’s computer without consent. Drive-by download attacks either exploit unpatched browser vulnerabilities, or trick the user into clicking on a malicious link. The best defenses are to keep the browser up to date, use a pop-up blocker, and avoid visiting suspicious sites.

8

Covert Channels

Acme Corporation ships a proprietary web browser that contains a back-door which ”phones home” periodically with private user information. Unfortunately for Acme, a group of security researchers discovered all the covert channels used in their malicious browser. The covert channels used were:
• Altering inter-packet timing
• Encoding data in the packet size
• Encoding data in the HTTP header
• Changing the browser User-Agent
• Sending extraneously packets
Now Acme hired you to fix their mistakes. Suggest 2 new covert channel schemes.[50 words] [10 marks]

Page 6 of 7

Computer Security

8.1

Assignment 2
Solutions

Solution

• Some possible alternatives are:
– Encoding data in the TCP Initial Sequence Number field
– Encoding data in the size of the TCP window
– Re-order the sequence in which images are requested from the web server
– Encoding data in the HTTP header only within SSL sessions
– Modulate the transfer speed of the browser’s download manager

Page 7 of 7

ECE568, Winter 2011

Similar Documents

Premium Essay

Computer Security

...will give Richman Investments the leverage to make decision based on the employees conduct. We must insure we hire good trustworthy candidates for the job that will not violate the policies set before them. Word of mouth is another way that information leaks to outside agencies. Users should not be allowed to bring in their own media data without signed approval from the IT department. The users should also be limited access to the sensitive information based on their job descriptions. Workstation Domain is a part of the protection that needs to be kept up to date and mentioned in the AUP. Allowing a computer without the most current updates and patches could be a harmful. New threats have come along and need the newest updates to keep from allowing Viruses, Malware, or Spyware from getting into our Internal Use Only documents. Leaving your desk with your computer unlocked leaves it open for unauthorized access . A simple control+alt +del with a password protection would prevent this from taking place. Home media (CD’s, DVD’s, and USB’s) are great to have and should be used just not at work without proper authorization. These can carry small backdoors and leave our system open to attacks. One of the...

Words: 465 - Pages: 2

Premium Essay

Computer Security

...Computer Security Protecting Your Computer System Do’s and Don’ts Abstract This paper explores the computer security process of preventing and detecting unauthorized use of computers. I will also discuss: A. The prevention measures (do’s and don’ts) to help you stop unauthorized users (also known as “intruders”) from accessing any part of your computer system. B. Detections methods that help you to determine whether or not someone attempted to break into your system; a. If an attack was successful b. If so, what they may have done.   Computer Security Protecting Your Computer System Do’s and Don’ts We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications “top secret,” you probably do not want strangers reading your email, using your computer to attack other systems, sending forged emails from your computer, or examining personal information stored on your computer (such as financial statements). Intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems. Once an intruder takes control of your computer, they have the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have...

Words: 1909 - Pages: 8

Premium Essay

Computer Security

...TITLE: PERSONAL NETWORK SECURITY INTRODUCTION: Computer security is the process of detecting unauthorised use of your computer or PC . As the old saying goes “prevention is better than cure” , going by this we realise that if we learn about the possible loopholes in the security we can prevent it in the first place. But the big question is 'why should i care about my computer security?' . We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs.Although we may not consider our communiction a 'top secret' ,but you dont want others to eavesdrop on you conversations, read your mails, use your computer to attack others system , send forged mails from your computer to others or check the stuff from your computer hard drive. There are many people who whould want to break into you computer system they are generally known as hackers or crackers . More often they do this because they want to launch an attack on some computer system through your computer and other times it is done by some teenage kid who want to showcase his skills and feel proud of himself and maybe even gain some limelight. If your computer is connected to the internet then you dont need some hacker to personally attack your system . There are thousand of computer programs to do this job on the net. Even if you use your internet just to check your e-mails you could still be a huge target for attackers. Is it easy to break into my...

Words: 1142 - Pages: 5

Premium Essay

Computer Security

...appropriate behavior in order to avert the cybercrime. Many of these policies are just adopted, but till many companies find it necessary to be tailored so that it is tailored to an organization security needs and most till need to be updated to reflect ever changing impact of the cyberspace transactions in everyday activities. Like all company document, cyberspace follows good design and various format in order to make the document not be vague and follow government policies on security design. These policies also need to be reviewed regularly to ensure that they conform to the business needs that are ever changing gin the business environment. The following are the major items involved in the cybercrime plan actions. 1. Establish security roles and responsibilities Establishing security roles and responsibility in a company is one step towards combating cybercrime. The policies should clearly define the separation of roles with responsibility depending on the system in place. This means that a system will be designed on role based control which might not be well utilized when the procedures and policies are not well defined. The extend of employees can go with a system should show how much they can access in the system and the policies should be maintained at minimum. This means that: The security procedure clearly identifies data ownership in the company and employee roles are well defined. The employees should not inherit privileges from other users. This means that necessary roles...

Words: 2072 - Pages: 9

Premium Essay

Computer Security

...Computer Security Victoria M. Deardorff Brevard Community College April 10, 2012 This paper is written as a basic overview of computer security for the non-technical user. This paper is meant to educate the reader on practical steps that can be implemented to secure their home-based computers. Additionally, the reader will be informed of industry and government needs for and methods of computer security. With this information, the reader should gain a better understanding of why agencies and companies have their rules and regulations pertaining to computer security. What do you think when you read or hear the words “computer security”? The word security implies freedom from risk, danger, doubt, anxiety, or fear and invokes a feeling of safety and confidence. As security relates to our computers, you may immediately ask yourself if you have done everything possible to guard your personal computer as well as the information stored on that computer. Also, you may think about the companies with which you do business and ask the same question; have they done everything possible to protect my personal information? The world of computer security or information security, as it is sometimes called, continues to evolve as consumers expand the use of computer systems. “The story of network attacks, bugs, viruses, and criminal actions stretches as far as the computer industry itself. One of the first bugs to develop in a computer system was precisely that: a moth was found...

Words: 1938 - Pages: 8

Premium Essay

Computer Security

...Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. Wikipedia says, "Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms." Computer Security is concerned with the risks related to computer use, and ensures the availability, integrity and confidentiality of information managed by the computer system, permitting authorized users to carry out legitimate and useful tasks within a secure computing environment. ---Information security and computer systems are closely tied entities, these fields are interrelated and share ...

Words: 314 - Pages: 2

Premium Essay

Computer Security

...NAME: COMPUTER SECURITY COURSE CODE: CSC3207 Instructions: Answer all questions. Duration: 1hour. Date sat. 15th April 2012 Test is out of 40marks. 1. Is magnetic media safe for data storage? Elaborate on your answer. 6mks NO. - It is volatile. - A lot of vigilance is required (no exposure to heat, sun light etc) - Forensics (data recovery tools undermine some operations like delete) YES, if care and precautions are adhered to. (state those precautions here) 2. State two technical challenges of the FLASH architecture 5mks -The number of read/write cycles -The power MUST-BE-ON requirement - Erasure failures Read page 414 of “Hardware Based Security” 3. A good security practice is to continuously review and appropriately modify misuse case presentations of a system. What approaches would you consider to maintain an up-to-date misuse case presentation for a given system? 6mks Consider using a team for periodical review and analysis and different design and implementation sections of the system. - Periodically review the existing use-case based on the pre-existing knowledge base. - Brainstorm on the basis of existing system resources and identify representative risks. - Redefining the use-cases and mis-use cases incase of new threats Sources of information here include - Audit logs and security checks ...

Words: 376 - Pages: 2

Free Essay

Computer Security

...Contents 1.1) Computer threats categories 2 This attack covers: 2 2.) Bob signs up for internet banking. 3 2.1) how the security scheme works 3 2.2) is it secure against dongle theft 3 2.3) if safe from eavesdropping, does this eliminate need for dongle 3 2.4) the cryptographic primitives used 3 2.5) purpose of the serial number 3 2.6) does the serial number need to be randomly generated 3 Computer security and protecting our systems 4 Bibliography 5 Question 1 1.1) Computer threats categories This attack covers: i) Deliberate acts are the main threat category for this type of attack because the hacker is deliberately trying to cause harm. It also deliberates acts of espionage or trespass; deliberate acts of sabotage or vandalism; and deliberate acts of theft. ii) Compromises to intellectual property – copying of files, defacing the web page, and stealing credit card numbers iii) Technical failures. For instance, if part of the organizations software has an unknown trap door, then this type of hacker attack could occur. iv) The final category is management failure. This hacker attack could happen if management were to have a lack of sufficient planning and foresight to anticipate the technology need for evolving business requirements. Question 2 2.) Bob signs up for internet banking. 2.1) how the security scheme works The security token contains a secret key that is used...

Words: 898 - Pages: 4

Premium Essay

Computer Security

...Computer Network Security Alternatives Computer network security and integrity is a large concern among all types and sizes of companies. The options for solving security risks are as varied as the companies themselves. However, it is possible to break down the methods for dealing with security risks into three major categories. Companies have the option to: 1. Select best of breed products for their various security needs and assemble the products together to form their own customized solutions. 2. Purchase a security suite that contains security products that will address their various security needs. 3. Outsource security to another company rather than handle it internally. This paper will summarize primary research conducted by Kang-hun Lee, Yonghoon Choi, Mike Loveridge, Tom Gonzales and David Linford over a three month period to determine market trends in the security software industry. A survey instrument was prepared to capture the following data. 1. What do companies consider threats to their network environment? 2. What preferences do they have regarding specific security services? 3. What sort of security option do they prefer when choosing between: best of breed, suites or outsourcing. Findings and analysis Once the data were collected, we were able to organize and analyze the results. This section will both specify the analytical procedures we used as well as report on the findings. There are three (will be more when other...

Words: 766 - Pages: 4

Premium Essay

Computer Security

...CHAPTER 3 CO M P U TE R A N D I NT E R N E T C R IME QUOTE In view of all the deadly computer viruses that have been spreading lately, Weekend Update would like to remind you: when you link up to another computer, you’re linking up to every computer that that computer has ever linked up to. —Dennis Miller, Saturday Night Live, U.S. television show VIGNETTE Treatment of Sasser Worm Author Sends Wrong Message Unleashed in April 2004, the Sasser worm hit IT systems around the world hard and fast. Unlike most computer viruses before it, the Sasser worm didn’t spread through e-mail, but moved undetected across the Internet from computer to computer. It exploited a weakness in Microsoft Windows XP and Windows 2000 operating systems. By the first weekend in May, American Express, the Associated Press, the British Coast Guard, universities, and hospitals reported that the Sasser worm had swamped their systems. Computer troubles led Delta Airlines to cancel 40 flights and delay many others. Microsoft quickly posted a $250,000 reward, and by mid-May, authorities apprehended Sven Jaschen, a German teenager. Jaschen confessed and was convicted after a three-day trial. Jaschen could have received up to five years in prison, but because he was tried as a minor, the court suspended his 21-month sentence, leaving him with only 30 hours of community service. Copyright © 2007 by Thomson Course Technology. All rights reserved. This publication is protected by federal copyright...

Words: 18526 - Pages: 75

Premium Essay

Computer Security

...Computer Security Careers Blake Eubank Harrisburg Community College 1 A. After going to http://www.giac.org I learned it is a great place to get certified in more than 20 different specialized information security areas. It targets specific skills sets rather than generalizing. They offer more disciplines and focus on the skills required to master specific jobs. (Northcutt, 2011) The Information Systems Security Association (ISSA) is a non-profit organization which provides forums, education, and publications for its security professional members. The main goal of ISSA is to promote leadership which will ensure confidentiality, integrity, and availability of information resources. Members include all levels of security professionals in a variety of different fields including government, public, and private sectors. (ISSA.org. 2011) Technology in Action doesn’t really cover computer security careers, it does reference the Information Systems Security Association web site on page 469 but no further discussion can be found in the text. (Evans, 2011) B. On the Helium web site author Chris Stubbs explains that one of the basic skills needed for any computer user is the ability to type. (Stubbs, 2009) In my opinion you don’t have to be able to type fast you just need a working knowledge of the QWERTY keyboard. Dan Morrill on it.toolbox.com references network engineering skills as the third and sixth most important information security skills needed out of the top...

Words: 554 - Pages: 3

Premium Essay

Computer Security

...Discussion Questions - Unit 1 1. Consider the information stored on your personal computer. Do you, at this moment, have information stored in your computer that is critical to your personal life? If that information became compromised or lost, what effect would it have on you? (150 - 200 words) I do have personal information stored on my computer that is very critical to my personal life. My personal computer holds credit card numbers, bank account details, passwords, medical information, websites I have visited, personal family pictures, some private letters and all my business ideas. Basically my whole life is on my personal computer and if it fell into the wrong hands someone might use it to commit fraud against me. I will have to take action quickly to minimize the potential for the theft of my identity. I will have to close compromised credit card accounts immediately and put an initial fraud alert on my credit report. I will have to place new passwords on old and new accounts that I open. I think getting my personal information compromised would leave me very paranoid and I will be watching for signs that my information is being misused and I think at the end it will leave me feeling much violated. 2. What is a mission statement? What is a vision statement? What is a values statement? Why are they important? What do they contain? Provide an example of one of the three. (150 - 200 words) A mission statement is a clear definition of what an organization is, the...

Words: 651 - Pages: 3

Premium Essay

Computer Operation and Security

...8/31/14 Computer Operation and Security Task 1 AMI - 6 beeps AMI – BIOS cannot switch CPU into protected mode Phoenix - beep - pause - beep beep beep - pause - beep beep beep beep- pause - beep beep + 1-3-4-3 Phoenix – Test 512K base memory Task 2 Both hardware and software firewalls prevent unauthorized access and unauthorized use to the network. These firewalls ignore information that is not secured and comes from locations that are unknown and suspicious. Hardware firewalls can be stand-alone and/or in broadband routers. Hardware firewalls does not necessarily have to be configured and can protect all machines on a local network. Hardware firewalls examine packet headers by using a packet filter. Based on previously stored information and rules, the packet is then forwarded to its destination or dropped. Hardware firewalls determine whether the information packets are safe based on the ports and URL. 8/31/14 Software firewalls are installed on a specific computer as opposed to supporting a whole network. It protects against remote access to control your computer. It can also block the running of potentially unsafe applications on your computer. Software firewalls normally uses minimal system resources and runs in the background constantly to ensure protection for the computer. Software firewalls need to be kept up-to-date to ensure the best level of protection from newer viruses and malicious content. It is best to always test both hardware firewalls...

Words: 519 - Pages: 3

Premium Essay

Computer Security

...The term cybercrime became often term being heard by people nowadays. In the early world, it was not a big deal and still can be controlled. Unfortunately, when there is a tremendous increasing number of connected people and devices, it is a bigger risk there to be resolved. A rough definition for the term cybercrime is a crime which is influenced by some kind of computer or cyber aspect. To be more specific, it is a crime that has illegal activities through it by using computers or network or hardware devices as its primary medium for some commissions. The commissions depend on how huge the illegal activities are. There are lots of cases that the performers of the cybercrime gained millions or even billions from the activities that illegally conduct by them. Sounds so good to be a rich mankind? It won’t be long. Just remember, justice always strikes the best at the end. One of the facts to discuss about cybercrime that is highly appropriate to talk about is how it surpassed illegal drug trafficking as an instant criminal moneymaker. Apart from that, it is so surprising to know that somebody’s identity is stolen so quickly as fast as within only 3 seconds due to cybercrime. Besides that, for us to deeply concern, we need to realize that our unprotected PCs can become affected in a bad way and it takes only four minutes right after it connect to the internet. To those who never worried about these matters before, the moment you knew it, you should really be careful when you want...

Words: 1413 - Pages: 6

Premium Essay

Computer Systems Security

...Michael Anderson Principles of Info Security Professor Corey Jackson Outline In order for a company to be successful it needs to ensure that the security of its network is up to par and can protect the data from 2.0 Incident-Response Policy for Gem Infosys. |Gem Infosys Policy Sections | |1.0 |Identification of Incidents/Threats | | |Gem Infosys incident-response policy requires that every personnel including the Information Security Office (ISO), report suspicious| | |activity during system usage, or while conducting a proactive monitoring of the organization’s network and information system | | |activities (Yale University Policy, 2012; SANS Institute, 2001). Reports will be done via incident reporting system tickets which | | |shall be sent to the authorized individuals or departments. | | |Symptoms of Computer Security Incidents; | | |System alarm from incorporated intrusion detection tools | | |Unsuccessful login attempts ...

Words: 1040 - Pages: 5