O1` Valero Energy, Elkay Manufacturing, J&J, and Overstock.Com: the Move Toward Fact-Based Decision Making
In:
Submitted By stimunga Words 1010 Pages 5
ST.PAULS UNIVERSITY
FACULTY OF BUSINESS AND COMMUNICATION
DEPARTMENT: COMPUTER SCIENCE
UNIT CODE: BSC 3206
UNIT TITLE: COMPUTER SECURITY
TASK: ASSIGNMENT
STUDENT ADM: BSC/LMR/2065/15
1.Differentiate between symmetric and asymmetric encryption.
SYMMETRIC ENCRYPTION This is also referred to as Secret Key Encryption. In this type of encryption a secret word which could either be a number, word or string of characters is applied to the text of a message to change the content in a particular way such as shifting each letter by a number of places in the alphabet but both the sender and the receiver should know the secret key in order to encrypt and decrypt all messages that use this key. Symmetric Encryption is more efficient and is more efficiently used for bulk data encryption. Symmetric key encryption can use either stream ciphers which encrypt the digits of the message one at a time and block ciphers that take a number of bits and encrypt them as a single unit padding the plain text so that it is a multiple of the block used. Widely used symmetric key algorithms include Blowfish, Serpent, Advanced Encryption Standards (AES) and Data Encryption Standard (DES).
Disadvantages
-During exchange of secret keys over the internet while preventing them from falling into the wrong hands since anyone who knows the secret keys can decrypt.
ASYMMETRIC ENCRYPTION
There are two related keys. A public key used for encrypting and a private key used for decrypting .A public key is made freely available to anyone who might want to send a message and a second private key is kept secret so that only you know it. Any message that is encrypted by using the public key can only be decrypted by using the matching private key and any message encrypted using the private key can only be decrypted by using the pubic key .Asymmetric encryption is often used for secure key exchanges. Widely used asymmetric algorithms are RSA and DSA.
Disadvantages
-Asymmetric encryption is slower than symmetric encryption since it requires more processing power to both encrypt and decrypt the content of the message.
2. Discuss Intrusion Detection
This is the type of security management system for computers and networks. Intrusion Detection systems gather information and analyzes information from various areas within a computer or network to identify possible security breaches including intrusions that is attacks from outside and misuse. It uses vulnerability assessment (scanning) technology developed to assess the security of s computer system or network.
The Intrusion Detection system follows a two step process:
a. Host-based that is considered the passive components. It includes inspection of the system’s configuration files to detect inadvisable settings,
b. Network-based that is considered the active components where the mechanisms are set in place to reenact known methods of attack and record system responses.
Prevention involves implementation of mechanisms that users cannot override and that are trusted to be implemented in a correct, unalterable way so that the attackers cannot defeat the mechanism. Simple preventative mechanisms such as password aim to prevent unauthorized users from accessing the system. Preventative mechanisms prevent compromise of parts of the system, once in place the resource protected by the mechanisms need not to be monitored for security problems.
3. Describe the following Access Control Mechanisms
a)Bell Lapadula
This model prevents the unauthorized disclosure of information .It was developed by David Elliot Bell and Leonard J. Lapadula. This model is a multilevel security system used by the US military and government which uses classification levels in conjunction with a user’s security clearance level in order to prevent information from being leaked or mishandled.
It is a multi-level security system in that multiple users with different clearance levels can access the same system.
It has classification levels rated lowest to highest.
SUBJECT (Security Clearance) OBJECT (Security Classification)
TOP SECRET (TS) User 2& 4 Personnel Files
SECRET(S) User 3&1 Electronic Mail Files
CONFIDENTIAL(C) User 6&7 Activity Log Files
UNCLASSIFIED (UC) User 8,9,10 Telephone List Files
The people I trust with my personnel files and electronic mail files must have a clearance level to have access to important information. An object can be a file or data resource on a system that does nothing without interaction ,it has a security classification for example the security classification of Activity Log Files is CONFIDENTIAL(C).A subject is the user of the object and has a security clearance ;User 3 ‘s security clearance is SECRET.
The goal of the Bell Lapadula security Model is to prevent read access to objects at a security classification higher than the subject’s clearance.
Simple Security rule states that a subject cannot read an object with a higher classification level than the subject’s clearance level. For example User 6 and 7 cannot read personnel files but user 2 and 4 can read Activity Log Files, meaning with the Simple Security rule you can only read at your level of comprehension and lower.
Star Property Rule states that a subject cannot write to a lower classification .Foe example because the activity log files are classified C and user 4 has clearance of TS, the user cannot write to the activity log files.
Strong Star Property rule states that a subject can read and write to an object if they share the same clearance level.
b)Chinese Wall Model
This is a model of a security policy that refers equally to confidentiality and integrity. Its idea stems from the ability to read or write information .In that you are able to access any information you want from any company but once you access that information you are no longer allowed to access information from another company within that class of companies.
An object is the lowest level of the chart and can be any information related to a company.
A company dataset (CD) contains objects related to a single company.
A conflict of Interest (COI) contains datasets of companies in competition.
References
Computer Security Art And Science Matt Bishop