Assignment 4:
Select an attack, such as “Break into Instructor’s Lab Computer” or “Steal Credit Card Number from Online User” and then develop an attack tree for it (read Chapter 4). The tree should have at least four levels with three boxes on each level.
Break into Instructor’s Lab computer
The first approach that an individual may use to break into the instructor’s lab computer is through stealing the password, which forms level one of the breaking. In order to access the password, there is a need to go near the instructor’s computer or access password through some other person (level 3). In order to obtain the password, he or she would have to look over the shoulder to look at what the instructor is keying in, stealing from the office or manipulating the user to give out password (level 4). The individual can then break into the instructor’s lab computer.
The second approach involves someone defeating the security system of the computer (level 2). The individual can either use some experts to break into the system or exploit the software security hole in order to the components of the security system, forming level three of the attack tree. The third approach involves someone breaking into the instructor’s lab computer through using unattended computer that the instructor had initially logged on for the system (level 2). The individual can access the unattended computer by going to the lab when the instructor is absent or manipulating the instructor to let he or she use the computer (level 3).
The following diagram shows the attack tree for breaking into instructor’s lab consist of all the process someone may possibly follow:
Assignment 5:
First examine the security features that are available natively on that phone.
The Smartphone allows me to use a strong password geared to securing any information that maybe sensitive. Setting of passwords allows an individual to prevent access by unauthorized personalities. This reduces the risk of the third party stealing the Smartphone because it presents access only to the user. The Smartphone also presents the user with the opportunity to lock the phone’s screen when not in use. This enables the user to prevent the children, who always interfere with the working of the phone, from accessing the phone whenever, not in use. I am also able to encrypt the data stored in the Smartphone with the subsequent of preventing unauthorized access to my sensitive information. The encryption allows me to store much sensitive information into the phone as possible, provided they do not go against the provider’s regulation. This makes the Smartphone act as one of the trusted storage devices. The end-to-end encryption makes the data sent to the Smartphone to pass through the BlackBerry Enterprise thereby assuring the user of the security of the transmitted information. The encrypted information travels through safe transmission all through to the Smartphone.
Then look at three third-party security products that can provide additional security
Remote Wipe/sanitation
I would like to acquire the Remote Wipe, which is useful in tracking a lost phone. It works through the mechanism of hindering the device from resetting to its default factory settings consequently removing the possibility of loss of data. The remote wipe of the mobile prevents third party from accessing the sensitive data related to the device; subsequently, hindering the third party from using it. The remote wipe/sanitation also acts as security backup whenever there is a need to give or sell the device to the third party. This is because the third party finds it easy to trust the ownership of the phone by getting the assurance from the presence of remote wipe/sanitation.
GPS (Global Positioning System) tracking:
This is a unique feature provided by third party manufacturers. Individuals who would like to access the location of an individual on earth makes use of this application. It works on the mechanism of calculating the difference in time obtained from the signal. The signals usually come from the use of the satellite, which can access time in any locality. Considering that my phone is a Smartphone, I have to consider the use of GPS tracking, which will act as a real time position. Individuals with Smartphone apply the GPS tracking in the voice-guided direction besides helping in locating areas of interest. The GPS has several advantages that the user always enjoys in accessing the positioning of movable device. It identifies a point within 330 feet thereby enabling the user to track the location of his or her phone in the situation of thefts. The users can easily identify the party who is in possession of their phones thereby eliminating the risk of mobile theft.
Voice encryption
This is a service provider to heap up security for voice communication enabling the user hide the content of communication to the third party. This reduces the effects of leaking information to the third party who may have hidden motives. The voice encryption would help me in preventing the unauthorized access to my sensitive communication promoting the security of using the phone.
I would also consider obtaining the security feature presented by the Google Android operating system. This will enable me to avoid the effect of downloaded dangerous item, which I would not have been able to identify. Internet is always full of malicious items that an individual cannot always realize without the help of antivirus. The use of this security feature will increase the usefulness of my Smartphone since it assures me of downloading only the harmless application from the internet.
Create a table that lists and compares the features of the third-party products. Include initial cost and any monthly or annual fees. Which would you recommend? Why?
| Name | Features | Initial cost | Monthly cost |
| Google Android operating system | It deletes malicious items downloaded by the user
Usually used by people downloading items from the internet It only applies to Android Smartphone The user needs the presence of server and internet connection |
$200 (Staska, 2011) | $50 (Staska, 2011) |
| Voice Encryption | It provides alternative for the users for example satellite solutions, cellular interception and Enterprise solutions.
It prevents access of information by unauthorized third party hence used by many people. It is cheap and easy to access by any type of Smartphone The user do not need the presence of server and internet connection |
No initiation cost | $2 a day (EyeSpyPro, (2012) |
| GPS tracking | It enables users to track the location of their phones in the event that they (phones) are lost
The user will need server and internet connection It enables the user to identify area of interests. |
$500 (Auto GPS, 2009)
|
Maintenance monthly cost for the server and internet connection costing $50 (Auto GPS, 2009)
|
| Remote Wipe/sanitation
|
It helps in tracking lost phone
It prevents the third party from accessing sensitive data about the Smartphone. Act as a security backup for the owner. |
$300 (Staska, 2011) | $30 (Staska, 2011) |
I would recommend the use of Remote Wipe/Sanitation because it is more effective in meeting the security needs of Smartphone. Apart from tracking lost phones, it also prevents the third party from easily using the phone since it hides the sensitive data about the device. Even though voice encryption seems to be cheap, it only helps the user in baring the third party from accessing the voice communication.
Assignment 6
What are your opinions about Internet content filters? Do they provide protection for users, or are they a hindrance? Who should be responsible for determining which sites are appropriate and which are inappropriate? What punishments should be enacted against individuals who circumvent these filters?
Internet content filters offer protection to the minors both at schools and at homes. The implementation of internet content filters in the school libraries and residential homes protect children and students against obscene, harmful, and inappropriate materials available on the internet. I think the implementation of internet content filters within the library settings could be both harmful and helpful to the development of the students. It is the responsibility of an individual to decide what is appropriate for him or her in relation to the degree of freedom accorded in the constitution. Internet content protects children and students from harmful and inappropriate content of the internet thus producing beneficial acts towards the development of children. The negative implementation of the internet content filter as a security system in relation to networking emerges in its application, in cases of students who have the ability to decide for themselves. This undermines the freedom of the individuals under victimization. This focal of the debate with reference to implementation of the internet content filters arises in the essence of over blocking and under blocking. This represents presentation of maximum or minimum quantity of information to a subject of study thus influencing the grasp of knowledge by the students. I also think internet content filters lead to development of stigma to students or children who have no access to a certain level of information on the internet.
Internet content filters protect individuals from obscene, harmful, and inappropriate materials such as pornography on the internet. The essence of minimal pornographic sites’ visitation is an indication that internet content filters operate towards the well-being of the students and children in their residential homes. Internet content filters within libraries are also limitation or hindrance to the development of the students in the process of protecting them against harmful, obscene, and inappropriate materials from the internet. This is through blocking of the URL using key words such as hate and sex. This method of security would limit the need to study sexually transmitted diseases because of the key term ‘sex’. This reflects a hindrance to the expansion of knowledge by students.
Internet content filters security system should be the responsibilities of the children, students, schools, and parents. This is an indication that companies developing the filter software should not be responsible for the content or information available to users of the websites. It is ideal to include all the four key stakeholders in order to maximize the influence of internet content filters in protecting the minors from harmful, obscene, and inappropriate materials on the internet. Internet content filter security system is hiding from the reality. Preventing students from visiting pornographic sites in school libraries do not solve the issue within the society. This is hiding from the truth rather than addressing the issue at hand. Students or children, who circumvent these filters, should serve bans from enjoying the library computer for sometime or for good to minimize future attack.
Assignment 8
What are the advantages of these devices (thin access points)? What are the disadvantages? Are there any security advantages to thin access points?
Thin access points in the wireless networking system addresses the challenges that might result in the scalability security and operations of the large networks. This is an indication that the central controller or the thin access point has the capacity to handle security configuration, processing of traffic, and management issues within the wireless operations. The thin access point offers accurate and valid solutions to the networking process by large organizations in providing cheap modes in the additional of other access points. The thin access points have a wide range in relation to additional accepts. This advantage indicates that the point have the capacity of operating two to hundreds of access points in the process of addressing the networking needs of large and small organizations.
The other advantage of adopting the thin access points in relation to transforming the network system is the constant demands on the administrators. The addition of new access points has no influence on the demands of the administrator. Centralization of the wireless or adoption of the thin access points is an indication of scalable deployment of control and management of the security system within the wireless networking. This is because centralization of management and control represent key demands in relation to scalability. Organizations implementing the thin access points in their networking system have the opportunity to transform the security requirement by obtaining effective control and management of their websites to outside users. The thin access points boasts of superior security, minimal malware infection challenges, reliability, and low operational costs in comparison to the traditional or fat access points.
Thin access points also possess disadvantages in relation to limitation of the organizations in that the program or initiate would disable rich media access. This results into a reduction in the level of performance by the thin access system. The other shortcoming of this system is the essence of superior network connection as a mandatory requirement. This indicates that, with minimal network connectivity, the thin access points will not operate effectively and efficiently in meeting the demands of the organizations and individual users. The other shortcoming is the cost of intensive work within the environment. The organizations in context incur extra charges in transforming the system to thin access point thus expensive aspect of technology. The other shortcoming results from the close relationship between the access points. If one access point registers a malfunction, all other access points will be down, as well thus inefficiency in its operations. There are security advantages in relation to adoption of thin access points. This is because users have only access to the server through network connections. Users with low accessibility would not be able to see or hack the confidential files and other crucial information by the organization. Thin access points also display elements of security by offering protection or backup to confidential files in the essence of disasters.
What happens in large enterprises or college campuses where there can be hundreds of Access Points?
Thin access points in large organizations such as companies and college campuses prove to be cost effective with reference to time and financial resource. This is because the access point in this scenario represents a radio or antenna under the influence of a wireless switch. This enables the thin wireless access points to facilitate overall configuration though the switch thus saving the organizations time and financial resource in the process of its adoption and implementation. This compares to the individual configuration of the access point in the fat or traditional access points thus causing large entities to spend more time and financial resources of the networking system. The management of the thin access points adopts central control mechanism thus encouraging and facilitating the movement of other users to another work area. The adoption of thin access points within the organizations or college campuses would result into improvement on the security system. This is because the central management system and configuration would enable the networking system to detect on the incoming attacks or connections to the wireless network. Detection of the incoming connections would enable the administrator to determine the creditability or trustworthy of the source. Numerous thin access points within companies and college campus would foster transmission of a large quantity of data thus managing the content of information among multiple users. This would prove to be efficient and effective because of minimal jams within the server or the wireless networking. Numerous access points display critical examination through the central point. This indicates that attacks or threats from internal and external sources have minimum chance of infecting the confidential information within the system.
Reference
EyeSpyPro, (2012). Secure Voice Encrypted Phone. Retrieved from: http://www.eyespypro.com/products/Secure-Voice-Nokia-Encrypted-Phone.html
Auto GPS, (2009). The Advantages and Disadvantages of Three Major Types of GPS Vehicle Tracking. Retrieved from: http://www.yorkshireatv.org/tag/initial-costs.
Staska, (2011). The Real Cost of Android. Retrieved from: http://www.unwiredview.com/2011/07/13/the-real-cost-of-android-potentially-60-per-device-in-patent-fees/
