Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Information Assurance: Homework 3 - Network Security and Label-based Access Control, Assignments of Computer Science

A university homework assignment focused on information assurance. It covers topics such as network security, ipsec, label-based access control, and asset identification. Students are asked to identify problems with labeled network traffic, compare the security of mandatory access control systems, and assess potential threats to university computer labs.

Typology: Assignments

Pre 2010

Uploaded on 03/16/2009

koofers-user-5od-1
koofers-user-5od-1 🇺🇸

5

(1)

10 documents

1 / 2

Toggle sidebar

Related documents


Partial preview of the text

Download Information Assurance: Homework 3 - Network Security and Label-based Access Control and more Assignments Computer Science in PDF only on Docsity!

Name:

Information Assurance: Homework 3

Due September 15, 2006

  1. Consider network traffic that carries along a sensitivity label between machines. In class we discussed routing problems associated with using IP options to store the label. Assume you are asked to review a solution that uses IPSec to encode the label, and thus avoids the routing problem. Describe two problems that could arise from the introduction of labeled network traffic.
  2. In class we discussed two systems that used category-only labels: Pitbull LX and SE Linux MCS. Their operators for comparing labels are slightly different. Pitbull LX requires the subject to have a superset of categories to access an object. MCS only requires intersection. The two systems also differ in that LX is a mandatory system. A normal user does not have the direct ability to add or remove categories from an object. While in SE Linux, a normal user can assign categories that associated with his account assuming he otherwise has access to the object. For the sake of the questions below, assume that both systems used the superset operator to test for access. a. Consider a malicious user. Does the mandatory nature of the LX system better protect the system? How does it or how does it not? b. Consider a careless user. Does the mandatory nature of LX better protect him from accidental data distribution? e.g., accidentally posting notes from an employee review meeting to a very wide audience. Again, why or why not?
  3. Are the following threats or vulnerabilities? Briefly explain why. a. The system administrator installs a mail delivery system with a buffer overflow bug. b. Leslie accesses the unprotected wireless network of a competing firm. c. Merlin sets his system password to be the same as his account name. d. Ethel tosses a copy of her credit card statement with associated PIN information in the garbage at the post office lobby. e. Carl takes home the laptop left at the coffee shop. (Question 4 on next page)

Name:

  1. Consider the following scenario. The university is worried about risk to one of its student computer labs. The lab contains 50 pentium-based work stations with flat screen monitors. All the computers can access the University's high speed internet connection. The computers also have access to department computers that have access to a range of information from student grades and future exams to professor's research results both public and private. a. Identify at least 3 assets. b. Identify two potential threats with their motivations. c. For each threat source, rank the importance of the assets you identified in the first step.