Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Information Assurance Homework 9: Solutions and Discussions - Prof. Susan Hinrichs, Assignments of Computer Science

Solutions and discussions for homework 9 in information assurance. Topics include vulnerabilities of wep, preserving evidence for investigations, and comparing shielded monitors and rooms for security. Questions cover crc attacks, evidence preservation, and emanation scanning solutions.

Typology: Assignments

Pre 2010

Uploaded on 03/10/2009

koofers-user-r9d-1
koofers-user-r9d-1 🇺🇸

10 documents

1 / 1

Toggle sidebar

Related documents


Partial preview of the text

Download Information Assurance Homework 9: Solutions and Discussions - Prof. Susan Hinrichs and more Assignments Computer Science in PDF only on Docsity!

Name:

Information Assurance: Homework 9

No due date. Answer key will be posted December 7..

  1. One problem with WEP is that a linear CRC is used to detect changes to the packet. The CRC is encrypted with RC4. a. Assume an attacker has changed the first byte of the packet. He does not know the key sequence. Show how the attacker can compute the new CRC without having knowledge of the key or the plaintext. b. If the packet and CRC had been encrypted using AES in electronic code book or cipher block chaining mode, could the attacker fix up the CRC to hide changes without knowledge of the key? Why or why not?
  2. Suppose you are performing an investigation on a computer of someone who has recently left the company. Your boss suspects he had been selling information to your company's competitors, and he would like you to look for evidence. a. What two things should you do to preserve the chain of custody, and make it more likely that the evidence you find would be admissible in court? b. Identify three places you would look for information on the computer.
  3. Your boss is concerned about having information leak through emanations scanning. He wants you to analyze option of buying shielded computer monitors and cables for the security sensitive systems vs building a shielded room for all of your organization's computers. Which option would you recommend and why?
  4. Explain one problem with the standard SQL view-based security model that Oracle's Virtual Private Database (VPD) attempts to solve.