Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Computer security assignment

advertisement 
Assignment 1
Problem 1.5:
a) Suppose that “IsAccessAllowed(...)” fails somehow and then the value of “dwRet” is NULL or any
kind of garbage. Then, as this value is not equal to “ERROR_ACCESS_DENIED” the program will
assume that the access is allowed and will continue its execution with a valid security check.
b)
DWORD dwRet = -1; //Suppose that -1 is a safe init value for the var
dwRet = IsAccessAllowed(...); //Suppose that IsAccessAllowed(…) returns ACCESS_GRANTED if
the security check is valid for the user, or any other value if not
if (dwRet == ACCESS_GRANTED) {
// Security check ok.
} else {
// Security check failed.
// Inform user that access is denied.
}
Problem 1.6: (no leaf nodes are OR-nodes)
Physical safe
compromise
Key compromise
Crack
combination
Brute force
Guess possible
combinations
(eg. birthday,
0000)
Backdoor exploit
Physical reset
button or
mechanism
Get combination
Check if it is
wrote or stored
somewhere
Directly from
owner
Blackmail
Threat
Bribe
Social
engineering
Monitor owner
access
Find secret
access
mechanism (eg
with a physical
key)
Physical destroy
Breaking parts
Break the lock
Break the joint
of two parts of
the safe
Piercing the safe
Pierce with an
industrial drill
Problem 1.7: (Where ‘AND’ is not stated means an ‘OR’)
Climb
Pass fence
Distract guards
Through gate
Insecure door
Access
datacenter
Steal from
datacenter
Get rid of
guards
Through
window
Piggyback
employee
Get from
employee
Valid
credential
Previous
compromise to
access control
system
Get from
employee
Obtain
credential
Get into server
Log into
database
server
Previous
compromise to
access control
system
Log into file
server
Log into mail
server
Climb
Pass fence
Distract guards
Through gate
Insecure door
Access HQ
Disclosure of
propietary
secrets
Steal from HQ
Get rid of
guards
Through
window
Piggyback
employee
Get from
employee
Valid
credential
Previous
compromise to
access control
system
Get from
employee
Obtain
credential
Get into
workstation
Check systems
and apps
Check files in
workstation
and LAN
Check emails
Email spoofing
Get from
employee
Social
engineering
Compromise
email account
Phishing
attempt
Firewall
vulnerability
exploit
Security
compromise
Web server
vulnerability
exploit
Get into server
(check other
branch)
Previous
compromise to
access control
system
Related documents
Name ________________ Events Leading Up to the Civil War
Name ________________ Events Leading Up to the Civil War
Weekly Homework Sheet
Weekly Homework Sheet
Download
advertisement