Intro to Information Security
Assignment 01
Dept. CS&IT (Sec-A) 8th Semester
Submitted By: Muhammad Shaheer Qureshi
Registration No: 19PWBCS0674
Roll No: 01
Submitted To: Dr. Zakira Inayat
Dated: 2nd April, 2023
Question 01
Identify mechanisms for implementing the following. State what policy or
policies they might be enforcing.
a) A password-changing program will reject passwords that are less
than five characters long or that are found in the dictionary.
Mechanism
An authentication program is invoked that reads the password string, and
returns an error if string is less than 5 characters long. Then compares the
password string to each word in an array of words taken from the
dictionary, and returns an error if any of them matches.
Policy
Words that can easily be guessed cannot be used as passwords.
b) Only students in a computer science class will be given accounts on
the department’s computer system.
Mechanism
Fetching the student’s registration record and verifying whether his/her
department is Computer Science, if not, then the system returns an error.
Policy
Only Computer Science students are allowed to access the department’s
computer system.
c) The login program will disallow logins of any students who enter
their passwords incorrectly three times.
Mechanism
Keeping a counter for number of times an incorrect password is entered in a
row. If the counter reaches 3, the system will disallow further attempts.
Policy
Preventing unauthorized access to an account by means of guessing.
d) The permissions of the file containing Carol’s homework will prevent
Robert from cheating and copying it.
Mechanism
Preventing read access to the file for all the users other than Carol.
Policy
Students will not engage in plagiarism.
e) When World Wide Web traffic climbs to more than 80% of the
network’s capacity, systems will disallow any further
communications to or from Web servers.
Mechanism
All the Internet Service Providers ensure that the current global network
population does not exceed 80% of the capacity, every time a new device
connects to the Internet. Once the capacity is reached, the ISP will disallow
further connections.
Policy
Keeping the global network population less than 80% in order to prevent
network congestions.
f) Annie, a systems analyst, will be able to detect a student using a
program to scan her system for vulnerabilities.
Mechanism
A system software that detects any program which attempts to scan system
for vulnerabilities.
Policy
Students should not attempt to find vulnerabilities in her system.
g) A program used to submit homework will turn itself off just after the
due date
Mechanism
The system sets a timer to invoke the program to turn off homework
submission on due date.
Policy
Students may not submit homework once due date has been passed.
Question 02
For each of the following statements, give an example of a situation in
which the statement is true.
a) Prevention is more important than detection and recovery.
Preventing another user from accessing your account by using strong
password as well as 2-Factor-Authentication is more crucial than
detection and recovery. As you will likely not be available at the time
an unauthorized activity was detected, and it’d be difficult to recover
from any financial losses.
b) Detection is more important than prevention and recovery.
Early detection of medical diseases is more important, so as to apply
early treatment before conditions get worse. Prevention may not be
possible in most cases, as some diseases come with age, and recovery
after late detection will likely not be successful.
c) Recovery is more important than prevention and detection.
Keeping a regular backup of a database and recovering upon data loss
due to some catastrophic incident is more important because
prevention is not possible in case of rare system failures and detection
will not prevent any damage to the data.