Computer Security Failures

Answer the following questions :

1. Reports of computer security failures appear frequently in the daily news. Research and summarise the article that exemplifies one (or more) of the principles: easiest penetration, adequate protection, effectiveness, weakest link. Ensure the link and full reference is included.
2. Explain why asynchronous I/O activity is a problem with many memory protection schemes, including base/bounds and paging. Suggest a solution to the problem.
3. An electronic mail system could be used to leak information. First, explain how the leakage could occur. Then, identify controls that could be applied to detect or prevent the leakage. Justify your answer based on literature.
4. A computer system provides protection using the Bell-La Padula policy. How would a virus spread if:
• the virus were placed on the system at system low (the compartment that all other compartments dominate)?
• the virus were placed on the system at system high (the compartment that dominates all other compartments)?

• Task 1. Go to a web site where you do regular banking. Visit this website carefully and answer the following questions:

a. How do you know that the information you type in is secure from phishing?
b. What sorts of protection is provided by the bank to ensure secure online banking? Justify why the bank would use these security measures.

• Task 2. Consider a PIN card entry to a secure area for a publishing company that prints confidential documents for other companies such as exam papers for universities and health record for customers. Suggest some examples of confidentiality, integrity and availability in such a scenario. Summarize the requirements as well as the degree of importance for each item associated with such a system with your recommendation in a brief (250-500) words report. Must follow APA style referencing.

• Task 3. Mr. Bob is accessing his personal bank account (through a web browser) using an Internet Café. Mr. Bob has opened a text editor simultaneously along with web browser. Suddenly Mr. Bob suspected that the Café computers are infected with malware called ‘software keyloggers’.

As a security expert, you need to describe a scheme that allows Mr. Bob to type his userID and Password that the malware (i.e. keylogger), used in isolation of any screen captures or mouse event captures, would not be able to discover Mr. Bob’s userID and password.