Wednesday, March 11, 2020
Week Case Study Essay Example
Week Case Study Essay Example Week Case Study Paper Week Case Study Paper Look up the paper that started the study of computer security. Prepare a summary of the key points. What in this paper specifically addresses security in areas previously unexamined? The RAND Report R-609-1 was commissioned by the Deputy Director in June 1967 according to www. Linearitys. Com. The report was to study and recommend solutions that would unsure the protection of classified information while allowing multi-level access along with computer sharing capabilities. The report was broken down into four sections. First, the nature of the problem was identified. This identified security problems from the computer systems to lack of security and potential threats. The second part looked at policy considerations and gave recommendations. This section dealt with systems personnel to information structure and ended with system certification recommendations. The third section detailed technical recommendation while the last section detailed management and administrative controls. With the increased and wide spread use of computers in the military, a need for procedures we due. These procedure recommendations revolved around technique and security which had not previously existed on such a broad call. Even with the large scale of operations, there still needed to be some privacy around the system and data that was shared or accessed. Through this study, batch, multiprogramming, and time-shared processing were all recommended for different levels of access and control. Three types of threats to system security were identified. These are accidental access of data, deliberate access of data, and a physical attack on the system. There were recommended safeguards to protect from all three vulnerabilities. This protection had to be identified and secured by the system designer so not APS were missed. These gaps could be in the software, hardware, communication of information and general lack of organization or the organization itself. There were recommended characteristic needs of the system seemed almost too massive to have all at one time. The system had to be flexible in term of performance, responsive to different conditions, dubitable for security breaches, reliable, manageable, adaptable based on sensitivity needs, dependable, while assuring configuration integrity. With all of these demands, a definition list was put together so everyone could be Lear on the document and the interpretation was consistent from person to person. The second part of the study started out with fundamental principles and system personnel. This detailed who could have access to what part of the system and the data. It also identified gate-keepers and administrators with user authentication guidelines. The data was organized and controlled so that any variance was identifiable. All transactions into the system and the activity that took place was logged for transaction accounting. Auto-testing was implemented and sufficient redundancy checks were put in place to ensure data control was not compromised. Input and output parameters were very specific and access was obtained only through several checkpoints in the system. The system was checked, tested, and evaluated often for any fail-points or weaknesses. Inspections were performed by experts to determine if the system was in compliance with pre-determined requirements and regulations. There were three types of certifications that protected the system and access to the system; design certification, installation certification, and recertification. The last part of the report detailed the technical recommendations. Due to the size of the system needed for the data-sharing, the present technology was insufficient and additional safeguards had to be put into place. The central processing hardware had to have user isolation along With protection against unexpected access or conditions. This meant that each user was unique and the program would isolate the data needed for that user. The software had to run with complex programs that allowed sorting and file copying while maintaining security checkpoints. This lead to access controls in different levels of the system. Certain users could only gain access to some information. If an unauthorized user tried to gain access to information Outside their authority, a denial of access Was sent. This also generated a flag to be immediately checked. All these steps and processes were new and now seem to be a very standard practice in the world of computers. Even with the most secure systems, there are still people or even other computer systems trying to gain access to data that they are not authorized to see or control. The cyber world continues to fill up with public and private data at tremendous speeds which will continue to lead the curious hacker to halogen themselves to getting data they should not have. 2. Consider the information stored on your personal computer. For each of the terms listed, find an example and document it: threat, threat agent, vulnerability, exposure, risk, attack, and exploit. Threats this could be a person driving around your neighborhood looking for the insecure network. Threat Agent this could be a hacker that finds the unsecured network with the intentions of installing a worm, computer virus, or some sort of damaging program. Vulnerability This could be an account that has a weak password like 123456. Exposure An example of this is when someone opens and e-mail with a Trojan, worm, or virus attached. Risk This could be an event in which you let someone you dont know very well use your laptop or access a program without good intent. Attack This is what happens when your system has been intentionally or unintentionally exposed to a malicious program or person. Exploit Can be gained at a local level or network level to take advantage of weaknesses or vulnerability in a system. They are used to gain control to a computer system. 3. Using the web, find out who Kevin Nitpick was. What did he do? Who caught him? Write a short summary of his activities and why he is famous. Kevin Nitpick is know that he worlds most famous hacker according to his website (win. Indestructibly. Com). In the early 199(Yes, he proved to be a computer genius that thrived on the breaking into high-profile company computers through the now out-of-date dial-up modem superhighway. He would assume false identities and cover his tracks to out run the FBI and other authorities looking to track him down. He was finally caught and arrested in 1995 by the FBI in his North Carolina apartment, resourced four years later for wire fraud, computer fraud and identity theft. Kevin Nitpick started his computer hacking at a seemingly young age of 15 gaining access to the Los Angles bus system. This lead to him obtaining free rides on the public transport system. His first arrest for hacking came in 1988 when he was convicted of unauthorized access of a computer network in 1979 at the age of 16. This earned him a year in prison. After his release, he continued his hacking using The Condor and The Darkies Hacker as his calling cards. He pushed the limits of his activities and became one of the Bis most wanted. After his arrest in 1995, it took four years to get a conviction. He had a lot of supporter that felt his conviction and incarceration was too harsh which include eight months in solidarity confinement since he was a perceived threat to national security.
Subscribe to:
Posts (Atom)