Assignment 1 Sample Solutions

Assignment One (CS 890DJ, Fall 2023) Note: Question 1 to Question 9 are weighted 10 marks for each question, Question 10 is weighted 30 marks. This makes the total of the assignment 1 to be 120 marks. However, this course plans to use a sample-based approach to the marking of the assignments. You will be expected to complete the assignments fully. However, the course instructor will select a subset of items to be marked (a sample of your work). The Teaching Assistants will be instructed to only mark these items, which will result in your grade on the assignment. 1. Slide Part 1, Page 5 listed 10 cybersecurity challenges which we also discussed in detail in class. Please use your own words to explain all 10 challenges listed there in detail, one by one. 1) Security is not as simple as it might first appear to the beginner. The requirements seem to be straightforward; indeed, most of the major requirements for security services can be given self- explanatory, one-word labels: availability, confidentiality, authentication, nonrepudiation, or integrity. But the mechanisms used to meet those requirements can be quite complex and understanding them may involve rather subtle reasoning. 2) In developing a particular security mechanism or algorithm, one must always consider potential attacks on those security features. In many cases, successful attacks are designed by looking at the problem in a completely different way, therefore exploiting an unexpected weakness in the mechanism. 3) Because of point 2, the procedures used to provide particular services are often counterintuitive. Typically, a security mechanism is complex, and it is not obvious from the statement of a particular requirement that such elaborate measures are needed. It is only when the various aspects of the threat are considered that elaborate security mechanisms make sense. 4) Having designed various security mechanisms, it is necessary to decide where to use them. This is true both in terms of physical placement (e.g., at what points in a network are certain security mechanisms needed) and in a logical sense (e.g., at what layer or layers of an architecture such as TCP/IP [Transmission Control Protocol/Internet Protocol] should mechanisms be placed). 5) Security mechanisms typically involve more than a particular algorithm or protocol. They also require that participants be in possession of some secret information (e.g., an encryption key), which raises questions about the creation, distribution, and protection of that secret information. There also may be a reliance on communications protocols whose behavior may complicate the task of developing the security mechanism. For example, if the proper functioning of the security mechanism requires setting time limits on the transit time of a message from sender to receiver, then any protocol or network that introduces variable, unpredictable delays may render such time limits meaningless. 6) Computer and network security is essentially a battle of wits between a perpetrator who tries to find holes and the designer or administrator who tries to close them. The great advantage that the attacker has is that he or she need only find a single weakness, while the designer must find and eliminate all weaknesses to achieve perfect security. 7) There is a natural tendency on the part of users and system managers to perceive little benefit from security investment until a security failure occurs. 8) Security requires regular, even constant, monitoring, and this is difficult in today’s short-term, overloaded environment. 9) Security is still too often an afterthought to be incorporated into a system after the design is complete rather than being an integral part of the design process. 10) Many users and even security administrators view strong security as an impediment to efficient and user- friendly operation of an information system or use of information. 2. Confidentiality, Integrity, and Availability are known as the CIA triad. Please use your own words to explain them in detail, one by one. Please also include authentication, non-repudiation, privacy in your explanation.

Confidentiality, Integrity, and Availability, also known as the CIA triad, are the terms most commonly used to define security, also called security objectives. They are the three key objectives that are at the heart of information and network security. • Confidentiality: Confidentiality relates to permitting authorized access to information, while at the same time protecting information from improper disclosure. • Integrity: Integrity is the property of information whereby it is recorded, used and maintained in a way that ensures its completeness, accuracy, internal consistency and usefulness for a stated purpose. • Availability: Availability means that systems and data are accessible at the time that users need them. (the above are very high level answers. More details please find from the slide part 1, page 7 - 19). 3. The below trust model has been briefly explained in the class. Please use your words to describe it in detail. Typically, a trustor uses a number of factors to establish the trustworthiness of an entity. Three general factors are commonly cited: Ability: Also referred to as competence , this relates to the potential ability of the evaluated entity to do a given task or be entrusted with given information. Benevolence: This implies a disposition of goodwill towards the trusting party. That is, a trustworthy party does not intend to cause harm to the trusting party. Benevolence is the opposite of malevolence. Integrity: This can be defined as the trustor’s perception that the trustee adheres to a set of principles that the trustor finds acceptable. Integrity implies that a benevolent party takes such measures are necessary to assure that it in fact does not cause harm to the trusting party. The goal of trust, in the model of this Figure, is to determine what course of action, if any, the trusting party is willing to take in relation to the trusted party. Based on the level of trust, and the perceived risk, the trusting party may decide to take some action the involves some degree of risk taking. The outcome of the risk taking could be a reliance on the trusted party to perform some action or the disclosure of information to the trusted party with the expectation that the information will be protected as agreed between the parties.

Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely because of the wide variety of potential physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them. If the detection has a deterrent effect, it may also contribute to prevention. 7. Please use your own words to explain the steps of the incident response and explain each in detail. Part 2, page 16 to 19. 8. Please use your own words to briefly explain the Business Continuity Plan and Disaster Recovery Plan. In your opinion, what can significantly impact these plans. Part 2, page 23 to 33. What can significantly impact these plans are page 25-27, and 31-32, such as Planning and Preparation in advance, Communications, Support from the executive and senior management, practicing in advance and regularly, etc. 9. Please use your own words to explain Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-based Access Control (RBAC). Part 3, page 36, 42, 43, 45. 10. Read the following case and write an essay style case study for about 900-1200 words. The essay may include the following sections: Introduction, Analysis, Alternatives & Discussion, Recommendation, Implementation and Action Plan, and Conclusion. A small family-owned company made extensive use of online banking and cash transfers. Employees logged in with both a company and user-specific ID and password. Two challenge questions had to be answered for transactions over $1,000. The owner was notified that a cash transfer of $10,000 was initiated by an unknown source. They contacted the bank and identified that in just one-week cyber criminals had made six transfers from the company bank accounts, totaling $550,000. How? One of their employees had opened an email from what they thought was a materials supplier but was instead a malicious email laced with malware from an imposter account. The bank was able to retrieve only $200,000 of the stolen money in the first weeks, leaving a loss of $350,000. The bank even drew over $220,000 on the business’ line of credit to cover the fraudulent transfers. Not having a cybersecurity plan in place delayed the company response to the fraud. The company also sought a cybersecurity forensics firm to: ● help them complete a full cybersecurity review of their systems ● identify what the source of the incident was ● recommend upgrades to their security software Please write an essay style case study for about 900-1200 words, including the following: ● in your opinion, what lessons learned. ● knowing how the firm responded, what would you have done differently? ● if you are the business owner, what you think you can do to reduce the loss after the incident happened? ● what are some steps you think the firm could have taken to prevent this incident? ● What cybersecurity plan(s) do you think may be necessary for this firm? Please briefly design appropriate plan(s) for this company to handle similar attacks (please put the plan(s) in appendix which could not be counted in 900-1200 words limit).