dq dq week4

User Generated

ezr1

Computer Science

Description

Hi there,


hope you are doing well. So for this week4 we have 3 topics you to make a post to 2 topcis and replay to classmate in 1 topic that's it .


thank you a lot

Unformatted Attachment Preview

Topic1: Discuss what your thoughts are on Kerckhoffs principle... It is on the slides but you can google it as well. Classmate reply: Kerckhoff'ss principle refers to the advantages of using secure cryptography and maintaing a maximum height of security. Kerckhoff's philosophy was that a cryptosystem should be build of publicly known algorithms but be done in such a why that it was way complex even though it was done on a simple known algorithm. He took the approach to have security through obscurity. The idea of keeping everything secure even though the enemy may have a copy. I beleive that this way of going about security is so complex and yet so simple that not to many people will understand how to go about it. Kerckhoff's principle understands that the system in use must be practical and not so overly complex that it is nearly impossible to use on a daily basis. It must be broken by code hackers and be able to be hacked to build it stronger and know the ends and outs of this system. With this open design the security relies on the secrecy of keys, this is a full proof way that Alice and Bob know whats going on and the attacker Eve doesn't. Overall this open design technique is a very positive way of strengthening a security system and maintaining one. Classmate reply: Kerckhoffs Principle is a principle used in cryptography. It elaborates on what is important when evaluating encryptions and decryptions. Mainly, encryptions and decryptions are important but can be deciphered. Kerckhoffs Principle states that if encryptions and decryptions are deciphered, it shouldn’t matter. The most important part is the development of a key to elaborates on said encryptions and decryptions. The Key is what is most important and should be secured above all else. Encryptions and decryption can even be made public, if the key is secured. Classmate reply: Kerckoff's principle is the idea that everyone should know how something is encrypted. Because the more simple an encryption system the easier it will be to keep secure. Even if you know the key but don't know how it's applied, it wont be of informational relevance to you.Governments often take the opposite approach and create a system where the key is a complete secret. While as a public key is more useful, in most cryptographers view because that way they can know if there encryption system is strong and secure cause it has yet to be broken. I agree that it's better if a know algorithm is used, but a secure algorithm should be used not one that has been known to be compromised. Topic2: Since many security systems are automated, IT gets to design and manage them. Discuss one issue, concept or technology for facility security Classmate reply: One of the biggest threats when it comes to facility security would have to be the Cher open physical danger opportunities that one can have on IT systems. When it comes to encryption and software security, it is a completely different thing when coming to physical security. Physical access to a systems room that has servers available to anyone is a major flaw that must be protected at all cost. You could have the strongest firewall or software for your systems but be vulnerable to a person walking in the room and plaguing the system directly. The surroundings to the systems room must be secured with fortifications and security, security checkpoints and actual analysts must be on standby just case an issue ensues. At these said security checkpoints, more than just access cards or codes are needed, depending on the organization something more is needed to protect. More practical effects must ensue that don't necessarily rely on technology and still secure and have security. In saying all of this; cameras, personnel security, laser beams, etc. all can be compromised and have a physical limitation to being the best idea for facility security. Classmate reply: One concept for security that I would like to discuss is the layered defense model. The layered defense model is basically exactly as it sounds. In terms of facility security, the layered defense model would involve different measures of physical security put in place to best protect the facility. If one measure fails, there will be another that is in place. For example, say that there is a certain facility in the middle of the desert. The first layer of security could be the fact that there is only one road leading to the facility. The second layer would be the tall fence around the security, perhaps with barbwire on top of it. If an intruder were to scale the fence, there will be a third layer of security on the other side consisting of security guards. If the security guards were to be taken out, there would then be a fourth layer of security which could consist of grade 1 locks on the doors into the facility. The point is that there are different layers of security to protect what may be within the facility. Classmate reply: A good representation of Facility security is the use of restricting access based on key cards/ RFID/ FOBs. With the automation of taday using these devices ahs allowed workers, and their employers a better view of what is going on day to day. It prevents outside personnel who do not require access to certain locations the means to keep them out. It also gives personel who need to be somewhere the ability to access those areas. It also allows employers the ability to track who is where and at what time. This is useful in emergencices and also when problems happen. If equipment is stolen there is a record of who was in what room and what time and when they left. Topic3: The security models are important concepts to know. Discuss the differences between the Bell / LaPadula & Biba. Include comments about the properties of the models Classmate reply: Bell-LaPadula is an older Confidentiality model used by the DoD. It’s considered an inflexible, formal state transition model of computer security. Everything Bell-LaPadula must be labeled from most sensitive to least. It utilizes the * (star) Property, preventing anyone from writing down to a sensitivity level below them. While also using the Simple Security Property, preventing anyone from reading up. In contrast, the Biba Integrity model prevents inappropriate modification of data by preventing users from writing or requesting any services from a higher sensitivity and preventing said users from reading down. They are however allowed to read from higher a sensitivity and write to a lower one. Classmate reply: Bell-LaPadula Model was made by the Department of Defense (DoD) to address concerns about protecting classified information. The Bell-LaPadula multilevel model was derived from the DoD’s multilevel security policies. The Bell-LaPadula model is to prevent any leakage or transfer any classified information. The Biba model was designed after the Bell-LaPadula model. The Biba model is to address the integrity, and as for Bell-LaPadula model is meant to address the confidentiality. The difference between the two is Biba primarily protect data integrity the basic properties it protects are the simple integrity property, and the star integrity property. Biba was to address three integrity issues which are prevent modification by unauthorized subjects, prevent unauthorized modification and protect internal and external object consistency.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hey, I am through. Everything is attached

Running Head: COMPUTER SECURITY DISCUSSION

Computer Security Discussion

Name

Institution

1

Computer Security Discussion

2

Topic1: Discuss what your thoughts are on Kerckhoffs principle... It is on the slides but you can
google it as well.

The kerchoffs principle has been used to design cryptography and improve the security of the
computing world. The article of Kerchoffs is to provide solutions for the contemporary military
cryptography, and he went ahead to give the principles of the military ciphers. He argued that the system
must be indecipherable in practice, for cryptography to be used, the system must be able to fall in the
hands of the enemy military at any time. Another requirement is that the principle must be able to be
applied to the communication network and the encryption key should be changed at will by the people
communicating....


Anonymous
Awesome! Made my life easier.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags