Computer Security book by Charles Chapter 1 Exercise Solutions

By

1. Distinguish between vulnerability, threat, and control.


In the above diagram, a man is standing near a wall with his finger placed inside a hole. There is water on left side of wall and a crack in a wall that you can see.
For understanding the threat and vulnerability difference, we will understand it by the above diagram as a analogy. 

By definition. Vulnerability is a weakness in the system ( loophole ) that might be exploited in the future to cause harm or loss. 
Threat is a set of events, circumstances that may happen and potential to cause harm.

Now, in the above diagram, If the water level rises, then the man may get wet, get harm either the water gets spilled out, overflows.
So Water is the threat to Man.

Now there is a weakness in the wall, i.e Crack is present, that some time it can diminish the entire wall, break the entire wall and thus it is a vulnerability. 

To address this Harm, Threats, Vulnerabilities, We have Control or CounterMeasures. 

Therefore, Control is a procedure, technique, tool, action that can remove vulnerability or reduces it and enhance protection.

2. Theft usually results in some kind of harm. For example, if someone steals your car, you may suffer financial loss, inconvenience (by losing your mode of transportation), and emotional upset (because of invasion of your personal property and space). List three kinds of harm a company might experience from theft of computer equipment.

In a theft of computer equipments, There may be harm like Software harm, hardware harm, networking harm, etc..

Hardware harm include Financial loss, Integrity, availability loss and confidentiality loss too.

3. List at least three kinds of harm a company could experience from electronic espionage or unauthorized viewing of confidential company materials.

Confidentiality aspect of computer security gets directly harmed.Unauthorized view of company materials lead to financial loss, many other types of harm like leak of personal information, future plans, marketing strategies, profit and loss, accounts, banking information, etc... 

4. List at least three kinds of damage a company could suffer when the integrity of a program or company data is compromised. 

This is serious as integrity is compromised that leads to unexpected results like unintentional media coverage, misleading information by modifying documents, etc.. Loss of Respect, Pride, honor, reputation of company due to loss of integrity.

5. List at least three kinds of harm a company could encounter from loss of service, that is, failure of availability. List the product or capability to which access is lost, and explain how this loss hurts the company.

Service will be hindered as availability is compromised. 
Harm can be lack of services to customers, clients, government, individuals,etc.

Harm can be no salary issue, no processing of computer services,etc.. 

6. Describe a situation in which you have experienced harm as a consequence of a failure of computer security. Was the failure malicious or not? Did the attack target you specifically or was it general and you were the unfortunate victim?

No particular situation that caused harm as a consequence of a failure of computer security. The failure was not malicious. The attack was not happened.

7. Describe two examples of vulnerabilities in automobiles for which auto manufacturers have instituted controls. Tell why you think these controls are effective, somewhat effective, or ineffective.

I dont have answer for this 

8. One control against accidental software deletion is to save all old versions of a program. Of course, this control is prohibitively expensive in terms of cost of storage. Suggest a less costly control against accidental software deletion. Is your control effective against all possible causes of software deletion? If not, what threats does it not cover?

One control for accidental software deletion is to have a backup all programs periodically or To have a authentication system so that two step confirmation takes place before deleting a software. By opting this method, The owner of system can be verified and secondly, Accidental software deletion can be prevented. 

9. On your personal computer, who can install programs? Who can change operating system data? Who can replace portions of the operating system? Can any of these actions be performed remotely?

On my personal computer, only root user can install programs and change OS data. Also only the user with admin rights can replace portions of OS. Any of these actions can be performed remotely if a shell server is set up.

10. Suppose a program to print paychecks secretly leaks a list of names of employees earning more than a certain amount each month. What controls could be instituted to limit the vulnerability of this leakage?

Best control to limit the vulnerability of this leakage is by having randomness in data and less obvious fields common. Instead, some important fields like name, number, etc .. should not be related to one another 

11. Preserving confidentiality, integrity, and availability of data is a restatement of the concern over interruption, interception, modification, and fabrication. How do the first three concepts relate to the last four? That is, is any of the four equivalent to one or more of the three? Is one of the three encompassed by one or more of the four?

CIA is closely related to other four aspects i.e Interruption, interception, modification, fabrication. the modification is directly related to integrity whereas fabrication is directly related to confidentiality. and other two interruption, interception are general in nature.

12. Do you think attempting to break in to (that is, obtain access to or use of)  a computing system without authorization should be illegal? Why or why not?

yes, it is illegal because Privacy is hindered, the Principle of Computer security is also damaged.

13. Describe an example (other than the ones mentioned in this chapter) of data whose confidentiality has a short timeliness, say, a day or less. Describe an example of data whose confidentiality has a timeliness of more than a year.

Ex- > NAme -> does not change over a long period

Date or transaction date and amount of balance  -> changes every year, so data here has less confidential timeliness.

14. Do you currently use any computer security control measures? If so, what? Against what attacks are you trying to protect?

Admin level access control, cryptography, etc...

15. Describe an example in which absolute denial of service to a user (that is, the user gets no response from the computer) is a serious problem to that user. Describe another example where 10 percent denial of service to a user (that is, the user’s computation progresses, but at a rate 10 percent slower than normal) is a serious problem to that user. Could access by unauthorized people to a computing system result in a 10 percent denial of service to the legitimate users? How?

yes indeed, Attacks like Ddos can completely left services unusable by a single user also, whereas a 10% rate of attack is comparatively less harmful.

16. When you say that software is of high quality, what do you mean? How does security fit in your definition of quality? For example, can an application be insecure and still be “good”?

It depends on the perspective of user. if user is security conscious, then sure individual will take care of it. High quality software definition for that person will be different than a naive user.


I believe in Knowledge because it is the only thing in this world that is never going to vanish and stay updated at all times. The internet has enabled us to acquire Knowledge and use it in our daily life and prosper ourselves. I like to Read Books, Write Blogs, Research a lot. Books offer us a great source of detailed content of almost anything. I m looking forward to work with companies to enhance my skills and benefit your company in many ways. I am a Tech geek, automated lots of daily tasks on android, Experienced in Windows and Linux Operating System, Excellent grasp in Computer Networking

Comments

Post a Comment

Popular posts from this blog

Let us C book Chapter 1 Exercise Solutions

By
  [A] Which of the following are invalid C constants and why? ‘3.15’ : Valid C Constant falls into Real Constant category 35,550 : Invalid C Constant because comma is not allowed  3.25e2 : Valid Exponential format of Real Constant  2e-3 : Valid Exponential form of Real Constant  ‘eLearning’ : Invalid C Constant Because Only ONe character should be there and single quote present  “Show” : Valid C Constant  ‘Quest’ : Invalid C Constant because single quote present instead of double  2^3 : Invalid C Constant  4 6 5 2 : Invalid C Constant because spaces not allowed  [B] Which of the following are invalid variable names and why? B’day : Invalid Variable Name because single quote present  Int : Invalid Variable name because it is a reserved Keyword  $hello : Invalid C Variable Name  #Hash : Invalid because only alphabets, digits and underscores allowed in naming variable  Dot.  : Invalid  Number : Valid  totalArea : Valid  _main() : Invalid, variable name cannot have ()  Temp_in_deg : Valid 
Read more

Use your old android phone as a Wifi router/Access point for your home network to extend Wi-fi Signal

By
Image
( (( ( ( Project RangeS3 ) ) ) ) ) Solution to Weak Wi-fi Signal propagation from old Wireless Router by using a Wi-fi repeater Application on the Android phone Hello guys , Welcome to another technical blog in which I will show you a very interesting application that will extend your Wi-fi signal in your home with zero cost and minimum setup time. Without any further due, lets gets started. In these Blog, I will discuss all of the following points below: Why we want to extend our Wi-fi signal present in our home network and what are the benefits of doing it? What are the reasons that I have used this method in this project instead of buying a new Wireless Router? If Wifi signal is not the issue then why to use this App? Why to use specific Wi-fi Repeater application VPN HOTSPOT by MyGodStudio on play store instead of all other Wi-Fi-repeater applications available? Technical specs and conditions to satisfy before proceeding further? How to Implement this project and how-to s
Read more

Data Structures book chapter 3 exercise solutions

By
 1. What are arrays and why are they needed? Arrays are the most important and brilliant piece of development in software area. They are grouped into data structures and its use and implications is very high in programming languages. So what are arrays, Array is also a type of variable just like int, char, float, etc.. but with some changes. Here array has a structure, data structure with a collection of data elements in a structured way of storing it. It holds similar type of data elements. Why are they needed, consider this example. there are 20 students whose marks is to be scanned and printed. So in terms of programming language, we need at least 20 variables to hold 20 students marks, 20 statements or ( 1 statement with 20 variables ) for getting input, 20 print statements for printing marks. Therefore it is really manual, tedious, highly taxing and error prone process. Since this was only 20 students, consider 200, 2000, 20000 or 200000 students data entry job. It is exponentiall
Read more