Assignment 6
Background
To complete this assignment, you will need to have completed reading of chapters 11-13 of the textbook, the narrated lecture by Special Agent Watson, and completed the slides/lectures Software Security, Operating System Security, Trusted Computing, and Intelligence and Counterintelligence.
Assignment Instructions
Reminder: All work turned in for this class must prepared in a form that I can open with Microsoft Word 2016. Do not copy the homework text into your answers; I already know what the questions are, and putting superfluous filler into your answers just makes more work for me.
For this assignment and any others that require research you must answer in your own words and cite your references correctly. A cut-and-paste answer will earn a zero for the entire assignment and may earn a course grade of F for plagiarism.
Part 1: List the basic steps in securing an operating system. Assume that the O.S. is being installed for the first time on new hardware.
Part 2: Causes of buffer overflow vulnerabilities are well-known, as are mechanisms for preventing them. Even so, buffer overflow attack succeed in the 21st century.
Name and describe two reasons why buffer overflow vulnerabilities still exist.
Name and describe one method of preventing buffer overflow vulnerabilities.
Part 3: Explain the function of the trusted boot function of the trusted platform module (TPM.) Tell how that is related to the earlier controversy between Apple and the FBI concerning iPhone encryption. What could the FBI do in the absence of a trusted boot function?
Part 4: Define single loss exposure and annualized risk of occurrence. Explain in your own words what these have to do with computer security.
Part 5: Explain why it is important to monitor outbound traffic as well as inbound traffic in a corporate network. Give an example that illustrates the importance of monitoring outbound traffic. (The example may be contrived or hypothetical.)
Grading Rubric
This section describes how your assignment will be graded. Except in the case of plagiarism, cheating, or copying, you cannot lose more than 100 points.
This assignment is worth 100 points in the "Assignments" category of the course grading plan.
The Assignment as a Whole
Failure to follow instructions: Up to two points subtracted per part, 20 points for the entire assignment.
Grammar, spelling, and organization: Up to two points subtracted per part, 20 points for the entire assignment.
Incorrect citation or use of the works of others: Up to five points subtracted per part, 50 points for the assignment as a whole. When you use the words or ideas of others, you need a citation in the text that ties to an entry in your "References" section. When you quote another's work, you need quotation marks. For an example, see An Example of Proper Writing in the "Required Reading" module.
Plagiarism, cheating, or copying another's work: A zero on the assignment and referral to the Student Conduct and Academic Integrity office for other penalties.
Late work: Late work will not be accepted by Desire2Learn and will be recorded as a zero.
The Assignment by Parts
| Part | Criteria | Points Available |
|---|---|---|
| 1 | The list is absent, incorrect, or incomplete: up to -20. | 20 |
| 2 |
Two reasons why buffer overflow vulnerabilities exist are missing, incorrect, or superficial. -5 each Description of a method for preventing buffer overflow vulnerabilities is absent, incorrect, or superficial: -10 |
20 |
| 3 |
Explanation of the trusted boot function is absent, incorrect, or superficial: -7 Relationship of trusted boot to the Apple/FBI controversy is absent, incorrect, or superficial: -7 Action that could be taken by the FBI in the absence of trusted boot is absent, incorrect, or superficial: -6 |
20 |
| 4 |
Each of the two definitions is absent, incorrect, or superficial: -5 each. Explanation of what they have to do with computer security is absent, incorrect, or superficial: -10 |
20 |
| 5 |
Explanation of the importance of monitoring outbound traffic is absent, incorrect, or superficial: -15 An example of the importance of monitoring outbound traffic is absent, incorrect, or superficial: -5 |
20 |