Professional Documents
Culture Documents
1
PART A
(PART A: TO BE REFERRED BY STUDENTS)
A.1 Aim:
To study basics of computer security.
Note: Copy paste from Internet or any other source is not allowed
Task 1:
1. Find real world examples where the security was compromised
2. Analyze the case with respect to following points
a. Motivation of attack
b. Impact of attack
c. Kind of vulnerability exploited
d. How was the attack performed?
e. Report which security goals were compromised
Task 2:
Identify the type of goal compromised in following situation. Justify your answer.
You are working in your office and open a file that you had been working on the previous
day. You notice the values you had input into the file are different, and looking at the
versions of the file you note the time stamp indicates the last time the file was accessed
was 2 am. Knowing that the company hours are 8 am to 5 pm, you suspect that one of the
goal of security is compromised.
Task 3:
1. _______ is considered the weakest link to security for an
Organization.
2. A countermeasure to eavesdropping on the communication link is the use of
__________
3. The motivation of an ethical hacker is
a) Financial gain
b) Thrill of hacking
c) Desire to identify vulnerabilities so they can be corrected before they are publicly
exposed
d) religious/political/ideological cause
Task 4:
List at least three kinds of harm a company could experience from unauthorized viewing
of confidential company materials.
A.2 Prerequisite:
Basic understanding of goals of security, attacks and design principle
A.3 Outcome:
A.4 Theory:
A vulnerability is a weakness in the system, for example, in procedures, design, or
implementation that might be exploited to cause loss or harm
A threat to a computing system is a set of circumstances that has the potential to cause loss or
harm
Security Goals:
Confidentiality: the ability of a system to ensure that an asset is viewed only by authorized
parties.
Integrity: the ability of a system to ensure that an asset is modified only by authorized parties
Availability: the ability of a system to ensure that an asset can be used by any authorized parties
Experiment No. 1
PART B
(PART B : TO BE COMPLETED BY STUDENTS)
(Students must submit the soft copy as per following segments within two hours of the
practical. The soft copy must be uploaded on the Blackboard or emailed to the concerned lab in
charge faculties at the end of the practical in case the there is no Black board access available)
B.3 Conclusion:
Q1. What is the role of authentication, access control and non-repudiation in system security?
Q2. What are Preventive, Detective and Responsive controls used in system security?