Network Security (Spring 2007) Homework 1 (Part II)

This paper-and-pencil part of homework 1 is due at the beginning of class on 2/6, 2007.

  1. (7 points) Please classify each of the following as a violation of confidentiality, of integrity, of availability, of authenticity, or of some combination of those.
    1. John copies Mary's homework.
    2. Paul crashes Linda's system.
    3. Carol changes the amount of Angelo's check from $100 to $1000.
    4. Gina forges Roger's signature on a deed.
    5. Rhonda registers the domain name "AddisonWesley.com" and refuses to let the publishing house buy or use that domain name.
    6. Jonah obtains Peter's credit card number, and has the credit card company cancel the card and replace it with another bearing a different account.
    7. Henry spoofs Julie's IP address to gain access to her computer.
  2. (7 points) Please identify mechanisms to implement the following. Please state what policy or policies they might be enforcing.
    1. A password changing program will reject passwords shorter than 5 characters long or that are found in the dictionary.
    2. Only students in a Computer Science class will be given accounts on the department's computer system.
    3. The login program will disallow logins of any students who enter their passwords incorrectly 3 times.
    4. The permissions of the file containing Carol's homework will prevent Robert from cheating and copying it.
    5. When World Wide Web traffic climbs to over 80% of the network's capacity, systems will disallow any further communications to or from Web servers.
    6. Annie, a system analyst, will be able to detect a student using a program to scan her system for vulnerabilities.
    7. A program used to submit homework will turn itself off just after the due date.
  3. (6 points) Please give an example of a situation in which each of the following is true:
    1. Prevention is more important than detection and recovery.
    2. Detection is more important than prevention and recovery.
    3. Recovery is more important than prevention and detection.
  4. (10 points) A respected computer scientist has said that no computer can ever be made perfectly secure. Why might she say this?