Free Essay

Is3230 Unit 9 Lab 9

In: Computers and Technology

Submitted By kujhwks88
Words 804
Pages 4
1. If you are using corporate e-mail for external communications that contain confidential information, what other security countermeasures can you employ to maximize the confidentiality of e-mail transmissions through the Internet? Encrypt email, email policy, security software, content checking tool, anti-spam tool, and secure firewall configurations. 2. Explain the role of a Certificate Authority and its obligations in authenticating the person or organization and issuing digital certificates. Certificate Authority or Certification Authority (CA) is an entity, which is core to many PKI (Public Key Infrastructure) schemes, whose purpose is to issue digital certificates to use by other parties. It exemplifies a trusted third party. 3. What would a successful Subversion Attack of a CA result in? An attacker can create a certificate for any domain. This certificate will appear to be signed by a trusted CA. Thus, you will see that the site's cert is trusted and you will never get any notification to the contrary. Normally, a trusted CA will issue and sign a certificate and then if the browser trusts the signing CA, you will see a padlock in the GUI and you will often times see a message that lets you know that the certificate of the web site is trusted. If the CA is not trusted, you are shown a message that the certificate is not signed by a trusted party and you are given the option to leave or continue. This is PKI in a nutshell. The entire system relies on trust of the CAs and the CAs in turn provides reputable and responsible operation. This works very well, until you can subvert that trust. 4. What encryption mechanisms are built into Microsoft Windows XP Professional? EFS. 5. Could you add user’s access to view your EFS encrypted files and folders? Yes. If so how? Once a file has been initially encrypted, file sharing is enabled through a new button in the user interface (UI). A file must be encrypted first and then saved before additional users may be added. After selecting the Advanced Properties of an encrypted file, a user may be added by selecting the Details button. Individual users may add other users (not groups) from the local machine or from the Active Directory, provided the user has a valid certificate for EFS. 6. What would be needed by any Law Enforcement agency to decrypt encrypted messages easily? DES Data Encryption Standard. 7. What is SHA1, and what is it used for? The Secure Hash Algorithm 1 (SHA-1) is a well-known and currently secure cryptographic hash function designed by the NSA. Is it used similarly to TripleDES or are they different? They are the same, they both use algorithms. 8. Provide and explanation for the difference between symmetric keys and asymmetric keys in a PKI? symmetric-key: It only needs one key to encrypt the message. And both user only need the same key to decode the message. And the in order to create the key is by moving the bit. asymmetric-key: It needs two different keys- public key and private key. Everyone can see the public key and only the person who has private key can decode the message. 9. What is a common drawback to Encrypting using enterprise level tools such as PGP? Complexity, cost, lack of scalability, and lack of interoperability with VoIP systems. So even though implementing encryption is appealing, many businesses may balk at the potential obstacles. 10. What is the difference between PGB and GPG? “PGP” stands for “Pretty Good Privacy.” It was developed by Phil Zimmermann. At first it was written as copyrighted freeware under the Gnu Public License. Later, PGP was upgraded and made into a propriety program. The rights for this program are traded around. The reason for this upgrade was legal defense costs and royalty issues related to the export laws of the USA. Now the PGP program is owned by PGP Corporation. Only the command line version is not owned by PGP Corporation which is also not for sale. PGP uses the RSA algorithm and the IDEA encryption algorithm. The PGP is considered to have Windows interface which is more polished.
“GPG” stands for “Gnu Privacy Guard.” GPG is a re-write or upgrade of PGP. It does not use the IDEA encryption algorithm. This is to make it completely free. It uses the NIST AES, Advanced Encryption Standard. All the algorithm data is stored and documented publicly by OpenPGP Alliance. The main reason for this change is that AES costs less than IDEA and is considered more secure. Moreover, it is royalty free because it is not patented. GPG is more compatible than the original PGP with OpenPGP. GPG is also based on a command line. Windows frontends are also available for GPG other than the command line.

Similar Documents

Premium Essay

Lab 7

...Security Unit: IS3230 September 25, 2014 Lab 2 Design Infrastructure Access Controls for a Network Diagram Lab 2 Answers 1. To check it there I any malware, updates where it be made, and to know if any other viruses are the system or application 2. help to cut down storage and backup cost, to meet legal regulatory requirements for retrieving specific information within a set timeframe. Data strategies are different types and volume. 3. Have backup/ restore for the patch management 4. Networking monitoring allows real-time communication to take place on a data path that’s established and does change. Performances monitoring is circuit-switched networks known for stability and reliability with industry standards, it alarms the network engineers of new attack protocols. It also helps secure IT infrastructure be increasing storage needs 5. I think passwords and PIN are required for multi-factor authentication 6. Systems/Application domain because attackers will target that first. 7. Network-based firewall is a computer network firewall operating at the application layer protocol stack. Hose-based firewall is monitoring any application input, output, or systems services calls are made from. I put in the implementation, the firewall will block out malware and it let me know when the firewall needs to be updated. 8. Consuming Entering Using All 3 controls use permission called authorization which gives users right to go on a domain if need be 9. Basic...

Words: 323 - Pages: 2

Premium Essay

Access Security Lab 1

...Course: IS3230 Lab 1 1. Discretionary Access Control Lists form the primary means by which authorization is determined. An ACL is conceptually a list of <account, access-rights> pairs. 2. Sometimes an entire group needs access or permissions, and by giving the group permission any new person will automatically be given the permissions needed, with no need to add each person individually. 3. Modify, Read & Execute, Read, Write, List contents. 4. Read only, sometimes users need to be able to get information from the network, but without them being able to modify anything. 5. Some password policies are, password length, character diversity, time required to change password. 6. The only time it’s a good idea is when an application needs to read stored passwords. Normally they are encrypted, so storing passwords using reversible encryption should be done on a per-user basis. 7. Local group policies govern smaller groups on the network such as a hand full of machines or users. A domain group policy affects every workstation or user on the domain. 8. Local GPO, GPO linked to sites, GPO linked to domains, and GPO linked to organizational units. 9. Administrative Templates are a large repository of registry-based changes (in fact, over 1300 individual settings) that can be found in any GPO on Windows 2000, Windows XP, and Windows Server 2003. The Administrative Templates are Unicode-formatted text files with the extension .ADM and are used to create the Administrative...

Words: 335 - Pages: 2

Free Essay

Assessment Questions It

...Lab #3 – Assessment Worksheet Identify & Classify Data for Access Control Requirements Course Name & Number: IS3230 ______________________________________________________________ Student Name: Heather Young ______________________________________________________________________ Instructor Name: MR. Gibbs _____________________________________________________________________ Lab Due Date: Jan. 2014 _______________________________________________________________________ Overview This lab provides the student with the opportunity to develop a data classification standard with procedures and guidelines to classify data access based on the job responsibilities – not an organizational position. In this lab, students aligned a data classification standard with the job function and roles that are required to access specific data. This alignment allows access controls policy definition to be properly implemented throughout the IT infrastructure to mitigate risk from unauthorized access. Lab Assessment Questions & Answers 1. What is the Data Classification Standard used in the U.S. Department of Defense (DoD)/Military?Google “Data Classification Standard + DoD”. Summarize the different data classifications. Top Secret- highest level of information sensitivity Secret- information that would cause serious damage, most common classification level Confidential- Is the lowest of sensitivity. This information may only be handled by personnel with a clearance, may...

Words: 993 - Pages: 4

Premium Essay

Test

...Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110  NT1210...

Words: 2305 - Pages: 10