Computer Science

Exercise 1 and 3

Clifford Banta

ABTU Online

Date 8-24-2014

Instructor

Robert Rupocinski

Exercise 1

A paper titled the “Rand Report R - 609” was sponsored by the Department of Defense and initiated the movement toward security that went beyond protecting physical locations. It attempted to define multiple controls and mechanisms necessary for the protection of a multilevel computer system; identifying the role of management and policy issues in computer security. This report/paper significantly expanded the scope of computer security to include the following: securing the data, limiting random and unauthorized access to said data, and involving personnel from multiple levels of the organization in matters pertaining to information security.

Exercise 3

a. Threat:

i. Theft of Media 

b. Threat Agent:

i. Hacker (Ex: Ima Hacker)

c. Vulnerability:

i. Unprotected system port

d. Exposure:

i. Using a website monitored by malicious hackers, reveals a vulnerability

 – i.e. Unprotected system port

e. Risk:

i. Low level risk  – The probability that theft of media will occur is low

f. Attack:

i. Hacker is made aware of system vulnerability (unprotected system port) by monitoring the website mediamadness.com. The hacker then navigates to and enters the exposed port; the hackers continues to steal media files from the user’s computer. This results in the user experiencing a loss.

g. Exploit:

i. Hacker uses software tools to gain access to the unprotected system port; gaining

access to the user’s computer.

References

Published for the Office of the Secretary of Defense

Edited by Willis H. Ware

R-609-1

Reissued October 1979

Rand

SANTA MONICA, CA. 90406

APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED