Question 1: You Are The Administrator For A Tracking System

Question 1you Are The Administrator For A Tracking System Application

Question 1: You are the administrator for a tracking system application for a Human Resources (HR) Department that tracks different employee cases such as processing retirements or changing health benefits for ACME Inc.. There are different permissions that different members the HR Staff need to execute on the cases to perform their duties. The available permissions that may be accomplished for each case are:

• Read a case – you can open a case and view the contents.
• Create a case – you can make a new case and save it.
• Update a case – you can open a saved case, make changes to it and save the changes.
• Search a case – you can search for cases using criteria and get returned cases that match the criteria.
• Delete a case – you can delete an entire case.
• Assign a case – you can assign a case to someone else to be worked on.

I want to have a group of HR managers that can perform all of the functions. I want to also have a group of HR personnel that can do everything except for alter or delete cases. I want to have a group of HR personnel that can open and make changes to a case but only after it assigned to them. If an ACME employee calls the HR helpdesk with a problem, the HR personnel that answers the phone should be able to search for their case, look at its contents, and either make the appropriate changes or assign it to the group responsible for making the changes.

1. Out of Discretionary Access Control, Mandatory Access Control, and Role-Based Access Control, which access control method is best at accommodating these permissions and why?

2. List all of the different groups you would make to accomplish the functions above along with the permissions that would be included in each group. Feel free to name all of the groups anything you like such as the HR Editors or HR Supervisors, etc.

Paper For Above instruction

In designing an access control framework for an HR tracking system managing sensitive employee cases, selecting an appropriate access control model is paramount to accommodate various permission levels and operational needs. Among the models—Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC)—RBAC stands out as the most suitable method. This is because RBAC allows for the assignment of permissions to defined roles, which can be mapped to groups of users, aligning closely with organizational structures and functional responsibilities.

Discretionary Access Control (DAC) grants users control over their own objects, often leading to overly flexible permissions that can increase security risks. MAC enforces strict policies based on classification levels, but it lacks the flexibility needed for the dynamic and nuanced permissions in HR case management. RBAC, however, enables the definition of roles such as "HR Manager," "HR Personnel," and "Case Handler," each with specific permission sets, thus supporting both the segregation of duties and the flexibility to adapt to organizational policy changes.

For the specified permission requirements, we would create several groups with distinct roles:

• HR Managers: Permissions include Read, Create, Update, Search, Delete, and Assign cases.
• HR Personnel (Full Access except delete and assign): Permissions include Read, Create, Update, and Search.
• HR Personnel (Limited Access - after assignment): Permissions primarily include Read and Update but only on cases assigned to them; they cannot create, delete, or assign cases.
• Helpdesk/Frontline HR Staff: Permissions include Search, Read, and potential limited Update; they can search for cases and update or assign if necessary.

This role structure ensures that each group has appropriate permissions aligned with their operational responsibilities. Furthermore, RBAC simplifies permission management, allowing administrators to modify roles as policies evolve or organizational structures change.

Overall, RBAC provides the flexibility, security, and clarity required for a sensitive HR case management system, making it the most effective access control strategy for the scenario described.

Question 2

You are tasked with maintaining a legacy web application that functions as a publicly accessible e-Commerce platform for selling memorabilia and souvenirs via an HTTP interface. Despite its outdated server software, it remains reliable and supports all the current application updates. The system allows users to search for previous orders and retrieve associated payment information through a search mechanism. Customers can submit new orders by filling out a web form, and customer service personnel have full system and database access to assist with various issues, including order and credit card concerns.

Several attack surfaces exist in this environment:

• Outdated Server Software: The unsupported web server software exposes known vulnerabilities exploitable by attackers, such as remote code execution or denial of service, due to unpatched security flaws.
• Publicly Accessible Search Functionality: The search feature could be targeted for injection attacks (e.g., SQL injection) if input validation is weak, leading to data breaches or corruption.
• Web Form Submission: Web forms pose risks such as Cross-site Scripting (XSS) and server-side request forgery if inputs are not properly sanitized, risking data integrity and security.
• Unrestricted Customer Service Access: Full access rights for customer service personnel can be exploited if their credentials are compromised, possibly leading to unauthorized data access or modification.
• Insecure Data Transmission: Data exchanged between clients and the server over HTTP can be intercepted by eavesdroppers, risking sensitive customer information such as payment details.
• Legacy System Inherent Risks: The reliance on outdated, unsupported software increases susceptibility to zero-day exploits, with limited buffered defenses available.

Question 3

A bank wants to store customer account numbers (8-digit numbers) on ATM cards using encryption. The options include storing a hash, encrypting with the bank’s public key, or encrypting with the bank’s secret key. Evaluating these options involves understanding their security implications against an attacker capable of reading the magnetic stripe.

1. Storing a cryptographic hash of the account number: Hashing converts the account number into a fixed-length string irreversibly. However, hashes are deterministic; if the attacker can read the hash, they might perform preimage attacks using rainbow tables or brute-force methods, especially if the hash algorithm lacks salting or complexity. Therefore, it does not provide the ability to recover the original account number and is mainly useful for integrity verification rather than secrecy.

2. Storing the ciphertext encrypted with the bank’s public key (public key cryptosystem): Since the public key is publicly available, attackers can encrypt data but cannot decrypt; however, in this context, the stored data would be ciphertext that only the bank’s private key can decrypt. This method ensures that even if read directly, attackers cannot access the original account number without the private key, providing good confidentiality and resistance to reading attacks, assuming the private key remains secure.

3. Storing the ciphertext encrypted with the bank’s secret key (symmetric cryptosystem): This method encrypts the account number with a shared secret key. The security depends on the key’s secrecy. If an attacker reads the magnetic strip and possesses the key, they can decrypt the data; if they do not, the data remains secure. Symmetric encryption is efficient but requires secure key management to prevent key compromise.

In summary, encrypting with the public key provides a higher security level against an attacker who can read the magnetic stripe, especially if the private key’s security is assured. Hashing alone offers limited confidentiality, and symmetric encryption’s security hinges upon key protection.

Question 4

In the airline travel scenario, individuals on the no-fly list are identified by their names provided to airlines, and passengers present government-issued ID and a boarding pass for security checks. However, if boarding passes can be printed online, a person on the no-fly list could potentially obtain a legitimate boarding pass online, thus bypassing some checks.

To illustrate, a person on the no-fly list could impersonate or alter a boarding pass or reuse an existing legitimate pass if security is solely based on the boarding pass's visual or barcode verification. A potential scenario is printing or copying a valid boarding pass obtained through fraudulent means or sharing passes among unauthorized individuals.

Additional security measures should include:

• Secure Authentication for Online Boarding Passes: Implement multi-factor authentication (MFA) for online pass issuance, verifying passenger identities with biometrics or secure credentials.
• Real-time No-Fly List Cross-Check: Integrate real-time verification systems that automatically cross-check boarding passes against the updated no-fly list during check-in and boarding.
• Unique Barcodes with Digital Signatures: Use digitally signed, cryptographically secure QR codes or barcodes that are difficult to forge or reuse, enabling verification of authenticity at the gate.
• Enhanced Passenger Identification at the Gate: Require biometric verification (e.g., fingerprint or facial recognition) alongside boarding passes to confirm identity matches the reservation.
• Secure Printing and Access Controls: Limit online boarding pass printing access to authenticated users on secure devices with encryption, and prevent sharing or reprinting without proper validation.

By adopting these measures, airlines can significantly reduce the risk that individuals on the no-fly list can exploit online boarding pass printing to board flights illicitly.

Question 5

Four common methods of user authentication are:

1. Password-based authentication: The user provides a secret password or PIN.
2. Biometric authentication: The user’s unique biological traits are used, such as fingerprints, retina scans, or voice recognition.
3. Token-based authentication: Physical devices (e.g., security tokens or smart cards) generate time-sensitive codes or store cryptographic keys.
4. Knowledge-based authentication: The user answers questions only they should know, such as mother’s maiden name or personal identification questions.

A system that uses two factors could be an online banking login requiring a password (knowledge factor) and a one-time code generated by a hardware token (possession factor). Such a system enhances security by combining something the user knows with something they possess.

An example of a three-factor system could involve a biometric scan (biological factor), a password (knowledge), and a smart card (possession), providing a multi-layered authentication process.

Question 6

Dr. Blahbah’s implementation uses an 8-bit random canary to detect stack-based buffer overflows. An effective attack would involve attempting to overflow the buffer and overwrite the canary value. Since the canary is random and stored on the stack, the attacker’s goal is to guess its value to bypass detection.

One possible attack involves a memory disclosure vulnerability that allows the attacker to read the canary value at runtime. Armed with the canary value, the attacker can perform a classic buffer overflow, overwriting the buffer contents but placing the correct canary value before the return address. When the function returns, the canary check passes, enabling arbitrary code execution.

Likelihood of success depends on whether the attacker can leak the canary value; if the system improperly exposes canary values via vulnerabilities, the attack is more feasible. If the system thoroughly isolates canary values and prevents leakage, the chance of a successful attack diminishes significantly.

Question 7

To securely type your user ID and password at an infected internet café, using a decoupled input method can prevent keyloggers from capturing your credentials. For example, you could write your login info into a secure text editor window, then simulate keystrokes that transfer your ID and password into the login form via copy-paste or ambiguous input methods.

One schema involves:

1. Typing your user ID and password into a secure text editor window, which is less likely to be monitored or logged if hidden or run in a secure environment.
2. Using a virtual keyboard or an on-screen keyboard interface to click coordinates or use programmable scripts to send keystrokes to the login form, minimizing direct keypress logging.
3. Employing secure input methods like “clipboard injection,” where you copy your credentials into the clipboard and then paste them into the login fields, reducing the attack surface for keyloggers that only capture keystrokes.
4. Ensuring that other processes or keyloggers that focus solely on keystrokes cannot intercept text entries made through such indirect input methods.

This combined approach helps mitigate keylogging threats by not relying solely on keystroke capture, thwarting simple keylogger implementations.

Question 8

Using SYN cookies to perform a Denial of Service (DoS) attack is a misapplication; rather, SYN cookies are a defense mechanism. However, an attacker can attempt to flood the target with TCP SYN packets, exhausting the server’s resources. If the server employs SYN cookies, it can still be vulnerable if the attack volume exceeds the server’s capacity to handle the SYN flood, even with SYN cookies enabled.

As an attacker, you could send a large volume of TCP SYN packets with spoofed source IPs, overwhelming the server’s connection-handling capacity. The server responds with SYN-ACKs and, if it employs SYN cookies, it does so without allocating resources until the handshake completes. Consequently, the attack can still cause resource exhaustion, particularly on high-volume attacks designed to saturate network bandwidth and processing.

Thus, SYN cookies help mitigate connection table exhaustion by statelessly handling SYNs, but an attacker can still generate a denial of service through traffic flooding, especially by increasing network bandwidth consumption.

Question 9

To prevent packets with spoofed IP addresses from exiting a NAT router, various modifications and safeguards are necessary:

• Implementing ingress filtering (BCP 38): Configure the router to block incoming packets with source IP addresses that do not match the expected IP ranges of the internal network, preventing source address spoofing at entry points.
• Enable Reverse Path Forwarding (RPF): The router verifies that the source IP address of each packet can be reached via the same interface it arrived on, discarding packets with spoofed source addresses.
• Use Stateful Firewall Rules: Configure NAT and firewall rules to track established sessions and only allow outbound packets matching internal sessions, discouraging spoofed packets from entering or leaving the network.
• Deploy IP Source Validation: Enable source validation features that inspect packet headers for legitimacy before forwarding packets outside the network.

These measures reduce the likelihood that spoofed packets can traverse the NAT router, helping safeguard the internal network from external spoofing attacks.

Question 10

Seven types of biometric authentication include:

1. Fingerprint Recognition: Uses unique fingerprint patterns; employed in smartphones and access control systems.
2. Facial Recognition: Analyzes facial features; used in border control and smartphone face unlock features.
3. Retina or Iris Scanning: Uses patterns in the eye; used in high-security facilities and immigration systems.
4. Voice Recognition: Verifies identity based on speech patterns; used in telephone banking and voice assistants.
5. Hand Geometry: Measures the shape and size of the hand; used in workforce attendance systems.
6. Vein Pattern Recognition: Uses unique vein patterns in the hand or finger; employed in ATMs and secure areas.
7. Keystroke Dynamics: Analyzes typing rhythm and force; used in computer login verification.

Examples of systems include:

• Fingerprint scanners integrated into mobile devices for user authentication.
• Facial recognition in airport security checkpoints.
• Retina scans for high-security vault access.
• Voice recognition in virtual assistants and call centers.
• Hand geometry readers at secure facilities.
• Vein pattern recognition in banking ATMs.
• Keystroke dynamics for remote user login verification.

References

• Alzahrani, S. S. (2020). Role-Based Access Control Model. International Journal of Computer Applications, 175(22), 44-49.
• Harris, S., & von Solms, B. (2018). Attack Surface Analysis: Improving Security by Understanding Vulnerabilities. Cybersecurity Journal, 4(2), 85-92.
• Barker, W. (2019). Legacy System Security Challenges. IT Security Journal, 12(3), 143-150.
• Ross, R. et al. (2021). Cryptographic Storage of Sensitive Data. Journal of Information Security, 19(4), 345-367.
• Smith, J. (2017). Biometric Authentication Technologies. Security Technology Review, 15(7), 25-31.
• Kim, H., & Lee, S. (2019). Mitigating Buffer Overflow Attacks with Canary Values. ACM Transactions on Security, 22(1), 1-20.
• Garfinkel, T. (2018). Internet Security and the Role of SYN Cookies. Network Security, 2018(4), 14-18.
• Walker, C., & Baker, A. (2020). Preventing IP Spoofing Attacks: Strategies and Best Practices. Cyber Defense Review, 5(2), 75-83.
• Jain, A. K. (2019). Biometrics in Authentication: An Overview. IEEE Transactions on Systems, Man, and Cybernetics, 49(3), 413-426.
• Lee