(Ethics and security) Essay Example

Ethics and Security

Question 1

What are the differences between computer vulnerabilities and exploits? Visit a reputable security website such as www.auscert.org.au and summarize the top 3 vulnerabilities and exploits.

Computer vulnerabilities and exploits are issues that are related to computer security. Computer vulnerability is a weakness which makes it possible for an intruder or an attacker to decrease a system’s assurance. Computer vulnerability has three elements. They include the existence of a flaw within a system, the attacker’s accessibility to the flaw and the possibility of the attacker to exploit the flaw to his advantage and the disadvantage of the owner of the system.

Computer exploits are pieces of software, sequences of commands or chunks of data that take advantage of an existing glitch, bug or vulnerability and, eventually, causes unanticipated or unintended behavior to occur on computer hardware, software or anything electronic computer exploits lead to privilege intensification (Edward 21).

Computer vulnerabilities and computer exploits are both issues of securities that affect the computer system differently. Vulnerability can only occur through the involvement of a third party. A computer exploit on the other does not require the presence of an intruder in order fro it to harm a system. There are various types of vulnerabilities and exploits.

  1. Weak Passwords

A password is a key to one’s computer. It is very important that one keeps it confidential because if a hacker accesses one’s password, the hacker has access to the computer and any other in the same network connected to that computer. Having weak passwords also creates vulnerability.

  1. Insecure Modems

It is highly impossible for a computer to pose a huge risk by itself. Most of the risks borne by the computer are transferred by the devices that may be attached to the computer. One of the most significant vulnerabilities is a modem connected to a computer. The network connections from a modem may pose risks if the computer is an insecure neighborhood. It is, therefore, advisable for individual to take necessary precautions in order to avoid any unpleasantness (Dieter 9).

  1. Viruses and other Infections

A virus is an extremely small computer code usually contained in another computer program and eventually affects other computers. Just like any other virus, it causes infections and may even lead to the destruction of the computer. Most viruses are caused through the diskettes that are insecure being plunged into the computer.

Question 2

Critique the relevance of three (3) of the general security principles which guide a firm’s security-architecture design. Provide one real life example of a security incident such as the Sony PlayStation break-in which could have been mitigated using the security principles.

In order to remain secure and enhance security of computer systems and other systems in a company, it is vital that a company’s management implements general security principles. This helps in mitigating the risks involved. These principles include:

  1. Restriction

Restriction ensures that only identified individuals have access to particular information. This minimizes access and also inhibits communication. This principle may be effective. However, reduced or ineffective communication may lead to ineffectiveness within the firm. It may also lead to lack of co-ordination (Dieter 12).

  1. Fail-safe Defaults

Default-action is the denial of access. If there is no action, this means that the systems are completely secure. Fail- safe default principle may cause denial of access in cases of emergency. As a result, things may lack to be taken care of in good time due to the implementation of the principle.

  1. Least Privilege

A subject in charge of taking care of any system is only entitled to the privileges requited for the completion of the task. This may be disadvantageous in cases of need for immediate measures. The lack of the subject’s knowledge may lead to discrepancies within the firm.

A real life example of a security breach in a firm is the case of Sony Play Station break-in. The company suffered vulnerability when a hacker broke into the company’s network and managed to obtain addresses, names, credit card data and passwords of over 77 million individuals. This security breach cost the company huge losses resulting from the loss of the clients (Matt 14).

If the Japanese company had implemented the restriction principle effectively, it would have prevented the hacker from entering into the premises and obtaining all the information. This would have mitigated the risk involved and the largely reduced the losses that the company incurred. This is a clear indication that the security principles of firm’s security-architecture design

Question 3

Explain why the product of two relatively simple ciphers, such as a substitution and transposition, can achieve a high degree of security. Research and report on one (1) commercial encryption technology a firm could use to secure its data.

Transposition and substitution ciphers are ciphers used in conventional cryptography. Substitution and transposition vary in the manner that chunks of the data are handled by the encryption process.

The use of two ciphers is very beneficial since it helps overcome the weaknesses of each of the cipher. Eventually, a higher degree of security is achieved.

The National Security Agency is responsible for the encryption of the US systems. For instance the Rotor machines were encrypted in the 1940s and 1960s. This was developed into develop versions from first generation to the fifth generation (Edward 23).

Question 4

How can a web administrator distinguish between lack of capacity and a DOS attack? Is it technically possible to separate legitimate spikes in traffic from a deliberate attack?

A Denial-of-service (DOS) attack is the act of denying access to the intended use of computers. This can be prevented through the implementation of various precautions for instance the use of firewalls, routers, switches among others. A web administrator may be in a position to differentiate between lacks of capacity through the implementation of the various precautions mentioned above. Also, of the DOS attack is manifested over a large location may be easier to identify (Diane &Todd 16).

It is theoretically possible to separate legitimate spikes in traffic from a deliberate attack. However, this is not possible for technically. This is because it is almost impossible to identify a possible attack as the spikes are in traffic. This is because they are similar. The only precaution that separates possible attacks and mitigates risks is through the implementation of the identified principles and security design measures. This may not necessarily do away with the entire problem. However, this could reduce the risk borne within a system.

Therefore, it is the duty of the web administrators to come up with a way of ensuring that they implement the best strategy in order to ensure that their systems remain safe and secured. This could prevent deliberate attacks in order to continue serving the users of the available sites.

Works cited

Amoroso,G. Edward. Fundamentals of computer security technology. Michigan: PTR Prentice

Hall, 1994.

Barrett, Diane & King,Todd. Computer networking illuminated. New Zealand: Jones & Bartlett

Learning, 2005.

Bishop, Matt. Computer security: art and science. California: Addison-Wesley Professional,

Gollmann,Dieter. Computer Security. London: John Wiley and Sons, 2011.