CSCD 303 Essential Computer Security
Takehome Midterm - Fall 2017

Due: Friday, Nov. 3rd, 2017     Worth: 100 points

Instructions
This is a takehome exam which means that you can take it home or work on it here at school, but please do the work individually. You can ask me for help in order to clarify what I am asking or for suggestions on places to look for references.

If the question asks you to provide a reference, please provide one. Actually look up a reference for the answer or points will be taken off. The reason you are asked for a reference is for you to start getting familiar with supporting your views with evidence.

Answer all the questions to the best of your ability. That means, don't skip a question. This test is not supposed to be time limited which means you can take your time and look up information you don't know. Never leave an answer blank ... bad strategy on a test. Even if you guess, you will likely get some points for the answer. And, if you are really, really confused as to what I am asking, just email me and I will answer ... in a reasonable time.

Cite references used for questions that needed extra research. URL's, books etc.

Questions

  1. Access to computer resources is a large part of the current security model. Answer the following questions related to access control.
    a. We discussed authentication. What is multi-factor authentication and why is it preferred to single factor authentication?
    b. We did a lab exercise with "Passfaces". Would using Passfaces combined with passwords be an example of multi-factor authentication? Explain your answer.
  2. As stated in class, most computer systems these days have vulnerabilities.
    a. How would you know your computer has vulnerabilities? What tools would you use to discover them? What websites or outside sources would you consult?
    b. How would you propose fixing your system? Describe activities, tools, you would use.
  3. We briefly discussed Operating System security.
    a. What design features make an OS more secure?
    b. Pick an OS. Argue that it is better than X (fill in the blank). There is no right answer
  4. Hacktivism is Hacking Combined with Activism. In your opinion, is Hacktivism a legitimate form of activism? Provide an example to support your opinion - No one right answer.
  5. Your computer is slowing down noticeably when you are online. It also occasionally reboots or acts strangely when you run a lot of applications at once. What would you do to discover or diagnose what might be wrong with your machine?
  6. Lets say you have a small business with several employees. Some of them have access to the computer system and all employee records and financial data. How would you protect yourself from social engineering? Specifically, what training or policies would you implement to protect against that threat.
  7. You have decided to become an elite virus writer. Its always been a secret dream. What would you do to write a virus that escapes detection?
  8. Data breaches have become common place. We only mentioned them in class.
    a. How would you discover if your "private" data has been compromised? SSN, Health Records, Bank Card data.
    b. What steps can you take to monitor your identity and identifying information?
  9. Discussed the latest Ransomeware briefly. Stephen Heath also mentioned it in his talk. Who is supposed to be responsible for the latest Ransomeware? What is their goal?
  10. There is a program that computes hashes of the binaries on your system. Stores them in a Database. Periodically, you scan your computer or the program does it automatically and compares the hashes to the stored Database of hashes. Differences are flagged as potential problems. What kind of program is this? What is the purpose of this activity?

Turn In

Type your answers to the above questions and turn in a printed copy during class.