User Account

All Pages

How does someone apply for a digital certificate

Assignment Help Computer Network Security
Reference no: EM132182515

QUESTIONS

1. This question is about the public key used in web site encryption. The key is called a "digital certificate". Web sites with encryption start with https not http.

a. Go to your favorite encrypted web site, such as a bank, or any web site which asks for a password.

Click on the padlock symbol, and it will tell you the name of the company that issued the digital certificate for the web site.

Alternatively, you could just pick a company from the list of recognized digital certificates for the Mozilla web browser

Either way, find the name of a company that issues digital certificates for web sites.

b. Go to the web site of that company that issues digital certificates. Look up their contact details, and write down the company's street address and phone number.

c. Browse the web site of the company that sells digital certificate. Find how much does it cost for a digital certificate for a year? (Use the cheapest choice, e.g., single-name certificate).

d. How does someone apply for a digital certificate from this company? Do they ask for a driver's licence? An incorporation certificate? Or do they only ask that you generate a CSR (certificate signing request), which a web server program can make using its domain name.

e. In your opinion, could a criminal obtain a digital certificate from this company? Could they use it for a phishing web site? Why or why not?

2. A few short questions about computer security.

a. Anti-virus software is popular for Microsoft Windows. Find the typical detection rate for popular anti-virus software. Please give recent references for what you find (i.e., since 2018 began, or as new as possible)

b. Using the web, find out one recently severe distributed denial of service (DDoS) attack. Who and how did they launch the attack? What were the damages?

c. How big is the biggest botnet currently in use? What country is it likely to have come from? Please give references for what you find.

Note that the BredoLab Botnet (also known as Oficla) used to run on about thirty million computers, but it was mostly dismantled back in 2010.

3. For identity theft events,

Click on "Data Breaches", and then scroll down a little, and for the types of breaches and organizations, pick "Select All", but only for the year 2018.

a. For identity thefts in 2018, scroll down and find one that's fairly large (at least 10,000 people).

Briefly describe the date, the organization, how many people were affected, and what happened. (2 marks)

b. Click on the back button to return to the search page, and this time pick "Select All" for all 3 choices,

Instead of scrolling down the list, look for the button to download all the breaches as a single spreadsheet.

Just above that button is the "Records total:" that says how many people have had their personal data stolen. Is that bigger than the population of the world?

c. Download the large spreadsheet, and highlight all columns, so you can sort the lines by column F, "Total Records". What is the biggest security breach, and how many people had their personal information stolen? Briefly describe the date, the organization, how many people were affected, and what happened.

4. Some fun questions about criminal web sites.

a. Go to the web site and write down how many web sites there are in the world today.

b. Scroll down a little, and look for how many web sites have been hacked today. How many have been hacked so far today?

c. Practically every 4-letter domain name in ".com" has already been registered. Make up five different random 4-letter domain names, such as (as a random example) tiyu.com ptjh.com cjqx.com and so forth.

Use thewhois search to look up those random 4-letter domain names, and find out how many of them are registered.

Of your 5 random 4-letter domain names:
• How many are registered?
• From Whois, what is the name of the contact person? It should be listed as "Registrant Name"?
• Is there a phone number, email address, or physical address?
d. For one of the registered domain names (or if they're all unregistered, try zzz4.com as that's a real web site). For the web site, run a traceroute program on your computer, or go to a web site with a traceroute interface (look for one on Google).

Using traceroute, can you find in which country (and, if you can figure it out, which city) is the web site physically hosted?

5. Remember how your phone's MAC address lets people track where you go?

a. For your favorite type of phone or laptop (Android / iPhone / Windows / Apple / etc.), search for a free app that lets you change your MAC address to a different MAC address. What is the name of one such app?

b. Search for a review of that program. Does the review seem positive or negative? If you were a criminal (or just interested in privacy) would this program be good enough for you to use for changing your MAC address? Why or why not?

c. Go to the Google news web site, and search for change mac address

Are there any news articles about computer network security? Pick one news story, and briefly describe what it's about.

6. There are several organizations that sell spy software, which turns your mobile phone into a spying machine. These organizations include:

Pick just one of the above, and do some reading about their spy software (for example, each kind of spy software has its own Wikipedia article).

a. Can anyone buy this software? Or do they only sell it to governments? (Usually corrupt dictatorships with poor human rights records)?

b. Has the software been sold to corrupt dictatorships, and other governments with poor records on human rights?

c. What kind of data do they steal? Is it only the Apple iPhone? Or every kind of mobile phone? Conversations in Skype? Keylogging? Stealing Bitcoin from your cryptocurrency wallet? Or what?

d. Find a recent (within the last year or so) news story, which mentions this software. Give a short summary of the news story.

7. Cost-benefit analysis!Your company's web site is sometimes broken into by hackers, with the following estimates of probabilities and costs:

• Each day there is a 0.4% chancethat a script kiddie will only deface the web site, but cause no other damage. This would cost only $10,000 in lost sales.

• Each day there is a 0.2% chance (once everythree hundred days) that an expert hacker will delete data and steal customers' credit card numbers, costing $250,000.

• Remember how hackers stole all the data from Ashley Madison and killed the company? We estimate that each day there is a 0.02% chance (once in ten thousand days) that an expert hacker will steal all the company's data, costing $1,000,000.

The big boss wants you to advise on which of these three solutions to buy:

I. We could do nothing and accept the problem.

II. A nice IBM firewall costs a huge $50,000 per year. It claims to prevent all script kiddie hackers and 95% of expert hackers.

III. A cheap Microsoft firewall costs only $8,000 per year. It claims to prevent 90% of script kiddie hackers and 50% of expert hackers.

The big boss wants you to advise which to choose. Feel free to use a spreadsheet or calculator or whatever you find the most convenient to answer these questions:
• Calculate the annualized loss expectancy (ALE) for the three kinds of hacker attacks. What is the total annual loss expectancy?
• For the three possible solutions, calculate the total annualized loss expectancy (ALE) if that solution was used?
• Calculate the cost-benefit of the three different solutions
• If the boss asks, is there a large difference between the solutions (are two solutions about the same), or is there a clear winner?
• A magazine article claims that the IBM firewall doesn't stop 95% of expert hackers, it only stops 90% of expert hackers. Would this small difference cause you to change your advice?
• The Microsoft salesperson offers to reduce the price from $8,000 per year, to completely free. Would free software change your advice?

Attachment:- Assignment.rar

Reference no: EM132182515

Questions Cloud

Concepts of natural law define the formulation of a social : What does natural law mean to these theorists and. How do their concepts of natural law define the formulation of a social contract?
How does aristotle contradict this in politics : In Plato's Republic, does Socrates' succeed in creating a unified government and if so, how does Aristotle contradict this in Politics?
Identify the global societal problem : Describe background information on how that problem developed or came into existence.
Discuss how crime can be controlled and prevented : Crime control and prevention is one of the most discussed topics in criminal justice. In examining these topics, how crime can be controlled and prevented
How does someone apply for a digital certificate : CP5603 – ADVANCED E-SECURITY - How does someone apply for a digital certificate from this company? Do they ask for a driver's licence
Independence a remarkable political statement for its time : Why was the Declaration of Independence a remarkable political statement for its time?
What are the most important ways regimes : What are the most important ways regimes are preserved and destroyed, according to Aristotles politics.
What voter groups do you need to target : How do you get out the vote? Given your issue stands, what voter groups do you need to target? What is the general party identification distribution.
Explain the ethical approach concerning means : Reflective Journal - Ethics of Means and Ends - Explain the ethical approach concerning means and ends that you would apply

Reviews

len2182515

12/1/2018 1:29:54 AM

Please answer the following questions You can read any documents, or talk to any people, or ask the lecturer. Feel free to discuss the issues with your classmates, or with anyone else. Make sure you write your own answers.

Write a Review

Computer Network Security Questions & Answers

  Discuss physical and logical vulnerabilities

A first step to developing an enterprise security plan is to identify the specific vulnerabilities and related risks facing an organization. This list should be fairly exhaustive. Many vulnerability and threat pairs will not make the final cut for..

  Identify the risk and reasoning provide a brief description

Describe the business environment and identify the risk and reasoning Provide a brief description of all the important areas of the business environment.

  Explain the added challenges of securing wireless devices

Explain the added challenges of securing wireless devices versus securing LAN-connected devices. Imagine you are starting a new small- to-midsized cybercafe business from the ground up. Explain which areas of your network would be LAN based and wh..

  Cluster architecture for the servers and databases

What type of OS to use along with the file system and why is this architecture is better than others? Will you use the same OS for servers and Desktops? Will your file system of choice provide security?

  Difference between cryptography and cryptanalysis

discussion of the difference between cryptography and cryptanalysis - comparative analysis of symmetric and asymmetric cryptographic protocols

  You have been hired as the system administrator for msp llc

desktop migration proposalyou have been hired as system administrator for msp llc. your first task involves in

  Discuss how this and other information security

write a 1400- to 2100-word paper that describes the security authentication process.discuss how this and other

  Calculate tom utility-maximizing purchases of x and y

Tom's income is $480and he spends it on two goods, X and Y. His utility function is U = XY. Both X and Y sells for $8 per unit.

  Virtualization software and operating systems

Write a one page synopsis of your experience in loading the virtualization software and operating systems. Include what you learned in the process.

  Analyse the various approaches for mitigating security risk

This assignment is for students to meet parts of the following learning outcomes. Be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk

  How are students with exceptional needs

What is the impact of Common Core on education today? How are students with exceptional needs affected by this new initiative?

  What is difference between ssl connection and a ssl session

What is DKIM? What protocols comprise SSL? What is the difference between and SSL connection and an SSL session?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd