Software Security Assignment : Arizona State University

Both Wireshark and NetWitness Investigator can be used for packet capture and analysis. Which tool is preferred for each task, and why?

     On September 24, 2010, a laptop was stolen from an unlocked Urology office at the Henry Ford Health Systems hospital. The laptop did contain password protection software; however, it may not have been enough to permit access if the thief had advanced knowledge in computers. Additionally, the information stored on the laptop did not include social security or health insurance information, but instead held “patient names, medical record numbers, dates of birth, telephone numbers, e-mail addresses, and treatment and doctor visits” (Moscaritolo, 2010, p. 1). It is unknown how many records were contained on the laptop, but all records were related to prostate services that were provided during an eleven year span.

In Extensible Authentication Protocol, a random set of authentication mechanism is used such as using smart cards or certificates or using user’s credentials. Primarily the WLAN uses EAP for the purpose of passing messages during the authentication process.

Eavesdropping is when an attacker snoops or sniffs on a victim’s communication for example an attacker has access to the victim’s network and they can listen in or read the traffic flowing through the network. This is the biggest security vulnerability that admin’s have to face in an organisation, it cannot be prevented but it can be greatly reduced by strong encryption services making it harder to read data by others.

In Jim Harper’s essay “Web Users Get as Much as They Give” (546), he states that “Most web sites track users, particularly through the use of cookies, little text files placed on Web surfers’ computers. Sites use cookies to customize a visitor’s experience.” This does make it hard to have privacy, but what Harper may not have considered is the good things about the cookies being stored. If someone were looking something up and they press the “stay logged in” button, they could close their browser and start back up where they left off, by staying logged in. This helps people who have a bad memory, or who browse the web frequently without remembering all the sites they

The authentication method used to verify the user (and server) credentials on WPA/WPA2-Enterprise networks is defined in the IEEE 802.1X standard. This requires an external server called a Remote Authentication Dial In User Service (RADIUS) or Authentication, Authorization, and Accounting (AAA) server, which is used for a variety of network protocols and environments including

Using proxy software Burp Suite it was discovered that the shopping site contained a hidden form field that could be manipulated.

(40 points) In college-level paragraph(s), describe how background traffic affects both e-mail data and VoIP data.

What is Operating System Security, Operating system security is the process of ensuring OS integrity, confidentiality and availability also OS security refers to specified steps used to protect the OS from threats, viruses, worms, malware or remote hacker. OS security include all avoiding-control techniques, which safeguard any computer information from being stolen, edited or deleted if OS security is included. OS security allows different applications and programs to perform required tasks and stop unauthorized interference. OS security may be applied in many ways. We 're going to discuss following topics in this article. A brief description about security and what are the types of encryption and what is Authentication, One Time passwords, Program Threats, System Threats and Computer Security Classifications.

Since 1972, ASP Security Systems have been helping people all around Eastern Connecticut and Western Rhode Island stay safe and secure. Based in Waterford, CT, they are a comprehensive security company that specializes in surveillance systems and alarm monitoring as well as fire safety. They are dedicated to providing the best protection possible and they know that when it comes to fire safety, regularly scheduled fire alarm inspections go a long way.

This Report will give an overview of Linux security and the features of SELinux (Security Enhanced Linux). This report will be split into 4 sections, Section 1 will be the introduction that will describe what I am being asked to undertake for this coursework. Section 2 will be on Linux security that will have a description of a Discretionary Access Control (DAC) and Mandatory Access Control, along with a comparison of them both. Section 3 will be the Apache server directory configuration and shell script, this will show an account of my work on the configuration of the serving directory in order to allow pages to be served using the apache web server while SELinux is enabled and in enforcing mode. This section will also include an account of a bash script shell that will test the security configurations. This section will be presented in the report with the use of screenshots along with a detailed description of the commands performed and what the screenshots show. Section 4 will contain the conclusion and this will include my thoughts on the work that I have undertaken and on the capabilities of SELinux.

We must also learn why the user depends too much on the internet. We must identify the reason behind this study. According to Kaye (1998), he identified that six possible motives for using the internet are entertainment, social, interaction, pass time, escape, information and website preference.

Faults are a precise interaction of hardware and software that can be fixed given enough time.

All the computers, in the logically and physically networks have to follow the same rules known as Protocols such as TCP/IP, IPX/SPX and NETBEUI etc. Today, there are many computer networking technologies such as LAN, MAN, WAN, WLAN, ISDN, ATM, Frame Relay, X.25, Bluetooth,

(12) PadSteg was implemented across a functioning LAN, with network devices placed in different laboratories across the University (Jankowski, et. al., 2012). (13) The study focused on steganographic bandwidth and it's undetectability, culminating across a five-day period (Jankowski, et. al., 2012). (14) Jankowski (2012) listed the different upper layered protocols such as HTTP, SSH, UDP, SSL, FTP, PNP, LLC, SMTP, ARP, and ICMP being monitored across Wireshark, he also listed the protocols: TCP, ARP, ICMP, and UDP that generated padded Ethernet frames. (15) Jankowski (2012) focused on TCP, and ARP request, measuring which ARP request was used most frequently: ARP request, ARP replies, and Gratuitous ARP, padded and improper padded Ethernet frames. (16) The study generated thirty-seven million packets, with an average of seven point forty-three million packets daily for observation (Jankowski, et. al., 2012). (17) By implementing measurable components such as steganographic bandwidth per network device, protocol segment padding against improper padded protocol segments, and time restraints, Jankowski (2012) demonstrated an experimental quantitative study based on Salkind's (2012) research criteria.