ISY 143 Authentication Using Biometrics

ISY 143 Authentication Using Biometrics In recent years, biometrics have received a great deal of attention and biometric technologies are being used ...
Author: Shona Hubbard
4 downloads 0 Views 123KB Size
ISY 143 Authentication Using Biometrics In recent years, biometrics have received a great deal of attention and biometric technologies are being used for authentication. Hollywood seems to dramatize biometrics in movies. Discuss some of the prevalent myths about biometrics shown in the movies or television shows. Work alone or in a group of up to three students. Find a short, publicly available online movie or television clip involving biometrics, and analyze the clip to separate myth from reality. (What is meant by "publicly available" is that one should not need a subscription to Netflix, Hulu, etc. in order to view it.) Write a 2-3 page paper to provide brief answers to the following: 1. How accurately did the clip depict the current state of biometrics? Justify your answer. 2. In addition to the type of measurements depicted in your video clip, what are three other types of things can be measured now? 3. How would biometrics deal with the people with disabilities when they lack the physical traits the system requires? 4. What are some of the potential social and legal consequences of biometric implementations? 5. What may be the consequences when the security of your biometric data is compromised? 6. With your answers to the above five questions in mind, do you think that the benefits of using biometric security devices in contemporary society outweigh the individual privacy issues? Why or why not? Be sure to include a link in your paper to the movie clip. Note: To provide really thorough answers to these six questions, you would need to write a book, but for this exercise 1-2 paragraphs per question will suffice. The paper does not need to be comprehensive; it just needs to show that you have spent some time thinking about the issues involved in biometrics and that you have done some reading on the topic. Include a list of at least five references in your paper.

A DTCC instructor accidentally transposed two characters when entering a URL into a browser and came to the page depicted in the figure below. What hints are there that this is not a genuine offer of assistance? What type of attack was being attempted?

1. Suppose a boy wished to cause mischief with regard to his older sister's diary. What could he do with it or to it? List at least three things, then state whether each of the three would be violations of confidentiality, integrity, or availability. (They might violate all, some, one, or none of the CIA triad.) 2. What are tips to generating good passwords? (Do's, Don't's, generation ideas.) 3. Research one security breach and discuss what permitted the attacker(s) to succeed, what harm was done, and what lessons can be learned from the breach. If you were the Chief Security Officer for the breached company, what suggestions would you make to try to prevent a similar breach in the future? One good source of breach information is the SANS newsletters. (http://www.sans.org/newsletters/) The NewsBites provide brief discussions of security-related topics and often mention breaches; they provide links to additional sources which will provide more details. The @Risk newsletters are much more technically-oriented discussions which are geared toward people already wellversed in the field.) You may discuss any breaches which have been made public within the past half year and which have not already been discussed by a previous poster. (You may, of course, respond to previous posts, but such responses will not count toward your grade.) Your must make your post by the end of the Thursday of the tenth week of class. 4. How do you decide what to post on social media sites such as Facebook or Pinterest? What is your philosophy on what to make publicly available? Now consider how what you post publicly might be used by an attacker (a "black hat" hacker, a thief, a stalker, etc.) or by a prospective employer. An example: Penetration testers (pen testers) are ethical hackers who contract with companies or organizations to attack them (within clearly defined specifications) in order to see where the company's weaknesses are and to help them become more secure against malicious attackers. A pen tester once relayed a story in which he was supposed to get specific information from an individual who was highly placed in the company. The individual's computer was well protected, as was his physical office. But when the pen tester researched the company officer, he found out that the officer had made a couple of posting to a newsgroup dealing with stamp collecting. The pen tester then set up a bogus web site which displayed a fictitious stamp collection. The pen tester wrote a spear phishing e-mail to the officer in which he claimed that his uncle, a philatelist (i.e., a stamp collector) had passed away and left him his collection. The e-mail went on to stay that the person writing the letter was not into stamp collections and was trying to sell the stamps. Would the officer be interested in buying any of them? The e-mail included a link to the site. Unknown to the officer, when he visited the site, he became the victim of a drive-by download, meaning that some malicious software was installed on his computer. That was the means by which the pen tester was able to compromise the officer's computer and acquire the target information. This story shows how something that seems innocent to share (an interest in stamp collecting) can be used against one. Will having read this story change what you post online? Note: There is no one single "right" answer to how much or how little one should

share online: Clearly, it would not be wise to post one's credit card or social security numbers publicly, but different people will draw the line in different places: What one person would consider an appropriate level of sharing publicly, another might consider as being extremely insecure oversharing and a third might think is paranoid undersharing. 5. If you notice any instances of poor security in real life, post descriptions of them here. Please make the posts vague enough so that the post's readers would not be able to act on the information to attack an individual. For example, you might say, "I was walking past an office and I saw a sticky note with what appeared to be a password on it affixed to a monitor." Do NOT, however, say anything like, "I was walking past Mr. Jones's office at 333 S. Main Street and saw "GoEagles!12" on a sticky note attached to his monitor. I think that was his password."

Encryption Exercise Shift Cipher 1. Encryption a. Encode the following message using a shift 4 cipher Francis Bacon __________________________________________________________________

b. Now encode it using a shift 7 cipher.

__________________________________________________________________

2. The following messages have been encoded using a shift cipher with key 8. Decode. a. emtkwum bw bpm eiksg ewztl wn kzgxbwozixpg __________________________________________________________________ __________________________________________________________________

b. tivociom qa zmlcvlivb __________________________________________________________________ 3. Contrary to what you might think, the goal of a cryptographer is not to decrypt messages. The goal of a cryptographer is to find keys (because a key reveals a whole set of messages). The following message has been encoded using a shift cipher. What is the key? n ebfr ol nal bgure anzr

__________________________________________________________________

1

Monoalphabetic Substitution Cipher 4. Encrypt the following plaintext using the specified key: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B G I W H T A V J C K X R L S E Y M D Q F N U Z P O I DO NOT LIKE GREEN EGGS AND HAM __________________________________________________________________

5. Use the key above to decrypt the following: SLH MJLA QS MFXH QVHR BXX __________________________________________________________________

Transpositional Cipher 6. Decipher the following ciphertext: E I R L E Y

N

H N A A

P I R I D D

O A T W O E E

U N A E N

N H P W W

G E E R A

O G Y

C M D I D K R

The key used was as follows: 1-2-3-4-5-6-7-8-9  4-2-7-1-6-9-5-8-3

__________________________________________________________________

7. Encrypt the following plaintext using the given key: 2

Key: 1-2-3-4-5-6-7  6-2-4-1-5-7-3 Plaintext: may the force be with you

3

4

ISY 143 224 TCP/IP IP Addressing 1. Convert the following Dotted Decimal Notations to their Binary Equivalent.(24 pts) Network Address Subnet Mask Network Address Subnet Mask Network Address Subnet Mask

Dotted Decimal Binary Equivalent Dotted Notation Binary Equivalent Dotted Decimal Binary Equivalent Dotted Notation Binary Equivalent Dotted Decimal Binary Equivalent Dotted Notation Binary Equivalent

192.

168.

5.

0

255.

255.

255.

0

10.

0.

0.

0

255.

0.

0.

0

172

15.

0.

0

255.

255.

0.

0

2. Define the function of an IP address’s subnet mask. (3 pts)

_______________________________________________________________________

_______________________________________________________________________

3. Explain what is meant by using a slash notation (for example, /24) following an IP address. For example, what does the value 201.23.45.123/24 represent?(4 pts) _______________________________________________________________________ _______________________________________________________________________

4. A network has the network address 192.168.5.0/24. Determine which of the following IP addresses are within this network. (10 pts) IP Address Same/Different Network 192.168.5.10/24 192.168.6.10/24 192.168.5.11/24 1

192.168.7.12/26 192.168.5.13/24 192.168.5.254/24 172.16.5.15/16 19.168.5.16/8 192.168.5.10/24 The Function of the Default Gateway To determine if an IP address is local or remote, you must first convert the IP addresses and subnet masks to their binary values. You then perform the Boolean logic operation of AND on the IP addresses and subnet masks for each of the nodes and compare the results. If the results are the same (all 1’s and 0’s match), the hosts are on the same network segments. If the results do not match, the hosts are on different network segments. In Boolean logic, 0 AND 0 = 0, 1 AND 0 = 0, 0 AND 1 = 0, 1 AND 1 = 1. 1. Compare the following IP addresses and determine whether they are local (on the same network segment) or remote (on different segments): (5 pts) Host IP Address Host Subnet Mask Destination IP Address Local or Remote? 210.145.149.123 255.255.255.0 210.145.253.199 192.168.4.189 255.255.255.224 192.168.1.107 10.154.187.89 255.192.0.0 10.152.179.88 132.100.45.5 255.255.252.0 132.100.45.45 151.251.100.101 255.255.0.0 166.200.110.10 2. When a network host determines that a data packet is intended for a remote network, what does it do with the packet? (3 pts)

Static IP Addressing vs. Dynamic IP Addressing 1. What is static IP Addressing and how is it configured on a Windows computer? (4 pts)

2

2. Describe the function of the DHCP service on a TCP/IP network. (3 pts)

3. What are two ways to view a Windows computer’s TCP/IP configuration, including advanced settings such as the DHCP information? (4 pts)

TCP/IP Utilities At the command prompt enter the following commands, and give a brief description of the information displayed on the monitor. (4 pts ea)

1. arp –a

2. ipconfig

3. ipconfig /all

4. netstat /?

3

5. netstat -r

6. netstat -e

7. ping

8. tracert

9. tracert –h 8 192.31.7.130

10. nslookup cisco.com

4