- Should security be designed from inside the network where critical data reside to outside? Why or why not?
Even though threats from the outside cost a company millions of dollars, these can easily be prevented through traditional security approaches. On the contrary, threats from the insider are very difficult to detect and prevent using one-size-fits all security approaches. As a result, it is advisable that with their complexity and increase, security should be designed from the inside as this is where critical data resides. This is to help deal with both malicious and unintentional data security threats. According to Jouini, Rabai and Aissa (2014), this would help deal with threats from the inside since insiders have easy access to sensitive information regularly and can leak or steal it easily when compared to outsiders.
- Pick an algorithm for any one of these types (e.g., DES, AES, RSA, MD5) and describe how it works and where it is applied (for example, SSL uses 3DES or DES) for message encryption.
Public key cryptography depends on the existence of mathematical functions of one-way functions, which are easy to compute. A good example is RSA is used for numerous software products in key exchange, encryption of small data blocks, and digital signatures. RSA uses a varied size key and a variable size encryption block. The key-pair comes from a large number known as n usually a product of two prime numbers that are chosen following special rules. However, if the n number is created from prime factors of the same size, it might be impossible to solve the problem at hand (Kessler, 2013).
- Unfortunately, this is not a true reflection of the actual security of the system. Explain the problem of computer-supplied passwords.
The major problem was that the computer-generated passwords could not easily be remembered. As a result, users were forced to save it on their computers and this encouraged stealing of sensitive data by other insiders using their colleagues’ passwords. It was also possible to generate the same password for multiple users and this risked the internally stored information (Stallings & Brown, 2018).
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489-496.
Kessler, G. (2013). Overview of cryptography. Retrieved from: http://www.garykessler.net/library/crypto.html#intro
Stallings, W., & Brown, L. (2018). Computer security: Principles and practice. London: Pearson Education, Incorporated.