Puzzle of the Day
An instructor in a computer security class wishes to give her students
a structured penetration exercise. The students will analyze the system
from manuals and through regular use, hypothesis flaws, and test them.
If the flaw exists, they will then analyze why the flaw occurred, how
it might be corrected, and attempt to generalize it to find other
flaws. Any security flaws will be reported to the manufacturer of the
system.
-
If the exercise were to be run locally (that is, the system is
connected to a local area network, and participants have physical
access, what steps would you suggest to ensure no problems (such as
violating the department's security policy) arose?
-
Now suppose the exercise were to be run over the Internet using a
geographically remote system. How would your answer to the first
question change?
You can also see this document as a
Binhex Framemaker version 5 document,
Postscript document,
or a
plain ASCII text document.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 2/8/97