Security, Risk Management and Control in Electronic Commerce
Understanding the concept
March 18, 2020Commission of Experts of the President of the United Nations General Assembly
March 18, 2020Security, Risk Management and Control in Electronic Commerce
Security, Risk Management and Control in Electronic Commerce
Paper instructions:
This is an exam with a short answers.
The required is rewrite the answers with more explanation to cover well the required of theses questions with a totally different way (By using the other
vocabularies aim to giving the same answers mean PLUS more explanation).
The plagiarism from the answers in the uploaded document is totally unacceptable.
Security, Risk Management, and Control in Electronic Commerce
Part A: Short Answer- this part consists of 4 questions. Each question is worth 5 marks. You must attempt all 4 questions for a total of 20 marks.
1. (5 points) Risk Strategies
Analyze each of the following situation in terms of risk exposures. Identify and explain the risk management approaches that would be the most appropriate (cost
effective) for each situation.
Situation Selected approach and justification of the choice
A space shuttle, when entering earth’s atmosphere caught fire. The black box , which logs all states of the shuttle, flew off and presumably landed somewhere on earh.
At a university, the new student couyrse registration system ran into implementation delays by two weeks. It was rolled out on the first day of registration for the
next semester. Until noon that day, the system was down. Those students with first priority could not register on time.
Microsoft informed company X that based on its calculation, it estimates compmay X shlould have more software licences that Microsoft customer record shows.
A subcontarctor who worked in the compant IS department had access to sensitive files. On his last day, he emailed the company’s customer to himself.
2. (5 points) Chinese wall policy
Suppose you work for a company with a Chinese wall security policy with clients in the following conflict classes:
? { Cadbury, Nestle }
? { Ford, Chrysler, GM }
? { Citicorp, Credit Lyonnais, Deutsche Bank }
? { Microsoft }
Assume that Ted, an analyst of the company, has previously worked on cases for Nestle and Citicorp, and he is awaiting for a new assignment.
Question 1
As the security officer of the company, list any of the company’s clients for whom Ted will not be able to work as his next assignment. You can assume that Ted can
work for a client for whom he has previously worked.
Question 2
Assume that two of your colleagues Ali and Sally are currently working on the following cases:
? Ali is working on Neslte, GM, and CitiCorp.
? Sally is working on Nestle, GM, and Credit Lyonnais
Your job is to determine the read/write/execute rights of Ali and Sally on the different objects.
3. (5 points) Security Models
The Graph below represent the security levels of the staff ina large organization.
The arrows represent a specific operation.
By examining the graph below, can you determine which security model applies given that :
a) The operation represented by the arrow is a write statement? Justify your answer
b) The operation represented by the arrow is a read statement? Justify your answer
4. (5 points) Contingency Planning
You are the Chief Information Security Officer of an E-commerce Company. You have received notification from your network security administrator of a worm attack.
The message says:
? the anti-malware softwarev had detected a worm atatck. The incident response team tried to stop the worm unsuccesfully.
? The worm has spread through a software vulnerability in database management system software you are running on twenty computers on the network.
? When the attack is discovered, the worm has infected three database servers, including a mission critical server that is not redundant.
Your network security administrator has launched the disaster recovery plan. Since he is a new hire, you want to make sure that:
? he follows just the required steps of the plan
? he follows them in the proper order
Your task will be to identify the steps he should take and to rank them by the order in which he should take them.
You will do so by:
? Placing a number next to each step.
? Placing an X next to the actions you should not perform.
Since you are mentoring this new manager, you will also justify the choice of the required steps as well as the way you ranked them.
Action Should be performed (yes/no) Ranking if it should be performed
Shut down all infected systems.
Notify management.
Remove all infected systems from the network.
Visit the vendor’s website to locate a security update.
Reformat all infected systems.
Replace all infected systems with spares.
Part B: Problem. This part consists of 4 problems. each problem is worth 12.5 marks. You mut attempt all 4 problems for a total of 50 marks.
1. (13 points) Qualitative risk analysis
Consider an e-commerce Web site that normally runs seven days a week, 24 hours a day, generating an average of $2,000 per hour in revenue from customer orders.
? Experience has shown that the site becomes unavailable due to operating systems failure three times a week.
? At each operating system failure, the site is unavailable for 2 hours.
? In addition, the company estimates that upon a failure, it would spend $10,000 on advertising to counteract the negative publicity from such an incident.
? An upgrade of the operating system will eliminate the threat, but it will cost the company 1000,000 dollars a year.
The company has also a farm of backup servers for its data mining activity.
? This farm of servers is valued at 1,500,000 dollars.
? It is estimated that a fire will result in damages worth 85 % to this asset.
? Inspectors from the Fire Department have estimated that a fire can occur once every two years in the present situation.
? You received a proposition of a fire prevention system that would reduce likelihood of a fire to once every 5 years with damages of only 15% of the asset. The
fire prevention system costs 1,750,000 dollars
The same e-commerce server faces the threats of programming mistakes. In the past, experience has shown that programmer’s mistakes occur about ten times a month, and
that each mistake leads to the web site unavailability for half an hour. You have leanrt about a training program for your programmers that would cut by 90% the
occurrence of programming errors by your programmers.
This program costs $ 4000,000
As the Information Security Officer, you are to conduct a risk analysis to determine whether to accept or reject the solutions offered. Base your decision on a
cost/benefit analysis.
2. (13 points) Digital Signature
Comparing Digital signature (DS) and Message authentication codes (MAC).
Asuume that Oscar is able to observe all messages sent from Bob to Alice and Vice versa.
Oscar has no knowledge of any keys except the public ones in case DS is used.
State whether and how (i) DS and (ii) MAc protect against each type of attack. The value of Auth(x) is computed with DS or a MAC algortithm respectively.
You can assume that When Alice signs a message , she uses her privte key.
You can also assume that when a MAC algorithm is used, the MAC algorithm uses a secret (symmetric) key known to both parties included in the communication. You can
asssume that:
Alice and Bob use a key Kab when they use the MAC algorithm.
Alice and Oscar use a key Kao when they use the MAC algorithm.
Scenarios Result of the scenario if a digital signature is used for the Authentication(X) Result of the scenario if a Message Authentication Code MAC is used
for the Authentication(X)
Message Integrity: Alice sends a message X=” Transfer 1000 dhs to Mark” in the clear, and also sends Auth(X) to BOB.
Oscar intercepts the message, and replaces “Mark” with “Oscar”. Can Bob detect this?
Replay: Alice sends a message X=” Transfer 1000 dhs to Oscar ” in the clear, and also sends Auth(X) to BOB. Oscar observes the message and signature and sends the
message 100 times to Bob. Will Bob detect this?
Sender Authentication with cheating third party:
Oscar claims that he sent some message X with a valid Auth(X) to Bob but Alice claims the same. Can Bob clear the question with either case?
Authentication with Bob Cheating: Bob claims that he received a message X with a valid signature Auth(X) from Alice ( e.g., “Transfer 1000 dh from Alice to Bob”) but
Alice claims she never sent it. Can Alice clear this question in either case?
3. (13 points) Firewalls
SMTP ( Simple mail transfer protocol) is the standard protocol for transferring mail between hosts over TCP. A TCP connection is set up between a user agent and a
server program. The server listens on TCP port 25 for incoming connection requests. The user end of the connection in on TCP port number above 1023. Suppose you wish
to build packet filter rule set allowing inbound and outbound SMTP traffic. You generate the following rule set:
Rule direction Src addr Dest addr Protocol Dest port Action
A In External Internal TCP 25 Permit
B Out Internal External TCP > 1023 Permit
C Out Internal External TCP 25 Permit
D In External Internal TCP >1023 Permit
E Either Any Any Any Any Deny
1. Describe the effect of each rule
2. Your host has IP address 172.16.1.1. Someone tries to send e-mail from a remote host with IP address 192.168.3.4. If successful, this generates an SMTP
dialogue between the remote user and the SMTP server on your host consisting of SMPT commands and mail. Additionally, assume that a user on your host tries to send e-
mail to the SMTP server on the remote system.
3. Four packets are shown in the table below. For each packet indicate which packets are permitted, which are denied, and which rules were used.
Packet Direction Src addr Dest Addr Protocol Dest port Action
1 In 192.168.3.4 172.16.1.1 TCP 25 ?
2 Out 172.16.1.1 192.168.3.4 TCP 1234 ?
3 Out 172.16.1.1 192.168.3.4 TCP 25 ?
4 In 192.168.3.4 172.16.1.1 TCP 1357 ?
4. Someone from the outside world( 10.1.2.3) attempts to open a connection from port 5150 on a remote host to the web proxy server on port 8080on one of your
local hosts (172.16.3.4) in order to carry out an attack. Typical packets are:
Packet Direction Src addr Dest Addr Protocol Dest port Action
5 In 10.1.2.3 172.16.3.4 TCP 8080
6 Out 172.16.3.4 10.1.2.3 TCP 5150
4. (13 points) Intrusion Detection Systems (IDS’s)
When searching for an purchasing an IDS, you need to know a little about how an IDS works. There are two methods used by IDSs to detect potential attacks:
? knowledge-based
? or behavior-based.
Understanding the differences and similarities between the two can help you make the right decision for your requirements.
Question
The table below has two entries , one for each type of IDS’s. You are also provided with a a list of statements that describe one or both of them. Check the boxes
for the letters that best describes each type of IDS
Statements
A. Requires signature updates.
B. Can detect new or original attacks.
C. Generally has a lower rate of false positives.
D. Also called a statistical anomaly IDS.
E. Can be added to the network as an inline NIDS.
F. Works best on a network with consistent access patterns.
G. Also called a signature-based IDS.
IDS Types A B C D E F G
Behavior-based
Knowledge-based
Location of an IDS
The position of an IDS on the network will determine how effective it is at detecting suspicious activity that is an actual threat to a network resource. The figure
belwo show the network diagram of a Dubai Limited, a trading company in Dubai.
? Server1 and Server3 are file servers.
? Server2 is a remote access server used by employees who are working from home or distant locations.
Possible locations for an IDS are shown as boxes labeled A through E.
Network Diagram of Dubai limited
Table 8 contains a list of statements that apply to one or more of the positions indicated in Figure 12-1. Check the boxes for the letters that best describes each
type of IDS.
Table 8. Description of IDS’s
Statements A B C D E
Can identify potential attacks with Server2 as the target.
Best for analyzing the effectiveness of the firewall between the Internet and the perimeter network.
Known as a host-based IDS.
Best for protecting against attacks against Server1, Server2, or Server3 that have breached both firewalls.
Will generate too many alarms to be useful.
Known as a network-based IDS.
Can detect a potential attack through a dial-in connection.
Part C: Essay- This part consists of three questions. You must attempt the mandatory question worth 20 marks plus one optional question woth 10 marks.
1. (20 points) CISCO Case Study
a) Why did Cisco Systems transit from standalone physical access control systems to an IP networked systems?
b) What challenges did Cisco Systems face in order to solve the physical security problems?
c) How did the new architecture solve the physical access control problem? Explain.
d) How did Cisco Systems solve the physical security problems?
e) What security technologies did Cisco deploy to control building security?
f) Even though the employees in the Cisco Systems have doubled the STS team remains the same, why?
2. (8 points) Working with Proxy Servers and Application-Level Firewalls
Ron Hall was dreaming of his next vacation. He had been working for Andy Ying, the manager of the security consulting group, on a very demanding project for nearly six
months. Today he finally finished the work and had a few minutes to surf the Web to plan his upcoming trip to New Zealand. Ron knew that ATI did not allow
indiscriminate Web surfing and that they used a proxy server to ensure compliance with this policy, but he felt he had earned this treat and believed that Andy would
have no problems with a little recreational Web surfing. Besides, it was almost 5:00 and nearly time to go home. Google was allowed by the proxy server, so Ron went
there to start his search. He typed in “new zealand vacation spots.” Faster than he could blink, the giant search engine Google came back with a list of relevant
links. The first entry looked promising: “New Zealand Tourism Online: New Zealand Travel Guide.” But the second one looked even better: “New Zealand Pictures.” He
clicked that URL. No pictures opened up. No green valleys. No coral reefs. No gorgeous mountains. Just a plain white screen with black letters that read:
“ACCESS PROHIBITED—CONTACT PROXY SERVER ADMINISTRATOR FOR INSTRUCTIONS ON HOW TO ACCESS THE REQUESTED CONTENT.”
Ron was not surprised, but he had hoped. He clicked the “Back” button and tried the next link. He got the same message. He tried three or four more times and then
realized he was not getting any pictures today. Ron got to his desk a little early the next morning. He turned on his PC and went to get a cup of coffee while it
booted up. When he got back he opened his email program. In the list of new email was a note from the network security group. He opened the message and saw it had been
addressed to him and to Andy Ying, his boss. It also had a CC to the HR department. The message said:
“Recently, your account was used to access Web content that has not been approved for use inside ATI. We are asking you to explain your actions to your supervisor. You
are encouraged to enroll in a class on appropriate use of the Internet at ATI at your earliest convenience. Until you complete the class or your supervisor contacts
this office, your network privileges have been suspended. If this access attempt was for legitimate business purposes, please have your supervisor notify us at once so
that this Web location can be added to the ATI approved Web locations list.”
What a hassle. Ron did not look forward to his conversation with Andy.
Questions:
? Does the ATI policy on Web usage seem harsh to you?
? Why or why not?
? Do you think Ron was justified in his actions?
How should Andy react to this situation if Ron is known to be a reliable and a diligent employee?
3. (8 points) Authenticating Users
Niki Simpson was in the conference room waiting for the training session to begin. She was at the session because her user account credentials had been used by an
unidentified attacker, attempting to access the school computer system. She had been an employee of the local school district for 12 years, and this was her first
formal training in information security. Three hours and thirty minutes later, Niki closed her workbook.
The trainer said, “And that concludes the basic information security training session for school district employees. Are there any questions?”
Niki raised her hand. When the trainer acknowledged her, she said, “OK. I understand that the district policy is to have a twelve character password of nonsense
syllables that are changed by the system every 30 days. I also understand we are not supposed to write the new passwords down on anything. Any suggestions on how I am
supposed to remember this password?” The trainer said, “I really can’t say. I suppose you’ll just have to memorize the new password before you clear the screen when it
is assigned to you.”
Niki’s mouth dropped open. She said to the trainer, “That’s easy for you to say, but I think I’m going to have a hard time with that.” The day after her remedial
security class, Niki got a call at her office from the help desk. The technician on the other end said that her account had been reset and she could log on again and
her temporary password would be her employee ID number and then the last 4 digits of her social security number.
A short while later, she was ready to try to connect to the system for the first time in a week—her access had been suspended until she took the training class. She
turned on her computer, and after it had booted, she entered her username and password as instructed. The next screen that opened said that her password had been
reset. It displayed her new password as a series of twelve letters, numbers, and special characters, and then provided a brief mnemonic nonsense phrase. She saw:
HA YU M2 KA Y! I7
Hello All, You’re Unhappy, Me Too, Keep Apples, Yes Bang, It’s Seven.
Questions
? Does the school district’s password policy seem to be effective, considering the needs of the employees affected?
? How would you suggest the district IT department adjust its password approach? Consider how your recommendations might improve or degrade compliance with the
policy.
? How would your suggestions alter the strength of the passwords?
Security, Risk Management, and Control in Electronic Commerce
Answer Section
SHORT ANSWER
1. ANS:
Situation Selected approach and justification of the choice
A space shuttle, when entering earth’s atmosphere caught fire. The black box , which logs all states of the shuttle, flew off and presumably landed somewhere on earh.
A. Risk reduction. Proactive measures can be taken to prevent a loss from occurring and minimizes the losses from the consequences of a risk.
At a university, the new student couyrse registration system ran into implementation delays by two weeks. It was rolled out on the first day of registration for the
next semester. Until noon that day, the system was down. Those students with first priority could not register on time. B. Risk reduction will save the system due to
implementation problems. At the reduced level, the risk still needs to be managed, using either risk retention or risk transfer.
Microsoft informed company X that based on its calculation, it estimates compmay X shlould have more software licences that Microsoft customer record shows. C.
Risk retention. Absorbing the consequences of any exposures within it may be more cost effective to use risk retention depending on the differences of licenses versus
non licensed software. If the difference is high, risk sharing may be the next step.
A subcob=ntarctor who worked in the compant IS department had access to sensitive files. On his last day, he emailed the company’s customer to himself. D.
Risk reduction. In this instance, taking away the subcontractor’s privileges to prevent a loss from occurring helps eliminate risk in a cost effective manner.
PTS: 5 REF: rav 2, E 2
2. ANS:
see lecture
Chinese wall policy
Suppose you work for a company with a Chinese wall security policy with clients in the following conflict classes:
? { Cadbury, Nestle }
? { Ford, Chrysler, GM }
? { Citicorp, Credit Lyonnais, Deutsche Bank }
? { Microsoft }
Assume that Ted, an analyst of the company, has previously worked on cases for Nestle and Citicorp, and he is awaiting for a new assignment.
Question 1 5 marks
As the security officer of the company, list any of the company’s clients for whom Ted will not be able to work as his next assignment. You can assume that Ted can
work for a client for whom he has previously worked.
Answer:
Let
? CC1={ Cadbury, Nestle }
? CC2={ Ford, Chrysler, GM }
? CC3={ Citicorp, Credit Lyonnais, Deutsche Bank }
? CC4={ Microsoft }
Ted has worked on cases related to Nestle from CC1 and Citicorp from CC2. Thus, he will not be able to work on the following companies:
? Cadbury from CC1
? Credit Lyonnais, , Deutsche Bank from CC2
Question 2
Assume that two of your colleagues Ali and Sally are currently working on the following cases:
? Ali is working on Neslte, GM, and CitiCorp.
? Sally is working on Nestle, GM, and Credit Lyonnais
Your job is to determine the read/write/execute rights of Ali and Sally on the different objects.
Write property 2 marks
8marks credit Lyonnais 1 marks/ Citicorp 1 marks others: 2/3 mark
Neslte GM CitiCorp Credit Lyonnais Microsoft
Ali RE RE RWE RE
Sally RE RE RWE RE
PTS: 5
3. ANS:
The Graph below represent the security levels of the staff ina large organization.
The arrows represent a specific operation.
By examining the graph below, can you determine which security model applies given that :
a) The operation represented by the arrow is a write statement? Justify your answer
if the operation is a write statement, there is a write down – BIBA model
information is flowing from upper levels to lwoer levels. This is valid in the bIBAl model.
b) The operation represented by the arrow is a read statement? Justify your answer
if the operation is a read statement there is a read down BLP Model.
A read down is allowed in the BLP model.
PTS: 5
4. ANS:
_________ Shut down all infected systems.
_____1____ Notify management.
_____2____ Remove all infected systems from the network.
_____4___ Visit the vendor’s website to locate a security update.
_________ Reformat all infected systems.
_____3____ Replace all infected systems with spares.
PTS: 5
PROBLEM
1. ANS:
k
PTS: 13
2. ANS:
Scenarios Result of the scenario if a digital signature is used for the Authentication(X) Result of the scenario if a Message Authentication Code MAC is used
for the Authentication(X)
Message Integrity: Alice sends a message X=” Transfer 1000 dhs to Mark” in the clear, and also sends Auth(X) to BOB.
Oscar intercepts the message, and replaces “Mark” with “Oscar”. Can Bob detect this? will be detected will be detected
Replay: Alice sends a message X=” Transfer 1000 dhs to Oscar ” in the clear, and also sends Auth(X) to BOB. Oscar observes the message and signature and sends the
message 100 times to Bob. Will Bob detect this? wont be detectded wont be detectded
Sender Authentication with cheating third party:
Oscar claims that he sent some message X with a valid Auth(X) to Bob but Alice claims the same. Can Bob clear the question with either case? (i) DS: Bob simply has
to verify the message with the public key from both.
Obviously, only Alice’s public key results in a successful verification.
(ii) MAC: Bob has to challenge both, Oscar and Bob, to reveal their secret key to
him (which he knows anyway). Only Bob can do that.
Authentication with Bob Cheating: Bob claims that he received a message X with a valid signature Auth(X) from Alice ( e.g., “Transfer 1000 dh from Alice to Bob”) but
Alice claims she never sent it. Can Alice clear this question in either case? DS: Alice has to force Bob to prove his claim by sending her a copy of the
message in question with the signature. Then Alice can show that message and
signature can be verified with Bob’s public key ) Bob must have generated the message. (ii) MAC: No, Bob can claim that Alice generated this message.
hha. Will be detected with both (i) DS and (ii) MAC.
b. Won’t be detected by either (Remark: use timestamps).
c. (i) DS: Bob simply has to verify the message with the public key from both.
Obviously, only Alice’s public key results in a successful verification.
(ii) MAC: Bob has to challenge both, Oscar and Bob, to reveal their secret key to
him (which he knows anyway). Only Bob can do that.
d. (i) DS: Alice has to force Bob to prove his claim by sending her a copy of the
message in question with the signature. Then Alice can show that message and
signature can be verified with Bob’s public key ) Bob must have generated the
message.
(ii) MAC: No, Bob can claim hat Alice generated this message.
PTS: 13
3. ANS:
Firewalls
SMTP ( Simple mail transfer protocol) is the standard protocol for transferring mail between hosts over TCP. A TCP connection is set up between a user agent and a
server program. The server listens on TCP port 25 for incoming connection requests. The user end of the connection in on TCP port number above 1023. Suppose you wish
to build packet filter rule set allowing inbound and outbound SMTP traffic. You generate the following rule set:
Rule direction Src addr Dest addr Protocol Dest port Action
A In External Internal TCP 25 Permit
B Out Internal External TCP > 1023 Permit
C Out Internal External TCP 25 Permit
D In External Internal TCP >1023 Permit
E Either Any Any Any Any Deny
1. Describe the effect of eac
