- Answers vary, as you can pick your own videos.
- Security Through Obscurity refers to a system’s attempt to implement security by keeping aspects of its implementation or architecture secret, as opposed to keeping these things open and implementing security via strong cryptographic keys. This technique has been considered to be a poor strategy since at least the 1850s, because:
- If a key is compromised, you can change it. If your secret algorithm is compromised, you are toast.
- It is better to rely on published, well-known, key-based algorithms that have been hammered on and studied in massive detail by thousands of cryptographic experts for years.
There are certain environments in which obscurity techniques can be employed, but never on their own, but only in addition to more accepted techniques.
-
- An example of a failure of confidentiality is the leakage of information (e.g., back account information, PII, Credit card numbers) to someone that is not supposed to have it.
- An example of a failure of integrity is allowing an update of an entity to an illegal (e.g., out of range) value.
- An example of a failure of availability is a program crashing.
- Authentication is verifying an identity is who they say they are. Authorization is verifying whether or not an identity is allowed to do the operation they are trying to do.
- Answers vary here, but you will be graded on:
- Did you do three from each language?
- Are all nine well “spread out” among all the rules and very different from each other? For example, you might choose for C an INT, a MEM, and a MSC; but for C++ choose a CTR, a FIO, and a DCL; and for Java choose a MET, an EXP, and an LCK.
- Did you write well?
- Did you cover the essence of the rule in your own words?
- Did you use your own example of non-conforming code?
- Did you use your own example of conforming code?