Computer Security

1.

The Principle of Least Privilege means granting a user account only those privileges and rights that are essential in order for the user to perform his work. It is one of the most widely used information security method for enforcing access controls in an organizations. It is based on the concept of need-based access which implies that the user should be access to only those information assets which he needs to carry out tasks he has been assigned. For example, if a user is tasked with backing up data from local computers to local backup server, he/she does not need to have access to internet or install software: hence, the user has been given the privilege to only run backup related tasks and routine. Any other rights or privileges such as internet access, installing software should, therefore be blocked.

The principle is also followed in some UNIX variants, where a normal PC user has to open a privileged/superuser and password protected account when he/she needs to access system related files or to do something he/she is not entitled to do as a normal user.

2.

The host-based Intrusion Detection System are tools that have capability of read and interpret system logs related to various services and programs in order to detect if there's an abnormal activity. But IDS programs have certain limitations especially when running on severs which is hosting multiple services such Doman Name System, File Transfer Protocol sever, Web server and email sever.

The main problem with the IDS is that they cannot understand the unpredictable nature of the service requests these servers can relieve and thus creates a false alarm. Moreover, if the system is overloaded with excessive service requests, the IDS can be irresponsive at times thereby resulting in allowing the abnormal behavior to continue without alerting the administrator.

3.

Normally, FIN scans can evade firewall and packet filtering tools in case these devices and tools do no keep track of individual communications but dynamic packet filters and stateful filtering devices are increasingly used today in order to effectively detect and deter FIN and ACK scan. Dynamic packet filters are intelligent tools designed in such a way as to make control and forwarding decisions on network traffic based on the attributes and state of the packet being sent. Since these devices use state tables, these tables allow the firewalls to keep track of the individual communication thereby enabling the device to make decision on the basis of packets' state i.e. ACK, FIN or SYN.

The problem with the dynamic packet filters are that they cannot make packet filtering decisions on the basis of payload or protocol being used in the communication. But stateful filtering removes this limitation by adding the desire functionality of protocol and payload based filtering.

4.

The tile IV and more specifically the Section 404 of the Sarbanes-Oxley enforces Information Technology security controls for business organizations. In order to implement the controls defined under Section 404 for the purpose of protecting banking assets, the management of banking ...