* 1 *

Solutions hints

  1. Is a good graphical user interface an appropriate criterion for buying a security product? It might be. For instance, the example of the program where it is too easy to hit the wrong button. This actually occurred on the Norwegian stock exchange.
  2. Suppose you are starting a new business which deals with a secret new technology. Describe, in overview, how you would design a secure work environment for the company. Think of physical issues, software issues and work practices. Think about physical procedures, passes, identity cards. Then think about the placement of people and computers. Is it easy to look over someone's shoulder, or gain access to others' computers when they are not there. Think about the network. Hosts with secrets should not be on the internet. Think file permissions and access controls. Firewalls. Social engineering: could someone fool and employee into breaking security? Could someone tap the network and plant listening devices? Use of encryption. Restriction of employees' freedom at work.
  3. How would you use the Unix find command to find files which were writable by anyone? How would you use cfengine to do this?
    # GNU find
     find / -perm +02
    # cfengine
      actionsequence = ( files )
      / mode=-02 recurse=inf action=warnall
      # or mode=o-w