Assignment 2 - Access Control and Site Security

Discussion Questions

1. (DUE February 1, 2006 by midnight EDT) Briefly answer the following two questions:
   • What was the most surprising thing you learned in chapters 2,3?
   • What was the most difficult part of chapters 2,3 for you?
2. (DUE February 2, 2006 before midnight (11:59 p.m. EST)) Select one of the following questions to discuss in detail through the threaded discussion.
   • The university is discussing a change in password policy that would require all passwords be changed every 45 days. Currently at CSU, only our Novell login password needs to be changed every 45 days. Many of us use four or five passwords in our daily activities. At lunch this week, several of us were discussing this issue. Several faculty stated that "in the old days", they had one randomly generated password that never changed and that "was good enough." Present a convincing argument for either making or not making this change to the password policy.
   • A computer system uses biometrics to authenticate users. Discuss ways in which an attacker might try and spoof the system.
   • Discussing authentication systems, especially passwords always generates lots of discussion. Describe your ideal password policy.
3. (DUE February 7, 2006 before midnight (11:59 p.m. EST)) Select a discussion from one or more of your classmates and respond to their comments.