Assignment 4 - Host Security

Discussion Questions

1. (DUE February 22, 2006 by midnight EDT) Briefly answer the following two questions:
   • What was the most surprising thing you learned in chapter 6?
   • What was the most difficult part of chapter 6 for you?
2. (DUE February 23, 2006 before midnight (11:59 p.m. EST)) Select one of the following questions to discuss in detail through the threaded discussion.
   • Review http://csc.ColumbusState.edu/summers/Chaut2003/security/LAB-4.htm for a description of how to lock down the computer. What features are important? What shouldn't we worry about?
   • In "Linux vs. Windows: Which Is More Secure?" [http://www.eweek.com/article2/0,1759,1557459,00.asp], postulates that both Linux and Windows can be deployed securely, but we are constantly "reminded" that Linux is "more" secure than Windows. Discuss your views on this. What if we include the Apple Macintosh in this discussion? Are Macintoshes more secure than Windows?
   • The article "New IE Exploit Spoofs Web Sites" [http://www.eweek.com/article2/0,1759,1743407,00.asp] discusses the responsibilities of reporting vulnerabilities. Should security researchers report vulnerabilites only to the software vendor? How long should they wait before reporting them to the public? What are the software vendors responsibilities for patching vulnerabilities?
   • Microsoft defines a critical vulnerability as "A vulnerability whose exploitation could allow the propagation of an Internet worm without user action" and an important vulnerability as "A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources." Steve Gibson in his podcast Security Now 22: The WMF Backdoor discusses the rational for Microsoft's definitions. Discuss your views are whether compromising the CIA of user's data should be considered "critical".
3. (DUE February 28, 2006 before midnight (11:59 p.m. EST)) Select a discussion from one or more of your classmates and respond to their comments.