Puzzle of the Day

An instructor in a computer security class wishes to give her students a structured penetration exercise. The students will analyze the system from manuals and through regular use, hypothesis flaws, and test them. If the flaw exists, they will then analyze why the flaw occurred, how it might be corrected, and attempt to generalize it to find other flaws. Any security flaws will be reported to the manufacturer of the system.

  1. If the exercise were to be run locally (that is, the system is connected to a local area network, and participants have physical access, what steps would you suggest to ensure no problems (such as violating the department's security policy) arose?
  2. Now suppose the exercise were to be run over the Internet using a geographically remote system. How would your answer to the first question change?

You can also see this document as a Binhex Framemaker version 5 document, Postscript document, or a plain ASCII text document.
Send email to cs153@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 2/8/97