Puzzle for October 11, 2006

An instructor in a computer security class wishes to give her students a structured penetration exercise. The students will analyze the system from manuals and through regular use, hypothesis flaws, and test them. If the flaw exists, they will then analyze why the flaw occurred, how it might be corrected, and attempt to generalize it to find other flaws. Any security flaws will be reported to the manufacturer of the system.

  1. If the exercise were to be run locally (that is, the system is connected to a local area network, and participants have physical access, what steps would you suggest to ensure no problems (such as violating the department's security policy) arose?
  2. Now suppose the exercise were to be run over the Internet using a geographically remote system. How would your answer to the first question change?
You can also obtain a PDF version of this. Version of October 8, 2006 at 10:11 PM