Security vulnerabilities may be introduced when changes and
patches are made to a system. Assume that you are working for
an organization that is seriously concerned about such
introduced
vulnerabilities. Identify what they should
do with respect to the Common Criteria if they want to have
high assurance that they will not face such vulnerabilities.
This includes two parts:
You'll find needed documents at NIST. Limit your answers to two pages of 11 point text (or equivalent).
You are asked to set up a system for telecommuting: People with hosts outside the firewall will be able to connect to hosts inside the firewall (provided they authenticate succesfully.) Management has heard about both SSL and IPsec, and would like you to build a solution on top of one of those. You may want to look at Bishop problem 26.9.8 for more ideas on the issues involved.
For this question, briefly discuss the advantages/disadvantages of building on top of either SSL or IPsec to secure the desired telecommuting, e.g., does one provide a needed capability that the other doesn't? Does one have a security and/or performance advantage over the other?
Please limit your answer to 1 page, briefly noting the key differences and why they matter to the given application.
Complete the following exercises from the book.
Electronic submission preferred, using the turnin command (on mentor.ics.purdue.edu or expert.ics.purdue.edu, turnin -c cs526 -p asn7 filename). Pdf is the safest for capturing non-text, please check with the TA for formats other than text or pdf. Hard copy is acceptable, please hand in at the beginning of class.