Question

Question 1: You are working in a university as an IT specialist, and due to the pandemic, the university has decided to allow its employees to work from home. Your line manager has asked you to develop a security proposal that allows the university employees to work from home in a secure manner while using the public cloud/Internet. In this context, answer the following: a. What could go wrong if the university allows its lecturers to access student records from home using conventional, non-secure means? Discuss under the ambit of the three aims of security? b. What secure solution would you propose to your line manager? Define what it is along with its advantages directly in relation to the issues identified above. c. What additional training will your proposed solution require from an end-user perspective?

Answer 1

1. A) A non-secured communication between two channels may affect the data we transfer. That is the data transfer from one end to another end do not have any security mechanisms between them.

Here the lecturers are using their student data in a conventional and non-secure manner.

A conventional data communication means it is basically using a wired communication. That is the data transfer is carried between wires. The main advantage of this system is, it is easy to install and fix. But the devices are immobile. So, we cannot easily move the network as we wish. The speed and security of data may be compromised in the conventional data communication.

So, a non-secured and conventional communication have:

1. Less speed of data

2. Less security

3. Quality of Service is less

4. Easy to install and fix

5. The devices are immobile.

6. Costly.

7. Losses are high

8. Bandwidth are low.

The unsecured communication we mainly seen on the web browser. That is, while using a web browser. It shows like http and https. The http is hyper text transfer protocol and https is hyper text transfer protocol secured. Basically, these two are used for transferring data from the source to the destination. And the difference between them is https is secured connection.

A security of data can be assured in many ways. Which are

1. Hiding the content.

That is while communicating the data may be hide from the source and it can be revealed at the destination only. So, the intermediators or the interceptors cannot access the data.

We can apply some methods to access the data hiding. They are:

1. Code

2. Encryption.

3. Obfuscation

4. Steganography.

5. Identity based.

2. Hiding the parties.

That is no one can identify the source and the destination of data.

1. Crowds

2. Anonymous communication devices.

3. Anonymous proxies.

3. Hiding the fact that communication takes place.

1. Random Traffic

2. Security by obscurity.

b) secured solution

For securing the communication, we can use some security tools.

1. Encryption.

The data can be encrypted from the source side and decrypted by the destination side. So, the unauthorized users cannot access the data.

2. Steganography.

Steganography is the hidden writing. That is data can be hidden within other more innocuous data.

3. Identity based network.

Unwanted or malicious behaviour is possible on the web since the internet is inherently anonymous.

4. Anonymized networks.

Anonymous networking has been used to secure communication.

5. Anonymous Communication Devices.

So, the anonymous communication device may a threat.

These precautionary measures may be protect the data which are accessed by the employees to their students.

C) And in terms of end-user perspective the data may get secured otherwise it get accessed by the unauthorised user. And it may lead to data loss. So, they need an additional training to the employee who can always part of the student data.

The training may get

Data security

Integrity

And Confidentiality.

These factors may secure the data communication more effective.