Question

In: Computer Science

Really Cheap Used Computers, Inc. is an online seller of old school computers. The organization’s e-commerce...

Really Cheap Used Computers, Inc. is an online seller of old school computers. The organization’s e-commerce Web

site runs on a Linux server. The server is located at the organization’s local office in Boston, Massachusetts. The

company has experienced tremendous growth and has hired you as the new security analyst. You access the server

and find that there are no layers of security other than the passwords set for user accounts.

Discuss at least three layers of access control that can be put in place on this server to create a more secure

environment. Rationalize whether the given scenario represents discretionary access control (DAC) or mandatoryaccess control (MAC).

Participate in this discussion by engaging in a meaningful debate regarding your choices of the three layers of

access control in Linux. You must defend your choices with a valid rationale. Summarize your thoughts in a Word

document and submit it to your instructor

Should be 1-2 pages

Self-Assessment Checklist

I identified at least three layers of access controls that can be used to create a secure Linux server

environment.

I determined whether the given scenario represented DAC or MAC.

I engaged in a discussion of the assigned topic with at least two of my peers.

I supported my arguments with data and factual information.

I compared and contrasted my position with the perspectives offered by peers.

I raised questions and solicited peer and instructor input on the topics discussed.

I articulated my position clearly and logically.

I followed the submission requireme

Solutions

Expert Solution

One of the most vital security tasks is to maintain control over incoming network connections. As system administrator, there are many layers of control over these connections. At the lowest level unplug network cables, but this is rarely necessary unless your computer has been badly cracked beyond all trust. More realistically, you have the following levels of control in software, from general to service-specific:
Network interface - The interface can be brought entirely down and up.
Firewall - By setting firewall rules in the Linux kernel, you control the handling of incoming (and outgoing and forwarded) packets. This topic is covered in Chapter 2.
A superdaemon or Internet services daemon- A superdaemon controls the invocation of specific network services. Suppose the system receives an incoming request for a Telnet connection. The superdaemon could accept or reject it based on the source address, the time of day, the count of other Telnet connections open... or it could simply forbid all Telnet access. Superdaemons typically have a set of configuration files for controlling your many services conveniently in one place.
Individual network services - Any network service, such as sshd or ftpd, may have built-in access control facilities of its own. For example, sshd has its AllowUsers configuration keyword, ftpd has /etc/ftpaccess, and various services require user authentication.
These levels all play a part when a network service request arrives. This is considered a DAC (Discretionary Access Control) as it is not something the individual user controls as they are not an administrator, which only SELinux and AppArmor are examples of systems using MAC’s.


Related Solutions

This Homework would have two python files for a cheap online ticket seller. (You are free...
This Homework would have two python files for a cheap online ticket seller. (You are free to imagine a new scenario and change any part of the question.) The main purpose of the homework is to use basic concepts. You should try to use basic python elements like variables, if-else, loops, lists, dictionary, tuple, functions in this homework. *** Price list to calculate the price for various destinations--- New York : Price For Delta $ 200.00 (Economy), 300.00(Business), 400(First class)...
Activity 2: E-Commerce TASKS 2.1 Identify an online e-commerce store of your choice and clearly show...
Activity 2: E-Commerce TASKS 2.1 Identify an online e-commerce store of your choice and clearly show with evidence how they are abiding or diverting from the South African Protection of Personal Information Act 4 of 2013. 2.2 E-commerce stores adopt different Payment Systems for Electronic Commerce. Identify the different payment methods adopted by any clothing online store of your choice. Provide evidence supporting your responses. 2.3 Highlight security measures that have been adopted by e-commerce stores in South Africa and...
the rapid increase in e-commerce and the need for online access has increased the need for...
the rapid increase in e-commerce and the need for online access has increased the need for integrity controls. Integrity controls are integrated into the application and the database. Business managers want integrity but might not be willing to pay for the time and effort needed to develop comprehensive integrity controls. What arguments can a project manager present to persuade business owners that this investment in non-functional software is beneficial? How much effort is needed compared to developing functional business software?
What are the implications of the new information technologies (ERP, e-procurement, e-commerce, Online transactions, etc) on...
What are the implications of the new information technologies (ERP, e-procurement, e-commerce, Online transactions, etc) on contract management?
Auctions are widely used in finance, e-commerce, and in e-games. Identify three examples of auctions used...
Auctions are widely used in finance, e-commerce, and in e-games. Identify three examples of auctions used in finance, e-commerce, and/or e-games. Explain the following in-depth: o The need for an auction to uncover value in the product or service. o How the type of auction used to uncover the value of the product or service is better at uncovering value than other types of auctions.
Describe the differences between social e-commerce websites such as Groupon and online retailers such as Amazon....
Describe the differences between social e-commerce websites such as Groupon and online retailers such as Amazon. Describe them in detail.
e-commerce what could be an online business which could be started or already running but notnin...
e-commerce what could be an online business which could be started or already running but notnin everypart of the world( not that famous)? include business model and cost included. consider and examine business opportunities online thanks
Online sales are popular among consumers. Discuss the advantages of e‐commerce systems. What are the risks...
Online sales are popular among consumers. Discuss the advantages of e‐commerce systems. What are the risks to companies who use e‐commerce? What controls are needed to prevent these risks? Why should a company continuously monitor the capacity of its e‐commerce system?
This being for an online apparel E-Commerce business Describe ethical issues that could arise with your...
This being for an online apparel E-Commerce business Describe ethical issues that could arise with your company conducting electronic commerce. Make sure to include those that could occur in your relationship with vendors or other partners as well as with your customers. What steps would you take to ensure that the ethical issues that you identified would not occur in your company? Explore the taxes that are potentially levied on your company’s activities. For the purposes of this question, assume...
Online sales are popular among consumers. Discuss the advantages of e‐commerce systems. What are the risks...
Online sales are popular among consumers. Discuss the advantages of e‐commerce systems. What are the risks to companies who use e‐commerce? What controls are needed to prevent these risks? Why should a company continuously monitor the capacity of its e‐commerce system? Explain your ideas in your initial post.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT