Part 1
"Security Objectives" Please respond to the following:
· The confidentiality, integrity, availability (CIA) triad represents generic security goals. CIA is typically applied to specific areas of information technology as a metric or guideline for establishing or maintaining security. Apply CIA principles to email technology. Explain in detail how each of the three components of CIA can be satisfied in a typical email transaction from one user to another. Be sure to include specific technologies involved (such as digital certs, signed certs, encryption, etc.).
· Security today, in one way or another, depends on trust relationships. Describe two scenarios in which the trust relationship between a user (client) and e-Commerce site (server) may be violated after being granted digital certificates from the same certificate authority (CA). Also, determine some possible mitigation steps.
Part 2
"Necessary Filtering " Please respond to the following:
· Analyze in detail a non-stateful firewall's interaction with the transmission control protocol / Internet protocol (TCP / IP) stack as a packet arrives from an internal (trusted) interface and is destined for a network on its external interface. Describe the details of the decision-making process.
· As you may already be aware of by now, port 80 traffic possesses one of the largest security threats in the IT industry today. This is evident since in today's world the Internet is so powerful and is used for so many different purposes within any organization that it cannot be completely taken out of the picture. Explain in detail how a Web proxy might be used to detect malware from entering or leaving organizations.