Exercise 1
THILAKAM D/O KASINATHAN
MC1311BC5205
EXERCISE 1 (NETWORK SECURITTY) 5/2/2015
Question: Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement.
Confidentiality requirements: confidentiality means ensuring that information is not accessed by unauthorized persons. In the given scenario, the communication channel between the ATM and the bank must be encrypted the PIN must be encrypted (wherever it is stored). It should be displayed in symbol form such as ( XXX or ***) even when the authorized user insert the pin number in ATM. The confidentiality is very important since the transactions information’s are case sensitive and any case of breach might lead to huge loss. Integrity requirements: Integrity means ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users. The actions performed via the ATM must be associated to the account associated with the card. It must protect the integrity of account records and of individual transactions. It is more important to secure the integrity since the transactions involve multiple parties and their money.
Availability requirements: Availability means ensuring that a system is operational and functional at a given moment. The system must be able to serve at least X concurrent users at any given time. The system must be available 99.9% of the time. Availability of the host system is important to the economic well being of the bank. The availability of individual teller machines and server is of less concern.
MC1311BC5205
EXERCISE 1 (NETWORK SECURITTY) 5/2/2015
Question: Consider an automated teller machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity, and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirement.
Confidentiality requirements: confidentiality means ensuring that information is not accessed by unauthorized persons. In the given scenario, the communication channel between the ATM and the bank must be encrypted the PIN must be encrypted (wherever it is stored). It should be displayed in symbol form such as ( XXX or ***) even when the authorized user insert the pin number in ATM. The confidentiality is very important since the transactions information’s are case sensitive and any case of breach might lead to huge loss. Integrity requirements: Integrity means ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users. The actions performed via the ATM must be associated to the account associated with the card. It must protect the integrity of account records and of individual transactions. It is more important to secure the integrity since the transactions involve multiple parties and their money.
Availability requirements: Availability means ensuring that a system is operational and functional at a given moment. The system must be able to serve at least X concurrent users at any given time. The system must be available 99.9% of the time. Availability of the host system is important to the economic well being of the bank. The availability of individual teller machines and server is of less concern.