2808ICT/7623ICT Information and Security Management Supplementary Assessment Supplementary Tasks This is an

2808ICT/7623ICT Information and Security Management

Supplementary Assessment

Supplementary Tasks

This is an individual task. You need to submit a report on Learning@Griffith.

PART A. Learning Summary (25%)

Write a summary on the concepts you learned in Lectures B and H. The summary should cover the following topics.

The general concepts of access control and how it is used in databases.

How do file/directory permissions work in Linux systems?

How to use SQL command to grant various privileges in MySQL databases?

Word limit: The text should not exceed one A4 page in a 12pt font.

PART B. Risk Assessment (25%)

As part of a formal risk assessment of the Cyber Range, the following assets and threats are identified.

Complete the table by suggesting reasonable values for the items in the risk register.

Write a couple of sentences on each risk to provide justifications for your choice.

 Asset

Threat/

Vulnerability

Existing

Controls

Likelihood

Consequence

Level of Risk

Confidentiality of student grade data

Unauthorized access to the grades

Integrity of student grade data

Students changing their grades

Confidentiality of student account information

Leak of students’ account information

Integrity of the grading system software

Malware attack to lock or delete critical information

Availability of the course information

Students cannot access course information from the website

PART C. Linux Access Control (25%)

Step 1. Start SEEDubuntu VM and the Terminal, and create a new user with your snumber, following the instructions from Lab A. Provide at least one screenshot for each step, and make sure your screenshots include your snumber.

Use long listing ls -l to display the files and subdirectories in your current directory.

Step 2. Make a subdirectory named www in your home directory. Use long listing to display the permissions of the subdirectory.

Q1: Please give screenshots and describe the permissions in terms of what the owner, the group, and others can(not) do.

Change the permissions to give read, write, and execute permissions to the owner and the group of the directory. Use long listing to display the new permissions.

Q2: Please give screenshots and describe how you can tell the change is successful.

Step 3. Enter into the www subdirectory. Create a file named index.html. Use long listing to display the permissions of the file.

Q3: Please give screenshots and describe the permissions in terms of what the owner, the group, and others can(not) do.

Change the permissions to give read and execute permissions to everyone (including the file owner, the group owner, and others). Use long listing to display the new permissions.

Q4: Please give screenshots and describe the permissions in terms of what the owner, the group, and others can(not) do.

Step 4. Change the owner and the group of index.html to be the root. Use long listing to display the permissions.

Q5: Please give screenshots and explain what you did.

PART D. Database Access Control (25%)

Step 1. Start phpMyAdmin and import the SQL script dept_staff.sql (following the instruction in Lab G). You should now have a database company. Have a look at the structure of the tables and the data in them.

Step 2. Use SQL to create the following user accounts.

staff name

user name

host name

password

Sue Burnus

sue

%

Sue@1234

Kim Morre

kim

%

My5martPasswd

Glen Roe

glen

%

glenNn237

Q6. Provide the SQL commands you used and screenshots of the result (i.e., successful execution and the users created).

Step 3. Grant the following privileges to Sue:

see the names and nationality of the staff and can grant such privileges to others;

insert and update staff nationality information.

Q7. Provide the SQL commands you used and screenshots of the result (i.e., successful execution and what you can see when logged in as Sue).

Step 4. Grant the following privileges to Kim:

see the names and salary of only those staff whose salary is below 80000.

Q8. Provide the SQL commands you used and screenshots of the result (i.e., successful execution and what you can see when logged in as Kim).

Revoke the above privileges from Kim.

Q9. Provide the SQL commands you used and screenshots of the result.

Step 5. Grant the following privileges to Glen:

see the names of the staff and their corresponding department names, only for those staff whose salary is below 80000.

Q10. Provide the SQL commands you used and screenshots of the result (i.e., successful execution and what you can see when logged in as Glen).

Page 5 of 8