CS671 Spring 2021 Homework 1

Git, GitHub, Markdown, Cybersecurity Intro

Dr. Greg M. Bernstein

Due Wednesday, February 3rd, 2021 by 11:59PM, 50 points.

General Instructions

Listen to the following case studies:

  1. Case study EP 79: Dark Basin by January 27th.
  2. Case study EP 76: Knaves Out by February 3rd.

The goal of this homework is to get you functioning with git, GitHub, and Markdown as we will be using these tools throughout the course. This homework will take you step by step through establishing your GitHub repository, cloning that repository on your local machine, making edits and additions locally and committing them locally, and pushing changes up to your GitHub repository to share with me.

Tips:

  1. Do not use directory names with spaces in them within your repository!
  2. Do not use the # or other “weird” characters in file or directory names!
  3. Do not have directories or files in a repository that only differ only in their capitalization!
  4. Put your repo in a directory that is relatively easy to get to via a command line.

Use Branch master

We will use the default git master branch, i.e., no branching is required in this homework.

Use README.md for Answers

You will modify the README.md file in your repo to contain the answers to this homework.

Questions

Question 1. (5 pts)

Establishing your GitHub Classroom remote repository.

1(a)

Go to the link for GitHub classroom given out on Blackboard to create your repository for assignments for this class. Take a screen shot of the web page for your repository and save it to the images subdirectory.

Include the screen shot here from above as your solution via Markdown. I got something like this last semester (yours will be different!):

GitHub repo view

1(b)

Install Git on your local machine if needed. Clone the repository locally on your machine as explained in the class slides. Take a screen shot of the cloned directory in your file manager (you may need to make hidden folders visible to see the .git directory) and save it to the images subdirectory.

Include the screen shot here from above as your solution via Markdown. I got something like this last semester (yours will be different):

Local directory view

Question 2. (5 pts)

Editing, Committing, and Pushing your local version of README.MD.

2(a)

Edit the local (cloned) version of the README.md file to contain only the following information. Clear out any extra stuff that it may have had at the start. Be sure to fill in your name and NetID with the real values. Leave a blank space in your answer sheet so I know you did this question.

**Your name**

**NetID: yourNetID**

# Homework #1 Solution

## Question 1

## Question 2

Commit the changes to your local repository via git.

2(b)

In the images directory delete any sample image files I may have given you. You will want to clear out screen shots from previous assignments as you start a new assignment.

Commit the changes to your local repository. Take a screen shot of the command line after you’ve done the above and issued the command git log. Include the screen shot from above as your solution via Markdown.

I got something like this last semester:

Git command line history

2(c)

Push your local changes up to your GitHub repository with the command: git push. Take a screenshot of the Web page of your GitHub repository that shows part of your rendered README.md file, i.e., something like

GitHub view of changed README.md

Include the screen shot from above as your solution via Markdown.

Question 3. (10 pts)

(a) Multiple choice Chapter 1

Questions from Chapter 1 of the course text:

Question Answer Question Answer
4 5
6 8
10 12
14 17

See GitHub flavored markdown table extensions to see how to put tables into markdown. This is required for full credit.

(b) Have you been Pwnd?

Visit the website have i been pwned? and input one or more of your email addresses until you find one that has been part of a breach. If none of your emails haven’t been reported in a breach don’t feel too confident, these are only the breaches made public. Take a screenshot of your results

Have I been pwned result

(c) Credential Stuffing

What is credential stuffing? Given my results in part (b) should I be concerned with credential stuffing. What is the “credential” that is being referred to here?

(d) Avoiding Credential Stuffing

Who is responsible for preventing credential stuffing? Are you doing currently doing anything to prevent the stuffing of your credentials? Have you found any free/open source tools to assist you?

Question 4. (10 pts)

(a) Personal Non-Cyber Risk Assessment

Perform a “simplified” qualitative risk assessment for a pet (real, imaginary, or desired). Use the following steps. Note we are not putting a cost on the life of our pet, hence qualitative.

  1. Describe the asset, i.e., the pet you have or would like to have or that you find entertaining to discuss.
  2. Produce a list of at least five possible threats to the asset (pet).
  3. Explain how likely each threat to the asset. Rank the threats in terms the most likely to least likely.
  4. Come up with a countermeasure to each threat. Explain its costs in terms of time, money, loss of enjoyment, etc…

(b) Personal Cyber Risk Assessment

Perform a “simplified” quantitative risk assessment for your laptop.

  1. Describe the asset including your data and commercial (expensive) programs that you may be running such as commercial OS. Roughly quantify the amount of data, and the costs for the machine and any expensive programs.
  2. Describe any unintentional (accidental) threats to the asset
  3. Describe cyber threats to the asset; Go through the categories of malware and include any that seem appropriate.
  4. Describe the countermeasure that you take against accidental threats
  5. Describe the countermeasure that you take against each cyber threat

Question 5. (10 pts)

(a) Confidentiality of Meta Data

Even if cell phone communications are encrypted there is a lot of potential information about the call that can be useful to an adversary, i.e., such as the phone number called, where you are, where the recipient is, how long you talk. All this information will be known to your cellular provider (in the simplified scenario that both you and the person you are calling use the same provider).

Now suppose you visit a general (secure) website on the internet. Make a list of organizations that may learn about your visit and the types of things (meta data) they may learn. Are there other organizations besides the website that your visiting that will know about your visit? Who might they be? (200 words max)

(b) Availability

Give examples of unintentional availability issues that you have encountered with:

  1. Your cell phone
  2. Your internet connectivity
  3. A network based service such as gmail, zoom, Blackboard etc…

Would you consider ransomware and attack on availability? Explain your reasoning (200 words max).

(c) Integrity

In the CIA triangle integrity can be interpreted very broadly, for example, not only the unauthorized modification of some “data”, but also whether the data is in some sense “authentic”, i.e., that it is true, and that it comes from where it is claimed.

With this broader interpretation do “attacks” on integrity (or lack of integrity) play a major role in internet scams and/or phishing attacks? Discuss. (200 words max)