Main Menu

My Account
Online Free Samples
   Free sample   Risk management assignment steganography and access control lists

Risk Management Assignment: Discussion On Steganography & Access Control Lists

Question

Task:
Assessment Details:
This risk management assignment is designed to assess your technical skills in investigation IS security, risk threats and management to an organization. The assessment is also assessing your skills to evaluate risk management techniques and IS auditing. You are required to select an organization that uses information systems to perform daily business operations. You have to identify the most valuable assets for the organisations and investigate the security threats and mitigation techniques. You have also to propose/evaluate the risk management techniques adopted by the selected organization to ensure the reliability, confidentiality, availability, and integrity. You have also to discuss audit plan and processes used by the organization and investigate the impact of human factors on security and risk management.

Task Specifications:
This assessment includes three tasks as follows:

Task-1:
Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. Use Steghide tools available in Kali Linux/Linux to hide a text file that includes your group students’ names and IDs on audio file. You have first to create audio file with no more than 30 second to record your group student’s names only. Then, you have to create text file to include group details include names and student IDs. Finally, use Steghide tools (use APIC as passphrase) to embed your text file into the created audio file.

In your report, you have to provide screenshot demonstrate the steps with the commands you followed during the process of installation of Steghide, and the way use used to hide group information text file into audio file and finally the steps to extract the text file from audio for verification of your work.

Task-2:
Access control is granting or denying approval to use specific resources. Technical access control consists of technology restrictions that limit users on computers from accessing data. In this project you have to work in a group to understand Access Control List (ACL) and files system security using Linux environment. You have to complete the tasks using kali Linux or any Linux OS.

In your report, you have to provide screenshot to demonstrate the steps you followed during the process of conducting the assignment tasks requirements according to your group student IDs, first name and last name.

Task-3:
Discuss with clear demonstration, how the Steganography and access control list techniques that you conducted in Task-1 and Task-2, respectively, can achieve confidentiality, integrity, and availability (CIA). You have to provide justification during your discussion.

Answer

Introduction to the context of risk management assignment
There are numerous advancements that are being made in the field of technology. With these advancements, there is also a significant rise in the frequency of the security risks and attacks that is evident. Numerous tools and techniques are developed so as to control and mitigate the security attacks. Steganography and Access Control Lists, ACLs are discussed and explored through the tasks covered below. For Steganography, the Steghide tool is used and the detailed steps are shown.

Task 1
The first step was to install steghide. In order to install steghide, a few package dependencies needed to be updated (Hameed 2015). This was done on the terminal as follows:

Task 1 in risk manag 1

In the next step, Steghide was installed

Task 1 in risk manag 2

However, as can be seen above, there was an issue with the installation.

So, with an additional command as suggested by Steghide was executed in order to fix the installation.

Task 1 in risk manag 3

The following text file will now be embedded into the pre-recorded audio file.

Task 1 in risk manag 4

The embedding was successful and virtually the embedding did not add any weight to the Audio file and it also plays successfully.

Task 1 in risk manag 5

Once the file was embedded, it was also later then extracted to see if the operation works. The below output is the successful result of the extraction (Kolakalur, Kagalidis&Vuksanovic 2016).

Task 1 in risk manag 6

Task 2
Task 2.1

Serial

Student ID

First Name

Last Name

1st

201702192

Atif

Zahoor

2nd

201702892

Fahad ur

Rehaman

3rd

201702844

Muhammad

Babar


Task 2.2

Task needed

Terminal commands

Create directory named APIC

Mkdir APIC

Set full access to APIC directory

Sudochmod744 APIC

 

As can be seen from the below screenshot, first the directory of APIC was created using the command. Then its access permissions were changed using the command listed above. With this command, the owner has read, write and execute access to the directory whereas Group and others have read access only.

Task 1 in risk manag 7

Task 2.3

Directory creation

Commands

Directory created (ID1)

mkdir APIC/201702192

Set read and write access permission only

chmod -R 644 APIC/201702192

Directory created (ID2)

mkdir APIC/201702892

Set read access permission only

chmod -R 444 APIC/201702892

Directory created (ID3)

mkdir APIC/201702844

Set read and execute permission only

chmod -R 544 APIC/201702844

 

Task 1 in risk manag 8

Task 2.4

Task details

Terminal Commands

Create user (Firstname1)

sudoadduseratif

Full permission to ( ID1)

setfacl -m u:atif:rwx APIC/201702192

Read and write permission to ( ID2)

setfacl -m u:atif:rw APIC/201702892

Read permission only to other directories

setfacl -m u:atif:r /home/

 

Create user (Firstname2)

sudoadduserfahad

Full permission to ( ID2)

setfacl -m u:fahad:rwx APIC/201702892

Read and write permission to ( ID1)

setfacl -m u:fahad:rx APIC/201702192

Read permission only to other directories

setfacl -m u:fahad:r /home/

 

Task 1 in risk manag 9

Task 2.5
Below screenshot depicts the total number of users created and their names.

Task 1 in risk manag 10

The below screenshot depicts all of the groups currently active in the system

Task 1 in risk manag 11

Task Details

Terminal Commands

Creation of the group (Lastname1)

sudoaddgroupzahoor

 

Adding the (firstname1) as well as (firstname2) tothe (lastname1) group

sudoadduseratifzahoor

sudoadduserfahadzahoor

The group users of (Lastname1) group would get full access to the directory ( ID1) and then only read access to directory (ID2)

setfacl -R -m g:zahoor:rwx APIC/201702192

setfacl -R -m g:zahoor:r APIC/201702892

 

Task 1 in risk manag 12

Task Details

Terminal Commands

Creation of the group (Lastname2)

sudogroupaddrehaman

Addition of the (firstname2) as well as (firstname3) to the (lastname2) group

sudoadduserfahadrehaman

sudoaddusermuhammad

sudoaddusermuhammadrehaman

Now, all of the users from the (Lastname2) group will get full access to directory (ID2) and read access to directory (ID1)

setfacl -R -m g:rehaman:rwx APIC/201702892

setfacl -R -m g:rehaman:r APIC/201702192

 

Task 1 in risk manag 13

Task 3
Steganography is the technique that involves the use of different methods and mechanisms to hide certain information pieces in the regular data transmission process. There are various techniques that are used to carry out Steganography(Mahima, Siddiqa& Sardar 2019). The technique works in such a manner that the information is hidden without causing any unwanted suspicion. One of the most commonly used techniques is Least Significant Bit, LSB. As the name suggests, the LSB of a media file is used to embed the information that is to be kept hidden during the transmission. For instance, the image files involve pixels that are composed of the three data bytes for the color codes. There is also an additional byte that may be included to represent transparency. The LSB technique changes the last bit of these bytes in the image file to hide the data in one bit. The large information chunk can be kept hidden and transmitted in such a manner (Rahman 2018). This is because changing the last bit of the pixel value does not lead to any major visible changes. It is not possible for a person to view the normal and the steganographic image to spot the difference. The same methodology can be applied in the other digital media files, such as audio or video files. Another technique that is used for Steganography is the substitution technique. It includes the letter or word substitution to hide the information and transmit the same. The embedding technique is also used wherein the data is embedded in the header section of the data packet. All of these make it difficult to detect such hidden information (Shahi 2020).

In the above tasks, the use of Steghide tool is performed to carry out the Steganography and hide the information. There are numerous features that the Steghide tool comes with. There are varied file formats that the tool is compatible with leading to the improved capabilities for the end-users. The information extraction cannot be performed without the tool which can be a limitation with the involvement of the Steghide tool.

Another significant technique that is used in the network and information security is Access Control Lists. These are usually referred as ACLs and are used with the Linux environment and systems (Yadav, Sharma & Arora 2018). The users can have different rights and access permissions in Linux. These are proudly classified in three categories as read, write, and execute. It is important that the access is controlled and properly monitored to ensure that there is no unauthorized access involved at any instance. The ACLs are utilized to grant, modify, and control the access and permissions (Lopriore 2016). These provide an edge over the usual methods of access control as the complex situations and problems can also be managed through the ACLs. The use of the ACL technique can be spotted in the tasks above.

The traditional file permission system and concept may not be suitable in all the access control requirements. The ACLs can be involved in these cases and these enable the allocation or the permissions to the users or the groups. It is not necessary that these users or the group correspond to the original owner or the owing group involved. ACLs are the feature of the Linux kernel and can be used at the application level to manage and control the complex permission concepts. There are various scenarios and situations wherein the ACLs can be used for effective access control and management (Hafizhan, Wahyuddin&Komalasari 2020). Some of these include the replacement of the operating system or server, such as Windows server to be replaced with the Linux server.

The Steghide tool and the ACLs are applied in the tasks above to showcase the different aspects of the information and network security.

Conclusion
It is essential that the techniques and measures are followed to keep the information sets and the network channels secure from the security violations and privacy attacks. The two techniques, Steganography and Access Control Lists, ACLs are explored in the tasks executed. There are several other sub-concepts and techniques under these two methods which can be analyzed and explored in the future.

References
Hafizhan, M, Wahyuddin, MI &Komalasari, RT 2020, ‘Implementasi Packet Filtering MenggunakanMetode Extended Access Control List (ACL) Pada Protokol EIGRP’, JURNAL MEDIA INFORMATIKA BUDIDARMA, vol. 4, no. 1, p. 185.

Hameed, AS 2015, ‘Hiding of Speech based on Chaotic Steganography and Cryptography Techniques’, International Journal of Engineering Research, vol. 4, no. 4, pp. 165–172.

Kolakalur, A, Kagalidis, I &Vuksanovic, B 2016, ‘Wavelet Based Color Video Steganography’, International Journal of Engineering and Technology, vol. 8, no. 3, pp. 165–169.

Lopriore, L 2016, ‘Access control lists in password capability environments’, Computers & Security, vol. 62, pp. 317–327.

Mahima, N, Siddiqa, N & Sardar, TH 2019, ‘Multi-Layered Security System Using Cryptography and Steganography’, risk management assignment International Journal of Innovative Research in Computer Science & Technology, vol. 7, no. 2, pp. 8–11.

Rahman, SA 2018, ‘A comparative analysis of image steganography based on DCT algorithm and steganography tool to hide nuclear reactors confidential information’, Computers & Electrical Engineering, vol. 70, pp. 380–399.

Shahi, D 2020, ‘Reversible Steganography for RGB Images Using Image Interpolation’, Journal of Advanced Research in Dynamical and Control Systems, vol. 12, no. 3, pp. 41–49.

Yadav, SK, Sharma, K & Arora, A 2018, ‘Security Integration in DDoS Attack Mitigation Using Access Control Lists’, International Journal of Information System Modeling and Design, vol. 9, no. 1, pp. 56–76.

NEXT SAMPLE

Related Samples

Question Bank

Looking for Your Assignment?

Search Assignment
Plagiarism free Assignment

FREE PARAPHRASING TOOL

PARAPHRASING TOOL
FREE PLAGIARISM CHECKER

FREE PLAGIARISM CHECKER

PLAGIARISM CHECKER
FREE PLAGIARISM CHECKER

FREE ESSAY TYPER TOOL

ESSAY TYPER
FREE WORD COUNT AND PAGE CALCULATOR

FREE WORD COUNT AND PAGE CALCULATOR

WORD PAGE COUNTER



AU ADDRESS
9/1 Pacific Highway, North Sydney, NSW, 2060
US ADDRESS
1 Vista Montana, San Jose, CA, 95134
ESCALATION EMAIL
support@totalassignment
help.com