ISY 143
Authentication Using Biometrics
In recent years, biometrics have received a great deal of attention and biometric technologies are
being used for authentication. Hollywood seems to dramatize biometrics in movies. Discuss
some of the prevalent myths about biometrics shown in the movies or television shows.
Work alone or in a group of up to three students. Find a short, publicly available online movie or
television clip involving biometrics, and analyze the clip to separate myth from reality. (What is
meant by "publicly available" is that one should not need a subscription to Netflix, Hulu, etc. in
order to view it.) Write a 2-3 page paper to provide brief answers to the following:
1. How accurately did the clip depict the current state of biometrics? Justify your answer.
2. In addition to the type of measurements depicted in your video clip, what are three other
types of things can be measured now?
3. How would biometrics deal with the people with disabilities when they lack the physical
traits the system requires?
4. What are some of the potential social and legal consequences of biometric implementations?
5. What may be the consequences when the security of your biometric data is compromised?
6. With your answers to the above five questions in mind, do you think that the benefits of
using biometric security devices in contemporary society outweigh the individual privacy
issues? Why or why not?
Be sure to include a link in your paper to the movie clip.
Note: To provide really thorough answers to these six questions, you would need to write a book,
but for this exercise 1-2 paragraphs per question will suffice. The paper does not need to be
comprehensive; it just needs to show that you have spent some time thinking about the issues
involved in biometrics and that you have done some reading on the topic.
Include a list of at least five references in your paper.
A DTCC instructor accidentally transposed two characters when entering a URL into a browser
and came to the page depicted in the figure below. What hints are there that this is not a genuine
offer of assistance? What type of attack was being attempted?
1. Suppose a boy wished to cause mischief with regard to his older sister's diary. What
could he do with it or to it? List at least three things, then state whether each of the three
would be violations of confidentiality, integrity, or availability. (They might violate all,
some, one, or none of the CIA triad.)
2. What are tips to generating good passwords? (Do's, Don't's, generation ideas.)
3. Research one security breach and discuss what permitted the attacker(s) to succeed, what
harm was done, and what lessons can be learned from the breach. If you were the Chief
Security Officer for the breached company, what suggestions would you make to try to
prevent a similar breach in the future? One good source of breach information is the
SANS newsletters. (http://www.sans.org/newsletters/) The NewsBites provide brief
discussions of security-related topics and often mention breaches; they provide links to
additional sources which will provide more details. The @Risk newsletters are much
more technically-oriented discussions which are geared toward people already wellversed in the field.) You may discuss any breaches which have been made public within
the past half year and which have not already been discussed by a previous poster. (You
may, of course, respond to previous posts, but such responses will not count toward your
grade.) Your must make your post by the end of the Thursday of the tenth week of class.
4. How do you decide what to post on social media sites such as Facebook or Pinterest?
What is your philosophy on what to make publicly available? Now consider how what
you post publicly might be used by an attacker (a "black hat" hacker, a thief, a stalker,
etc.) or by a prospective employer.
An example: Penetration testers (pen testers) are ethical hackers who contract with
companies or organizations to attack them (within clearly defined specifications) in order
to see where the company's weaknesses are and to help them become more secure against
malicious attackers. A pen tester once relayed a story in which he was supposed to get
specific information from an individual who was highly placed in the company. The
individual's computer was well protected, as was his physical office. But when the pen
tester researched the company officer, he found out that the officer had made a couple of
posting to a newsgroup dealing with stamp collecting. The pen tester then set up a bogus
web site which displayed a fictitious stamp collection. The pen tester wrote a spear
phishing e-mail to the officer in which he claimed that his uncle, a philatelist (i.e., a
stamp collector) had passed away and left him his collection. The e-mail went on to stay
that the person writing the letter was not into stamp collections and was trying to sell the
stamps. Would the officer be interested in buying any of them? The e-mail included a
link to the site. Unknown to the officer, when he visited the site, he became the victim of
a drive-by download, meaning that some malicious software was installed on his
computer. That was the means by which the pen tester was able to compromise the
officer's computer and acquire the target information.
This story shows how something that seems innocent to share (an interest in stamp
collecting) can be used against one. Will having read this story change what you post
online? Note: There is no one single "right" answer to how much or how little one should
share online: Clearly, it would not be wise to post one's credit card or social security
numbers publicly, but different people will draw the line in different places: What one
person would consider an appropriate level of sharing publicly, another might consider as
being extremely insecure oversharing and a third might think is paranoid undersharing.
5. If you notice any instances of poor security in real life, post descriptions of them here.
Please make the posts vague enough so that the post's readers would not be able to act on
the information to attack an individual. For example, you might say, "I was walking past
an office and I saw a sticky note with what appeared to be a password on it affixed to a
monitor." Do NOT, however, say anything like, "I was walking past Mr. Jones's office at
333 S. Main Street and saw "GoEagles!12" on a sticky note attached to his monitor. I
think that was his password."
Encryption Exercise
Shift Cipher
1. Encryption
a. Encode the following message using a shift 4 cipher
Francis Bacon
__________________________________________________________________
b. Now encode it using a shift 7 cipher.
__________________________________________________________________
2. The following messages have been encoded using a shift cipher with key 8. Decode.
a. emtkwum bw bpm eiksg ewztl wn kzgxbwozixpg
__________________________________________________________________
__________________________________________________________________
b. tivociom qa zmlcvlivb
__________________________________________________________________
3. Contrary to what you might think, the goal of a cryptographer is not to decrypt messages.
The goal of a cryptographer is to find keys (because a key reveals a whole set of
messages). The following message has been encoded using a shift cipher. What is the
key?
n ebfr ol nal bgure anzr
__________________________________________________________________
1
Monoalphabetic Substitution Cipher
4. Encrypt the following plaintext using the specified key:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B G I W H T A V J C K X R L S E Y M D Q F N U Z P O
I DO NOT LIKE GREEN EGGS AND HAM
__________________________________________________________________
5. Use the key above to decrypt the following:
SLH MJLA QS MFXH QVHR BXX
__________________________________________________________________
Transpositional Cipher
6. Decipher the following ciphertext:
E
I
R
L
E
Y
N
H
N
A
A
P
I
R
I
D
D
O
A
T
W
O
E
E
U
N
A
E
N
N
H
P
W
W
G
E
E
R
A
O
G
Y
C
M
D
I
D
K
R
The key used was as follows:
1-2-3-4-5-6-7-8-9 
4-2-7-1-6-9-5-8-3
__________________________________________________________________
7. Encrypt the following plaintext using the given key:
2
Key:
1-2-3-4-5-6-7 
6-2-4-1-5-7-3
Plaintext:
may the force be with you
3
4
ISY 143 224
TCP/IP
IP Addressing
1. Convert the following Dotted Decimal Notations to their Binary Equivalent.(24 pts)
Network Address
Subnet Mask
Network Address
Subnet Mask
Network Address
Subnet Mask
Dotted Decimal
Binary Equivalent
Dotted Notation
Binary Equivalent
Dotted Decimal
Binary Equivalent
Dotted Notation
Binary Equivalent
Dotted Decimal
Binary Equivalent
Dotted Notation
Binary Equivalent
192.
168.
5.
0
255.
255.
255.
0
10.
0.
0.
0
255.
0.
0.
0
172
15.
0.
0
255.
255.
0.
0
2. Define the function of an IP address’s subnet mask. (3 pts)
_______________________________________________________________________
_______________________________________________________________________
3. Explain what is meant by using a slash notation (for example, /24) following an IP address.
For example, what does the value 201.23.45.123/24 represent?(4 pts)
_______________________________________________________________________
_______________________________________________________________________
4. A network has the network address 192.168.5.0/24. Determine which of the following IP
addresses are within this network. (10 pts)
IP Address
Same/Different Network
192.168.5.10/24
192.168.6.10/24
192.168.5.11/24
1
192.168.7.12/26
192.168.5.13/24
192.168.5.254/24
172.16.5.15/16
19.168.5.16/8
192.168.5.10/24
The Function of the Default Gateway
To determine if an IP address is local or remote, you must first convert the IP addresses and
subnet masks to their binary values. You then perform the Boolean logic operation of AND on
the IP addresses and subnet masks for each of the nodes and compare the results. If the results
are the same (all 1’s and 0’s match), the hosts are on the same network segments. If the results
do not match, the hosts are on different network segments. In Boolean logic, 0 AND 0 = 0, 1
AND 0 = 0, 0 AND 1 = 0, 1 AND 1 = 1.
1. Compare the following IP addresses and determine whether they are local (on the same
network segment) or remote (on different segments):
(5 pts)
Host IP Address Host Subnet Mask Destination IP Address Local or Remote?
210.145.149.123 255.255.255.0
210.145.253.199
192.168.4.189
255.255.255.224
192.168.1.107
10.154.187.89
255.192.0.0
10.152.179.88
132.100.45.5
255.255.252.0
132.100.45.45
151.251.100.101 255.255.0.0
166.200.110.10
2. When a network host determines that a data packet is intended for a remote network, what
does it do with the packet? (3 pts)
Static IP Addressing vs. Dynamic IP Addressing
1. What is static IP Addressing and how is it configured on a Windows computer? (4 pts)
2
2. Describe the function of the DHCP service on a TCP/IP network. (3 pts)
3. What are two ways to view a Windows computer’s TCP/IP configuration, including
advanced settings such as the DHCP information? (4 pts)
TCP/IP Utilities
At the command prompt enter the following commands, and give a brief description of the
information displayed on the monitor. (4 pts ea)
1. arp –a
2. ipconfig
3. ipconfig /all
4. netstat /?
3
5. netstat -r
6. netstat -e
7. ping
8. tracert
9. tracert –h 8 192.31.7.130
10. nslookup cisco.com
4