Week 3 Discussion Question
Question 1
Pick an algorithm for any one of these types (e.g., DES, AES, RSA, MD5) and describe how it works and where it is applied in network security. (For example SSL uses 3DES or DES for message encryption.) Use your own words. When you pick an algorithm, try not to repeat.
Question 2
Why do you need message authentication? Does encryption solve the problem of message authentication? Explain.
Question 3
. All six methods of information gathering discussed in this week lecture take a lot of time. Do you think that there are some ways that systems analysts could collect the required information while saving time? Please offer your opinion on this issue.
Question 4
During the systems development life cycle (SDLC), certain key problems discovered in the later stages could be directly traced back to inadequate and/or poor efforts in the requirements phase and industry studies show that over 50% of systems problems belong to this case. In addition, as mentioned in this week lecture notes “the cost of errors in requirements that weren’t discovered until later” may go up to 1,000 times. As a systems analyst, what should we do to minimize this problem? How might this be avoided?
Question 5
For information-gathering techniques, there are interactive methods (interviewing, joint application design, and questionnaires) and unobtrusive methods (sampling, document analysis, and observation). As we all know that unobtrusive methods are less disruptive than interactive methods; however, when they are being used alone, they would gather insufficient information. Therefore, it is recommended that systems analysts should combine both interactive and unobtrusive methods during information gathering process. Please offer your opinion on this issue.
Solution Preview
Question 1
Pick an algorithm for any one of these types (e.g., DES, AES, RSA, MD5) and describe how it works and where it is applied in network security. (For example SSL uses 3DES or DES for message encryption.) Use your own words. When you pick an algorithm, try not to repeat.
AES is specification which is used in encrypting online data and it was established in 2001 by the United States’ National Institute of Standards and Technology. AES has been adopted by the U.S government and other organizations all over the world. It is considered to be better than DES because of various reasons. First of all, it has a symmetric-key algorithm which means it’s the same key which is used in both encryption and decryption of data. It is effective compared to its predecessor because it is efficient in both software and hardware (Abomhara et al.). Since it’s based on substitution-permutation which is a design principle, it does not use a Feistel network but instead it varies in Rijndael. It also has a finite field where most of its calculations are done.
(983 words)