A major company has asked you to assess two similar technologies, from a big-picture view (without too much technical detail), to help them decide which alternative they should use.
The general idea is for your report to:
1. Describe the two technologies (or more than two, if there are more).
2. Compare and contrast the two technologies. What are their good points and (more interestingly) their bad points or weaknesses?
3. Finally, what is your personal recommendation of which should a data-oriented company use? Explain why, perhaps by comparing their good points and bad points. If all options seem bad, feel free to recommend “none of the above”.
Any two similar technologies would be fine, below are some possible topics:
A Few Possible Topics
1. An employee is travelling to a country that blocks access to some web sites, such as FaceBook, Google, and Wikipedia. Without using a VPN, which anonymous browser is best?
Pick any two, and compare them:
•The TOR browser
Or any other anonymous browser that works without a VPN.
2. Encryption key management: should we use
•A certificate authority for an SSL/TLS key and certificate (like a web site uses), or
•Our own key server for our company, something like Kerberos protocol.
3. I work for a government that spies on other people. Which do you recommend a spy to use?
•A hardware keylogger, perhaps with WiFi to you never have to get it back, or
•A software keylogger (perhaps installed by a virus) to read the victim’s passwords.
4. Undeniable signatures are where someone cannot deny that they sent a message
There are several ways to do this, so describe two ways, and recommend what you think seems the best.
5. In the United States, they have a law called the Communications Assistance for Law Enforcement Act (CALEA).
It requires companies that have computer networks (including Skype, Hotmail, Gmail, and all U.S. universities) to allow the U.S. Government to tap in to the private data of customers for real-time surveillance. This includes your emails, your Skype conversations, the data on your Apple phone, the data on your Microsoft Windows box, etc.
What should we use to prevent the U.S. Government from listening to your communication? Pick any two from:
•Or may be a commercial alternative untouched by the U.S. Government, e.g., WeChat.
6. How to send large binary files to a colleague, in a secure way? Should I use:
•Email attachments in MIME (given that email is not perfectly secure), or
•One-click hosting (also called a cyberlocker), such as www.mega.nz or similar?
7. On the subject of cyberlocker web sites, which one do you think is best? Take into account reviews of speed, is end-to-end encryption available, is it free, does the U.S. government read your files, and so on.
Remember that our company would value security above all else, so CALEA becomes very relevant, and end-to-end encryption would also be very nice.
8. In the world of Linux and Unix operating systems, initd is the original program that calls other programs, but lately a more complicated alternative called systemd has caught on. Critics say that systemd is so large and complex, that it has become a security problem. Is systemd really all that bad? Should we use initd (or an alternative, like runitd) instead?
9. Cryptographic hash functions are a basic technology used in many encryption methods.
Some hash functions are:
•Older but popular ones like MD5 and SHA-1
•Newer ones that are supposed to be better, like BLAKE2, SHA-3, and Tiger.
Is newer really better? Or are the older generation still okay?
10. I’m a criminal who wants to use a virus to run Bitcoin mining on someone else’s computer, without them knowing. (It’s kind of like stealing electricity).
What should I use:
•A computer virus that mines cryptocurrency, such as PWOBot (it’s called PWOBot because it’s written in Python).
11.What is the difference (if any) between the:
•Deep web (which usually means any web sites not indexed by search engines).
•Dark web (which usually means web sites doing criminal stuff).
Is one a subset of the other, or are they different but overlapping, or what?
12. Encrypted, blockchain-based cryptocurrencies are popular today.
What is the difference (if any) between:
•Etherium (or any other cryptocurrency that isn’t Bitcoin, such as Zcash).
If all cryptocurrencies seem bad to you, feel free to recommend not to use any.