Just need two follow up post of at least 150 words each to the following students post.

For this assignment, create a new message and address the following items in your response.

Describe the three security properties of information (hint: “CIA”)
What is the difference between requirements and controls in the security process? Give examples of each.
Explain how a buffer overflow can allow an attacker to take over a computer. Provide an example beyond the Morris Worm mentioned in the text.

Student 1:
Tyler,
Securing information is a growingly complicated process as threats evolve. The three security properties associated with securing information, known as the C.I.A triad, are used as guidelines to maintaining security. The three properties are confidentiality, integrity, and availability. Confidentiality is the promise that un-authorized users will not be able to gain access to the secured information. It ensures that the data I not shared without proper consent. Integrity is the process of keeping the information accurate and unchanged. It is possible that information can be intercepted in transit and stolen or altered. Integrity is making sure this does not occur. Availability is the properties that establishes a steady flow of information when requested. Some attacks on information security will overload the server with invalid requests and render the servers unresponsive to valid requests. The availability step in the process establishes a reliable connection to legitimate requests at all times.
The difference between controls and requirements in the security process are: Requirements are decided after systematically analyzing the situation at hand. Then the requirements for a system are generated and utilized in the structure of security protocols. Once the system is completed and the established requirements are met, controls are implemented. These controls are set forth in order to maintain the security system created by meeting the requirements.
A buffer overflow attack is when the request for certain data is responded with a surplus of information. The system did not allocate enough temporary storage to hold the response and the data overflows. Malicious code is implanted into the extra data that can be prompt the system to do all sorts of things. A well known example of this type of attack would be the SQL slammer attack in 2003. It was carried out on Microsofts’ SQL server. The worm traveled by memory and created an endless loop output to other systems. It is also regarded as a Denial of service attack.
References:
Buffer Overflow Attacks – All You Need to Know. (2017.) Cypressdatadefense. Retrieved from https://www.cypressdatadefense.com/education-train…
Smith, R. E. (2016). Elementary information security, 2nd edition. Subury, MA: Jones & Bartlett Learning.

Student 2:
Kelley,
1 Describe the three security properties of information (hint: “CIA”)
The three security properties of information are Confidentiality of information, Integrity of information, and Availability of information. These are the three security goals an organization tries to meet. Confidentiality makes sure documents are secure from those who should be able to see them, but still accessible to those that need to view them. Integrity protects against unauthorized changes, but still allows changes by users that are authorized. This keeps data consistent and protects against malicious code. Availability is ensuring users that need access have access and prevents downtime.

What is the difference between requirements and controls in the security process? Give examples of each.

Requirements help meet the needs for security systems. They can be different depending upon the application. While an ATM would require more integrity requirements a telephone switching system would require more confidentiality requirements. Security requirements are based on what a system is used for. Controls help guide security operations to help implement requirements and make sure requirements are met. Controls help prevent mistakes that an be harmful and can detect vulnerabilities.

Explain how a buffer overflow can allow an attacker to take over a computer. Provide an example beyond the Morris Worm mentioned in the text.

Buffer overflow is when a program reads too much data into the buffer and it exceeds the allowed size set by the programmer. The extra data writes over other data in other memory. The 2004 version of AOL’s AIM instant messenger service exposed users to buffer overflow. If a URL was posted in the “I’m away” message, anyone who click the link would be vulnerable to the attack. AOL Instant Messenger also have a buffer overflow vulnerability where a user could send a malformed game request to a user that executed arbitrary code.
CISCO (2002). AOL Instant Messenger Buffer Overflow Vulnerability. Retrieved March 6, 2019, from https://tools.cisco.com/security/center/viewAlert….
National Research Council (1991). Computers at Risk – Safe Computing in the Information Age. Retrieved March 6, 2019, from https://www.nap.edu/read/1581/chapter/4#50
Smith, R. E. (2016). Elementary information security (2nd ed.). Retrieved March 4, 2019, from https://online.vitalsource.com