At CoCoNut College, students have the ability to user their login and password credentials to manage their classwork enrollment every semester. Right after the beginning of a new term, after the drop/add period is over, you (as a Network Administrator) have been called to the Registrar's office to investigate a case. A student has mentioned that all of her classes were dropped from the system, but claims that she did not do it.

1. Describe what is non-repudiation when it applies to network security and how does it apply to this situation?

Upon further investigation, you determine that the student's former boyfriend, upset after the break up, used the student's CoCoNut College credentials to login to the system and drop all of her classes.

2. How do you think the boyfriend obtained the credentials to the other student's account?

3. How could the system be modified to use biometrics to ensure non-repudiation?

4. Besides using biometrics, what other suggestions for authentication methodologies, technical or non-technical would you offer to help ensure non-repudiation?

5. As universities and colleges move more and more towards online learning, what other situations could arise in which a simple login and password would not be sufficient to ascertain a student's identity and prevent fraud?

6. How could the student have prevented this incident?