i need the answer of question 2 , based on my answers
2-Conduct a requirements elicitation session with the customer. Document the main
features of the system. The customer is in charge of brainstorming the functionality, but
must be reasonable as the instructor can override any customer decision.
The purpose of this activity is to get you acquainted with writing abuse and misuse cases in tandem with writing use cases. SYSTEM DESCRIPTION An Internet-based information security lab, or lab, is a collection of systems and software used for teaching information security. Laboratory exercises give students practical experience with security vulnerabilities, security testing, and defenses. The students are not physically in the laboratory, but access it through the Internet. The lab comprises four kinds of entities: servers, sources, targets, and exercises. The first three are specially configured host systems in the lab. Servers provide presence for the students in the lab; servers do not participate in the exercises. Sources and targets participate in the exercises, with at least one source and target for each exercise. The exercises are either exploits or defenses, from the student's point of view. Each exercise has two parts: documentation and implementation. The documentation is provided by the instructor and usually consists of files and code samples that explain the exercise. Students are allowed to access the documentation for an exercise and are expected to construct and demonstrate an implementation. The instructor also provides a model solution which is not given to the students until the exercise is completed. Before each exercise, the lab is configured by an administrator. After the exercise is complete, the administrator restores the lab to an appropriate configuration. SE'UP This is a group activity. You are in charge of coming up with the system's funetionality, as well as specifying the requirements. ACTIVITY 1. Start up a document, call it "Requirements Specification for X " where X is the title of your system. Also, place the following headers in the document to be filled out: - Overview - Description An Internet-based information security lab, often known as a lab, is a set of tools and software that are used to teach information security. Students gain real experience with security vulnerabilities, security teating, and defenses through laboratory exercises. Although the students are not physically present in the laboratory, they have access to it via the Internet. Servers, sources, targets, and exercises are the four types of entities in the lab. In the lab, the first three are specially configured host systems. Servers are present in the lab for the students but do not participate in the exercises. The exercises include sources and targets, with at least one source and target for each activity. From the student's perspective, the activities are either exploits or defenses. There are two elements to each exercise: documentation and implementation. The instructor provides the documentation, which typically includes files and code samples that describe the activity. Students are given access to the exercise documentation and are asked to build and present a solution. The instructor also supplies a model answer, which the pupils do not see until the exercise is completed. The lab is set up by an administrator before each exercise. The administrator returns the lab to its original configuration after the exercise is completed. - Actors: Student, administrator and instructor. - Security Goals Prevention of ralware attackos. Prevention from data stealing. Preventing the modification of data. - Use Cases Develop explot Demonstrate exploit Develop defense Demonstrate dedense Set up lab Tear down lab Develop excersice Develop excersice scoring - Primary Actor Student, instructor and administrator. - Preconditions The exercise ncore is solely the responsibility of the teacher. A valid ID is required for the student, instruetor, and administrator. Only the administrator should be able to apcess the lab. - Main Flow of Events - The use case begins when the student creates an exploit the systern will employ anti-virus and firewall security, and the student will demonstrate and design defentes againat the system. - [Misase|Abuse] Case The attacker can use a Brute-Force attack on the administrator to gain aceas to the lab. - Security Requirements Using eneryption Twe factor authenticatien The use of strong passwords Periodic password changes. 2. Conduct a requirements elicitation session with the customer. Document the main features of the system. The customer is in charge of brainstorming the functionality, but must be reasonable as the instructor can override any customer decision
