4 discussion replies. I will copy and paste what you need to reply to. Each needs to be at least 120 words, with propers references. Just put them in a document and number them just like I did here. They do not all go together.
1) The Wireless Transport Layer Security is also known as WTLS is the security layer of the Wireless Application Protocol. This layer provides encryption, authentication and data integrity for wireless devices. WTLS is widely implemented in wireless devices because there were problems such as limited processing power an low band width. The communication between the WAP client and the WAP server is protected by WTLS. Wireless transactions like those used between a user and their bank require encryption to ensure data is protected an secure. This makes perfect sense to me because I have always been cautious and some what insecure about transactions and information I submit on my mobile devices.
2) ypes of Clouds
There are four types of cloud technology within the cloud infrastructure; private cloud, public cloud, community cloud and hybrid cloud. A private cloud is a type of private infrastructure that is provided for the use by an organization. This organization typically has multiple consumers. This cloud is usually owned and managed by the organization itself and can be located on or off premises. A public cloud is a cloud infrastructure that is capable of being used by the general public. This type of cloud may be owned by a certain company but is not located on site; it is located at the provider’s location. An example of this type of cloud is online document sharing/collaboration. A community cloud is somewhat like a private cloud in that it is designed to service a “private” group. The community cloud is more for use by a specific community of consumers that have shared concerns. This cloud can be managed or owned by on of the organizations in the community or even a third party. The last of the cloud models is the hybrid cloud. This cloud is basically a combination of two or more of the other cloud infrastructures. In other words, any combination of private, public and community cloud is considered a hybrid cloud.
3) A sandbox is a tightly controlled environment where programs can be run. Sandboxes restrict what a piece of code can do, giving it just as many permissions as it needs without adding additional permissions that could be abused. For example, your web browser essentially runs web pages you visit in a sandbox. They’re restricted to running in your browser and accessing a limited set of resources so that they can’t view your webcam without permission or read your computer’s local files. If websites you visit weren’t sandboxed and isolated from the rest of your system, visiting a malicious website would be as bad as installing a virus.
4) good security administrator never trusts a software/system vendor in their claims regarding security. When a system or software is acquired, administrators must read and fully understand the technical aspect of acquired asset. Once completed, the acquired asset must undergo “overhaul” in order to customize it to organizational needs. This would include disabling unneeded services, applying least privilege access, installing updates that may have come available since purchase of asset, and testing the asset for any vulnerabilities not previously identified.
The acquired asset must undergo numerous tests in test environment for determined period of time prior to deployment in production environment. As chapter 6 discussed, systems must be tested for fuzzing techniques (as in databases) to ensure system is capable of preventing unexpected responses that may cause disruption of productivity.