Exercise 1: Assessing Discussion Forum Access Controls
Objective: The goal is to evaluate the process of joining a discussion forum group to analyze their “access controls.” Please note: Do not use your primary, personal email address to sign up for the forum you select for this exercise. It is a good idea to have a secondary email address that can be used for this type of testing. Finally, please make sure that your virus and malware protection is up to date before you start this Exercise.
Tools required to complete Exercise: Internet Browser and search engine of your choice.
Suggested browsers: Chrome, IE, & Firefox
Suggested search Engines: Yahoo, Bing, Google, & Duckduckgo
Directions: Please read all directions prior to starting this exercise.
- Using your favorite search engine, type in one of the following search requests:
-
- forum best video card
- forum parenting tips
- forum best hikes
(Alternatively, you can choose something in which you are very interested and on which you might want some additional insights.) Once you’ve located an acceptable forum, please go to the folder or “thread” where other users are discussing your selected topic. Make sure you are on a forum that asks you to “join” or “register” before you can create new posts or respond to posts created by other users. Pay close attention to the forum’s registration process. The steps below will help you chronicle your experience of gaining access to the forum. Note: You will be required to take screen shots for several of the steps below.
- Create a Word doc. In the document, briefly state the topic you selected for your search and why you selected that topic. Then, provide the EXACT web address of the forum where you registered to post.
- Briefly describe the forum as well as the types of discussions/questions being asked by the other users.
- Take screen shots of the verification process and paste the screen shots into your document. Did it have CAPTCHA? Did it require two-factor identification? Do not proceedif you are not comfortable with sharing the information the site is asking you to provide. If this occurs, please select another topic/forum.
- Locate the End User License Agreement (EULA) on your selected forum and paste it in the document. This is the legal document to which you are agreeing when you join. You can read it in all cases, and in some cases you can also download it. In either case, make sure you include it with your submission.
- Provide a brief description of all the steps your instructor or a fellow student would need to take to sign up for the same forum you selected in order to gain the same posting rights that you have.
- What feedback would you give to the forum’s administrator to improve their access control strategy? If their access control strategy is exceptional, please explain why you feel this way.
The specific course learning outcomes associated with this assignment are:
- Diagnose risk from unauthorized access to IT systems through proper testing and reporting.
- Examine methods that mitigate risk to an IT infrastructure with confidentiality, integrity, availability, and access controls.
Exercise 1: Assessing Discussion Forum Access Controls | ||||
Criteria | Unacceptable
Below 70% F |
Fair
70-79% C |
Proficient
80-89% B |
Exemplary
90-100% A |
1. Provide the EXACT web address of the forum where you registered to post.
Weight: 25% |
Did not submit or incompletely provided the exact web address of the forum where you registered to post. | Partially provided the exact web address of the forum where you registered to post. | Satisfactorily provided the exact web address of the forum where you registered to post. | Thoroughly provided the exact web address of the forum where you registered to post. |
2. Briefly describe the forum as well as the types of discussions/questions being asked by the other users. Weight: 25% |
Did not submit or provided an incomplete brief description of the forum and did not submit or incompletely described the types of discussion/questions being asked by the other users. | Partially provided a brief description of the forum and partially described the types of discussions/ questions being asked by the other users. | Satisfactorily provided a brief description of the forum and satisfactorily described the types of discussions/ questions being asked by the other users. | Thoroughly provided a brief description of the forum and thoroughly described the types of discussions/ questions being asked by the other users. |
3. Take a screen shot of the verification process and paste the screen shots into your document.
Weight: 20% |
Did not submit or incompletely provided a screenshot of the verification process and did not submit or pasted incomplete screen shots in your document. | Partially provided a screenshot of the verification process andpasted partial screen shots in your document. | Satisfactorily provided a screenshot of the verification process andpasted satisfactory screen shots in your document. | Thoroughly provided a screenshot of the verification process andpasted thorough screen shots in your document. |
4. Locate the End User License Agreement (EULA) on your selected forum and paste it in the document.
Weight: 10% |
Did not submit or incompletely submitted a screenshot of the EULA in your document. | Partially submitted a screenshot of the EULA in your document. | Satisfactorily submitted a screenshot of the EULA in your document. | Thoroughly submitted a screenshot of the EULA in your document. |
5. Provide a brief description of all the steps your instructor or a fellow student would need to take to sign up for the same forum you selected in order to gain the same posting rights that you have.
Weight: 10% |
Did not submit or provided an incomplete brief description of all the steps your instructor or a fellow student would need to take to sign up for the same forum you selected in order to gain the same posting rights that you have. | Partially provided a brief description of all the steps your instructor or a fellow student would need to take to sign up for the same forum you selected in order to gain the same posting rights that you have. | Satisfactorily provided a brief description of all the steps your instructor or a fellow student would need to take to sign up for the same forum you selected in order to gain the same posting rights that you have. | Provided a brief, yet thorough description of all the steps your instructor or a fellow student would need to take to sign up for the same forum you selected in order to gain the same posting rights that you have. |
6. What feedback would you give to the forum’s administrator to improve their access control strategy?
Weight: 10% |
Did not submit or provided incomplete feedback you would give to the forum’s administrator to improve their access control strategy. | Partially provided feedback you would give to the forum’s administrator to improve their access control strategy. | Satisfactorily provided feedback you would give to the forum’s administrator to improve their access control strategy. | Thoroughly provided feedbackyou would you give to the forum’s administrator to improve their access control strategy. |