Security element that relate to breaking protocol

I am working on evaluating an unsecure protocol. I am trying to categorize the vulnerabilites according to some commonly accepted security elements like the ones specified in the CIA triad or the Parkerian hexad.

There are many vulnerabilites that i can relate to the Parkerian hexad, for example participants can fake their id which would relate to the authenticity element of the Parkerian hexad.

Another vulnerability is that the rules of the protocol can easily be broken, for example participants that follow the protocol aims to form groups and one rule is that participant should never be in more than one group at any given time. The rule is broken if malicious participants send join-requests to different groups.

Basically, i am looking for some security element like confidentiality in the CIA triad or authenticity in the Parkerian hexad that would relate to “breaking of protocol-rules”. Are there any security element, for example in the parkerian hexad or other that relates to “breaking of protocol-rules”?

Parkerian hexad

Cia triad

Why Security Guard at the Frankfurt Airport behaves nasty against me? [on hold]

I am travelling a lot but will now avoid Frankfurt airport where security guards assume they can get personal with any passenger and as a revenge thoroughly go through their stuff and delay their departures by doing so. I was passing through the transit security check on April 22 when I was stopped by a rather irritated security guard at aisle 6 in transit zone. I asked to clarify his demand with his supervisor as I didn’t understand his English well and he wasn’t explaining much – he just wanted to show his power and do what he wanted to do. He got very angry at the word ‘supervisor’ and called his colleague mocking my request in German (obviously he didn’t know I understand German). That was already rude and uncomfortable but he continued to behave hostile. When the supervisor came this border guard kept on smirking and laughing at me talking to his colleague in German in my presence, then he said ‘I told you so’, and threw my stuff away leaving me with ‘trash’. ‘Take your trash with you!’ he yelled and I asked him to be more polite. The whole experience was very unpleasant but I was surprised how his bad manners and bad mood were silently accepted as the ‘right thing to do’ by his colleagues. The worst started when he left his post to personally oversee the screening of my hand luggage asking his friend at the computer to find something suspicious or something that could delay my departure from the point. I could see how he was pointing out to the computer and laughing, continuously discussing me with his colleagues. NO ONE said a word! The woman who checked my bag afterwards spoke bad English too and said that something was ‘stupid’ and that I shouldn’t get angry. I told her it was her colleague who was angry and out of line. I still cannot believe that such a big and international airport like Frankfurt cannot afford to have a proper training for their security guards who act like mobbing crowd, utterly unprofessional making passengers’ experience worse and worse. Moreover, I cannot believe how this hostile behaviour can be a norm? I will definitely avoid travelling via Frankfurt again and if only the security guards supervisor ever listened or spoke proper English, I wish there was a system to control such unprofessional, hostile behaviour that underlines also a calculated personal invasion with an intent to revenge.

cyber security vs software engineer vs network engineering

I like develop web based systems,software and i’m planning to do my degree.But I’m confused when choosing a degree.i choose 3 degrees first one – software engineering,second one- network engineering ,third one-cyber security engineering,can any one help me to choose one degree(Degree that suits my interests)what degree matching for my skills?

метод configure в Spring Security

Есть конфиг в Spring Security:

@Configuration @EnableWebSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter {      @Override     protected void configure(AuthenticationManagerBuilder authBuilder) throws Exception {          authBuilder                 .userDetailsService(userDetailsService())                 .passwordEncoder(passwordEncoder());     }      @Bean     public BCryptPasswordEncoder passwordEncoder() {         return new BCryptPasswordEncoder();     }      @Bean     public UserDetailsService userDetailsService() {         return new CustomUserDetailsService();     } } 

Далее имплементация интерфейса UserDetailsService:

public class CustomUserDetailsService implements UserDetailsService {     @Autowired     private UserRepository userRepository;      @Override     public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {         User user = userRepository.findByEmail(email);          if(Objects.nonNull(user)) {              List<SimpleGrantedAuthority> authorities = user.getRoles().stream()                     .map(Role::getRole)                     .map(SimpleGrantedAuthority::new)                     .collect(Collectors.toList());              return new CustomUserDetails(user.getId(), email, user.getPassword(), user.isActive(), true,                     true, true, authorities);         } else {              throw new UsernameNotFoundException();         }     } } 

Мне не очень понятно какую функцию выполняет именно вариация метода void configure(AuthenticationManagerBuilder authBuilder). Просьба описать пошагово как происходит отработка такой функциональности от точки входа и до конца, то есть нужен такой себе сценарий.

Windows Level-5-baselines for download (c.f. security baselines) [on hold]

To harden a Windows 10, Microsoft proposes the security configuration framework with 5 levels.

The 5-level framework can be divided into Productivity Devices and Privileged Access Workstations.

For Privileged Access Workstations (levels 1&2) Microsoft provides downloadable and importable “security baselines”.

For the productivity devices (levels 3-5) detailed policy prescriptions are published but I cannot find e.g. a level-5-baseline which I can download and import.

Does e.g. a level-5-baseline exist? Or do I have to take all the settings from the web page and set them each individually myself?

Bitlocker, does additional authentication at startup with TPM device provide any extra security?

Will enabling additional authentication on startup provide any extra security with Bitlocker? At the moment, my laptop boots straight into a Windows login where I use a pin. If I chose to not use pin, and a complex password, would that provide the same level of security as authentication at startup?