Chapter 2 Exercises & Case Exercises Essay

1. Consider the command an individual menace agent, like a hacker, empennage be a portion in more than hotshot threat category. If a hacker hacks into a ne twork, copies a few files, defaces the Web page, and steals reference book presidential term n angiotensin converting enzyme numbers, how many different threat categories does this flaming f all(prenominal) into?a. Overall, I deal this fill out falls into 4 major threat categories everyplaceturn acts of trespass, via medias to talented proper(ip)ty, technical afflictions, and managerial failure. Furthermore, I believe this attack would be categorized as a deliberate act of theft/trespass which compromises intellectual property due to technical and managerial failures. b. It seems as this hacker was deliberately create harm (i.e. copying files, vandalizing the web page, and theft of credit scorecard numbers) due to their method acting of entry hacking into a network it leaves me to believe there were some te chnical failures, much(prenominal) as packet vulnerabilities or a trap door. However, that is just one conjecture as to what could shed occurred. This could put one across alike been a managerial failure produce the un cognize hacker used phasely engineering to obtain the info to strain access to the network proper preparation and procedure execution could amaze potentially thwarted this hackers attack. 2. utilise the Web, research Mafiaboys exploits. When and how did he compromise situates? How was he caught? c. Michael Demon Calce, overly known as Mafiaboy, was a high give instruction student from West Island, Quebec, who launched a serial publication of highly publicized DDoS (denial-of-service) attacks in February 2000 a profitsst expectant commercial websites including Yahoo, Fifa.com, Amazon.com, Dell, Inc., E*Trade, eBay, and CNN. Calce as well attempted to launch a serial publication of simultaneous attacks against nine of the thirteen go work by dint o f name servers. d. On February 7th, 2000, Calce tar achieveed Yahoo With a project he named Rivolta meaning screaming in Italian.This project utilized a denial of service cyber-attack in which servers call on overloaded with different types of communications, to the point in which they completely shut round. Calce managed to shut gloomy the multibillion dollar caller-up and the webs top search engine for close to an hour. His goal was to establish dominance for himself and trinitrotoluene his cybergroup. Over the next week, Calce also brought galvanic pile eBay, CNN, Amazon and Dell via the same DDoS attack. e. Calces actions were under suspicion when the FBI and the Royal Canadian Mounted Police noticed posts in an IRC chatroom which bragged/claimed responsibility for the attacks. He became the tribal important suspect when he claimed to baffle brought down Dells website, an attack not yet publicized at the time. selective cultivation on the source of the attacks was i nitially observe and reported to the press by Michael Lyle, chief applied science officer of Recourse Technologies. Calce initially denied responsibility alone later pled blamable to virtually of the charges brought against him the Montreal Youth Court sentenced him on September 12, 2001 to eight months of uncovered custody, one year of probation, restricted use of the Internet, and a small fine. It is estimated that these attacks caused $1.2 billion dollars in spheric economic damages. 3. Search the Web for the The decreed Phreakers Manual. What study contained in this manual(a) might help a warranter executive director to protect a communications system? f. A warrantor executive director is a specialist in entropy processor and network warrantor, including the administration of warrantor devices much(prenominal) as firewalls, as well as consulting on general certification department measures measures. g. Phreaking is a slang term coined to describe the exer tion of a culture of bulk who study, essay with, or explore telecommunication systems, such(prenominal) as equipment and systems connected to public reverberate networks. Since telephone networks have change state computing deviceized, phreaking has become closely linked with ready reckoner hacking. i. role model of Phreaking Using different audio frequencies to talk through ones hat a phone system. h. Overall, a security administrator could use this manual to gain knowledge of terms associated with phreaking and the ins & outs of the process (i.e. how it is executed). However, the security administrator should focus on Chapter 10 state of war on Phreaking this section (pg 71-73) deals with concepts such as access, doom, tracing, and security. An administrator could reverse engineer this nurture to protect his/her systems from such attacks. 4. The chapter discussed many threats and vulnerabilities to information security. Using the Web, find at to the lowest degree two other sources of information on threat and vulnerabilities. Begin with www.securityfocus.com and use a keyword search on threats. i. http//www.darkreading.com/vulnerability-threatsii. Dark narrations Vulnerabilities and Threats Tech Center is your imagery for breaking novels and information on the latest potential threats and technical vulnerabilities impact todays IT environment. Written for security and IT professionals, the Vulnerabilities and Threats Tech Center is designed to turn in in-depth information on newly-discovered network and activity vulnerabilities, potential cybersecurity exploits, and security research results j. http//www.symantec.com/security_response/iii. Our security research centers around the creative activity return unparalleled analysis of and protection from IT security threats that include malware, security risks, vulnerabilities, and spam. 5. Using the categories of threats mentioned in this chapter, as well as the various attacks described, review several current media sources and come upon examples of distributively. k. Acts of human error or failureiv. Students and staff were told in February that some 350,000 of them could have had their social security numbers and monetary information exposed on the internet. v. It happened during an mount of some of our IT systems. We were upgrading a server and through human error there was a misconfiguration in the setting up of that server, tell UNCC spokesman, Stephen Ward. l. Compromises to intellectual propertyvi. Today we function news of action against a site that supplied links to films, music and games hosted on file-hosters all around the world. Authorities say they have aerated three individuals say to be the administrators of a very large file-sharing site. vii. To get an idea of the gravity local legal philosophy are putting on the case, we can compare some recent stats. fit to US authorities Megaupload, one of the worlds largest websites at the time, cost r ightsholders $500m. GreekDDL ( jibe to Alexa Greeces 63rd largest site) allegedly cost rightsholders $85.4m. m. Deliberate acts of espionage or trespassviii. The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 29-year-old source technical assistant for the CIA and current employee of the acknowledgment contractile organ Booz Allen Hamilton. Snowden has been working at the bailiwick Security Agency for the last four years as an employee of various right(prenominal) contractors, including Booz Allen and Dell. ix. Snowden will go down in history as one of the Statess most consequential whistleblowers, on base Daniel Ellsberg and Bradley Manning. He is responsible for handing over sensible from one of the worlds most secretive make-up the NSA. x. Additional, interesting, read http//www.cbsnews.com/8301-201_162-57600000/edward-snowdens-digital-maneuvers-still-stumping-u.s-government/ 1. The governments forensic investigati on is grapple with Snowdens apparent ability to defeat safeguards established to monitor and deter people looking at information without proper permission. n. Deliberate acts of information extortionxi. cabrioleters claimed to have breached the systems of the Belgian credit provider Elantis and threatened to spread abroad confidential customer information if the cashbox does not pay $197,000 before Friday, they said in a statement post to Pastebin. Elantis con unfalteringed the information breach Thursday, but the bank said it will not give in to extortion threats. xii. The hackers claim to have captured login credentials and tables with online loan applications which hold entropy such as full names, suppose descriptions, contact information, ID card numbers and income figures. xiii. fit in to the hackers the data was stored unprotected and unencrypted on the servers. To point the hack, parts of what they claimed to be captured customer data were published. o. Deliberate acts of sabotage or malicious mischiefxiv. Fired Contractor Kisses Off Fannie Mae With system of logic Bomb xv. Rajendrasinh Babubha Makwana, a former IT contractor at Fannie Mae who was fired for making a coding mistake, was charged this week with placing a logic bomb in spite of appearance the social clubs Urbana, Md., data center in late October of last year. The malware was set to go into effect at 9 a.m. EST Saturdayand would have disabled internal monitoring systems as it did its damage. Anyone logging on to Fannie Maes Unix server network after that would have seen the address Server Graveyard appear on their workstation screens. p. Deliberate acts of theftxvi. Four Russian nationals and a Ukrainian have been charged with running a sophisticated hacking organization that penetrated computer networks of more than a cardinal major American and international corporations over seven years, stealing and selling at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars. q. Deliberate bundle attacksxvii. mainland mainland chinaware Mafia-Style Hack Attack Drives California Firm to scepter xviii. A group of hackers from China waged a relentless campaign of cyber harassment against unassailable oak tree Software Inc., Milburns family-owned, eight-person firm in Santa Barbara, California. The attack began less than two weeks after Milburn publicly accused China of appropriating his companys parental filtering software, CYBERsitter, for a national Internet censoring project. And it terminate shortly after he settled a $2.2 billion lawsuit against the Chinese government and a string of computer companies last April. xix. In between, the hackers assailed Solid Oaks computer systems, shutting down web and e-mail servers, spying on an employee with her webcam, and gaining access to sensitive files in a battle that caused company revenues to tumble and brought it within a hairs pretension of collapse. r. Fo rces of naturexx. Websites Scramble As Hurricane light-haired Floods Data Centers xxi. The freak storm fill up data centers in New York City, fetching down several major websites and function including The Huffington Post, Buzzfeed and Gawker that depended on them to run their carees. xxii. Several websites stored their data at a lower Manhattan data center run by Datagram, whose basement was inundated with water during the storm, flooding generators that were intend to keep the power on. s. Deviations in flavour of service from service providers xxiii. Chinas Internet hit by biggest cyberattack in its history xxiv.Internet users in China were met with sluggish response times archaean Sunday as the countrys domain extension came under a denial of service attack. xxv. The attack was the largest of its kind ever in China, according to the China Internet Network data Center, a state agency that manages the .cn country domain. xxvi. The double-barreled attacks took place at a round 2 a.m. Sunday, and then again at 4 a.m. The second attack was long-lasting and large-scale, according to state media, which said that service was easily being restored. t. Technical hardware failures or errorsxxvii. A hardware failure in a Scottish RBS Group technology center caused a NatWest bank outage. xxviii. It prevented customers from use online banking services or doing debit card transactions. u. Technical software failure or errorsxxix. RBS boss blames software upgrade for score problems xxx. The boss of RBS has confirmed that a software change was responsible for the widespread computer problems affecting millions of customers bank accounts. v. Technological obsolescencexxxi. SIM card game Have Finally Been Hacked, And The Flaw Could instill Millions Of Phones xxxii. After three years of research, German cryptographer Karsten Nohl claims to have finally set up encryption and software flaws that could affect millions of SIM cards, and open up another route on mobi le phones for surveillance and fraud.Case Exercises curtly after the board of directors meeting, Charlie was promoted to Chief Information Security Officer, a new present that reports to the CIO, Gladys Williams, and that was created to provide leadership for SLSs efforts to improve its security profile.Questions1. How do Fred, Gladys, and Charlie get the picture the scope and scale of the new information security effort? a. Charlies proposed information security computer programme aims at securing business software, data, the networks, and computers which store information. The scope of the information security effort is quite vast, aiming at securing each vulnerability in addition to the aforementioned, the new information security picture also focuses on the companys staff. Since unneeded effort will be needful to utilize the new managerial plan and install new security software and tools, the scale of this operation is quite large. 2. How will Fred measure achievement w hen he pass judgments Gladys surgical procedure for this project? How will he evaluate Charlies performance? b. Gladys is appointed as CIO of the team, which is gathered to improve the security of the company due to virus attack that caused a loss in the company I believe Fred will measure Gladys success by her ability to lead, keep the plan on track (i.e. time management) and successfully sticking to the proposed budget. Charlie was promoted to chief information security officer, a new position that reports to the CIO I believe Fred will measure Charlies success by his ability to implement the new plan, report his/their progress and the boilers suit success of the new system. 3. Which of the threats discussed in this chapter should go through Charlies attention advance(prenominal) in his planning process? c. Portable Media steering (Ex. USB, DVD-R/W) should receive Charlies attention early in his planning process