Chapter 2 Exercises & Case Exercises Essay

1. See the statement: an single menace agent. like a hacker. can be a factor in more than one menace class. If a hacker hacks into a web. copies a few files. defaces the Web page. and bargains recognition card Numberss. how many different menace classs does this onslaught autumn into?

a. Overall. I believe this onslaught falls into four major menace classs: deliberate Acts of the Apostless of trespass. via medias to rational belongings. proficient failures. and managerial failure. Furthermore. I believe this onslaught would be categorized as a deliberate act of theft/trespass which compromises rational belongings due to proficient and managerial failures. B. It seems as this hacker was intentionally doing injury ( i. e. copying files. vandalising the web page. and larceny of recognition card Numberss ) ; due to their method of entry – choping into a web – it leaves me to believe there were some proficient failures. such as package exposures or a trap door. However. that is merely one possibility as to what could hold occurred. This could hold besides been a managerial failure ; state the unknown hacker used societal technology to obtain the information to derive entree to the web – proper planning and process executing could hold potentially thwarted this hacker’s onslaught. 2. Using the Web. research Mafiaboy’s exploits. When and how did he compromise sites? How was he caught? c. Michael Demon Calce. besides known as Mafiaboy. was a high school pupil from West Island. Quebec. who launched a series of extremely publicized DDoS ( denial-of-service ) onslaughts in February 2000 against big commercial web sites including: Yokel! . Fifa. com. Amazon. com. Dell. Inc. . E*Trade. eBay. and CNN. Calce besides attempted to establish a series of coincident onslaughts against nine of the 13 root name waiters. d. On February 7th. 2000. Calce targeted Yahoo! With a undertaking he named “Rivolta” – intending public violence in Italian.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

This undertaking utilized a denial of service cyber-attack in which waiters become overladen with different types of communications. to the point in which they wholly shut down. Calce managed to close down the multibillion dollar company and the web’s top hunt engine for about an hr. His end was to set up laterality for himself and TNT – his cybergroup. Over the following hebdomad. Calce besides brought down eBay. CNN. Amazon and Dell via the same DDoS onslaught. e. Calce’s actions were under intuition when the FBI and the Royal Canadian Mounted Police noticed stations in an IRC chat room which bragged/claimed duty for the onslaughts. He became the head suspect when he claimed to hold brought down Dell’s web site. an onslaught non yet publicized at the clip. Information on the beginning of the onslaughts was ab initio discovered and reported to the imperativeness by Michael Lyle. main engineering officer of Recourse Technologies. Calce ab initio denied duty but subsequently pled guilty to most of the charges brought against him – the Montreal Youth Court sentenced him on September 12. 2001 to eight months of “open detention. ” one twelvemonth of probation. restricted usage of the Internet. and a little mulct. It is estimated that these onslaughts caused $ 1. 2 billion dollars in planetary economic amendss. 3. Search the Web for the “The Official Phreaker’s Manual. ” What information contained in this manual might assist a security decision maker to protect a communications system? f. A security decision maker is a specializer in computing machine and web security. including the disposal of security devices such as firewalls. every bit good as confer withing on general security steps. g. Phreaking is a slang term coined to depict the activity of a civilization of people who study. experiment with. or research telecommunication systems. such as equipment and systems connected to public telephone webs. Since telephone webs have become computerized. phreaking has become closely linked with computing machine choping. I. Example of Phreaking: Using assorted audio frequences to pull strings a phone system. h. Overall. a security decision maker could utilize this manual to derive cognition of footings associated with phreaking and the in’s & A ; outs of the procedure ( i. e. how it is executed ) . However. the security decision maker should concentrate on Chapter 10 – “War on Phreaking” – this subdivision ( pg 71-73 ) trades with constructs such as entree. “doom. ” tracing. and security. An decision maker could change by reversal engineer this information to protect his/her systems from such onslaughts. 4. The chapter discussed many menaces and exposures to information security. Using the Web. happen at least two other beginnings of information on menace and exposures. Get down with World Wide Web. securityfocus. com and utilize a keyword hunt on “threats. ” i. hypertext transfer protocol: //www. darkreading. com/vulnerability-threats

two. Dark Reading’s Vulnerabilities and Threats Tech Center is your resource for interrupting intelligence and information on the latest possible menaces and proficient exposures impacting today’s IT environment. Written for security and IT professionals. the Vulnerabilities and Threats Tech Center is designed to supply in-depth information on newly-discovered web and application exposures. possible cybersecurity feats. and security research consequences j. hypertext transfer protocol: //www. symantec. com/security_response/

three. Our security research centres around the universe provide alone analysis of and protection from IT security menaces that include malware. security hazards. exposures. and Spam. 5. Using the classs of menaces mentioned in this chapter. every bit good as the assorted onslaughts described. reexamine several current media beginnings and place illustrations of each. k. Acts of human mistake or failure:

four. Students and staff were told in February that some 350. 000 of them could hold had their societal security Numberss and fiscal information exposed on the cyberspace. v. “It happened during an ascent of some of our IT systems. We were upgrading a waiter and through human mistake there was a misconfiguration in the puting up of that waiter. ” said UNCC spokesman. Stephen Ward. l. Compromises to rational belongings:

six. Today we bring intelligence of action against a site that supplied links to movies. music and games hosted on file-hosters all around the universe. Governments say they have charged three persons said to be the decision makers of a really big file-sharing site. seven. To acquire an thought of the gravitation local constabulary are seting on the instance. we can compare some recent stats. Harmonizing to US governments Megaupload. one of the world’s largest web sites at the clip. cost rightsholders $ 500m. GreekDDL ( harmonizing to Alexa Greece’s 63rd largest site ) allegedly cost rightsholders $ 85. 4m. m. Deliberate Acts of the Apostless of espionage or trespass:

eight. The single responsible for one of the most important leaks in US political history is Edward Snowden. a 29-year-old former proficient helper for the CIA and current employee of the defence contractor Booz Allen Hamilton. Snowden has been working at the National Security Agency for the last four old ages as an employee of assorted outside contractors. including Booz Allen and Dell. nine. Snowden will travel down in history as one of America’s most eventful whistle blowers. aboard Daniel Ellsberg and Bradley Manning. He is responsible for passing over stuff from one of the world’s most close organisation – the NSA. ten. Additional. interesting. read: hypertext transfer protocol: //www. cbsnews. com/8301-201_162-57600000/edward-snowdens-digital-maneuvers-still-stumping-u. s-government/ 1. The government’s forensic probe is wrestling with Snowden’s evident ability to get the better of precautions established to supervise and discourage people looking at information without proper permission. n. Deliberate Acts of the Apostless of information extortion:

eleven. Hackers claimed to hold breached the systems of the Belgian recognition supplier Elantis and threatened to print confidential client information if the bank does non pay $ 197. 000 before Friday. they said in a statement posted to Pastebin. Elantis confirmed the information breach Thursday. but the bank said it will non give in to extortion menaces. twelve. The hackers claim to hold captured login certificates and tabular arraies with on-line loan applications which hold informations such as full names. occupation descriptions. contact information. ID card Numberss and income figures. thirteen. Harmonizing to the hackers the information was stored unprotected and unencrypted on the waiters. To turn out the drudge. parts of what they claimed to be captured client informations were published. O. Deliberate Acts of the Apostless of sabotage or hooliganism:

fourteen. Fired Contractor Kisses Off Fannie Mae With Logic Bomb xv. Rajendrasinh Babubha Makwana. a former IT contractor at Fannie Mae who was fired for doing a coding error. was charged this hebdomad with puting a “logic bomb” within the company’s Urbana. Md. . informations centre in late October of last twelvemonth. The malware was set to travel into consequence at 9 a. m. EST Saturday
and would hold disabled internal monitoring systems as it did its harm. Anyone logging on to Fannie Mae’s Unix waiter web after that would hold seen the words “Server Graveyard” appear on their workstation screens. p. Deliberate Acts of the Apostless of larceny:

sixteen. Four Russian subjects and a Ukrainian have been charged with running a sophisticated hacking organisation that penetrated computing machine webs of more than a twelve major American and international corporations over seven old ages. stealing and selling at least 160 million recognition and debit card Numberss. ensuing in losingss of 100s of 1000000s of dollars. Q. Deliberate package onslaughts:

seventeen. China Mafia-Style Hack Attack Drives California Firm to Brink xviii. A group of hackers from China waged a relentless run of cyber torment against Solid Oak Software Inc. . Milburn’s family-owned. eight-person house in Santa Barbara. California. The onslaught began less than two hebdomads after Milburn publically accused China of allowing his company’s parental filtering package. CYBERsitter. for a national Internet censorship undertaking. And it ended shortly after he settled a $ 2. 2 billion case against the Chinese authorities and a twine of computing machine companies last April. nineteen. In between. the hackers assailed Solid Oak’s computing machine systems. closing down web and e-mail waiters. descrying on an employee with her webcam. and deriving entree to sensitive files in a conflict that caused company grosss to topple and convey it within a hair’s comprehensiveness of prostration. r. Forces of nature:

twenty. Websites Scramble As Hurricane Sandy Floods Data Centers xxi. The freak storm flooded informations centres in New York City. taking down several major web sites and services — including The Huffington Post. Buzzfeed and Gawker — that depended on them to run their concerns. twenty-two. Several web sites stored their informations at a lower Manhattan informations centre run by Datagram. whose cellar was inundated with H2O during the storm. deluging generators that were intended to maintain the power on. s. Deviations in quality of service from service suppliers: twenty-three. China’s Internet hit by biggest cyberattack in its history twenty-four.
Internet users in China were met with sulky response times early Sunday as the country’s sphere extension came under a “denial of service” onslaught. twenty-five. The onslaught was the largest of its sort of all time in China. harmonizing to the China Internet Network Information Center. a province bureau that manages the. cn state sphere. twenty-six. The double-barrelled onslaughts took topographic point at around 2 a. m. Sunday. and so once more at 4 a. m. The 2nd onslaught was “long-lasting and large-scale. ” harmonizing to province media. which said that service was easy being restored. t. Technical hardware failures or mistakes:

twenty-seven. A hardware failure in a Scots RBS Group engineering centre caused a NatWest bank outage. twenty-eight. It prevented clients from utilizing online banking services or making debit card minutess. u. Technical package failure or mistakes:

twenty-nine. RBS boss incriminations package ascent for history jobs xxx. The foreman of RBS has confirmed that a package alteration was responsible for the widespread computing machine jobs impacting 1000000s of customers’ bank histories. v. Technological obsolescence:

xxxi. SIM Card games Have Finally Been Hacked. And The Flaw Could Affect Millions Of Phones xxxii. After three old ages of research. German cryptanalyst Karsten Nohl claims to hold eventually found encoding and package defects that could impact 1000000s of SIM cards. and open up another path on nomadic phones for surveillance and fraud.

Case Exercises

Soon after the board of managers run intoing. Charlie was promoted to Chief Information Security Officer. a new place that reports to the CIO. Gladys Williams. and that was created to supply leading for SLS’s attempts to better its security profile.

Questions:

1. How do Fred. Gladys. and Charlie perceive the range and graduated table of the new information security attempt? a. Charlie’s proposed information security program aims at procuring concern package. informations. the webs. and computing machines which store information. The range of the information security attempt is rather huge. taking at procuring each exposure – in add-on to the aforementioned. the new information security program besides focuses on the company’s staff. Since excess attempt will be required to implement the new managerial program and put in new security package and tools. the graduated table of this operation is rather big. 2. How will Fred step success when he evaluates Gladys’ public presentation for this undertaking? How will he measure Charlie’s public presentation? b. Gladys is appointed as CIO of the squad. which is gathered to better the security of the company due to virus onslaught that caused a loss in the company ; I believe Fred will mensurate Gladys success by her ability to take. maintain the program on path ( i. e. clip direction ) and successfully lodging to the proposed budget. Charlie was promoted to main information security officer. a new place that reports to the CIO ; I believe Fred will mensurate Charlie’s success by his ability to implement the new program. describe his/their advancement and the overall success of the new system. 3. Which of the menaces discussed in this chapter should have Charlie’s attending early in his planning procedure? c. Portable Media Management ( Ex. USB. DVD-R/W ) should have Charlie’s attending early in his planning procedure