Chapter 2 Exercises & Case Exercises Essay

1. run across the statement an individual flagellum agent, similar(p) a hacker, muckle be a factor in more than wholeness threat category. If a hacker hacks into a mesh topology, copies a few files, defaces the sack page, and steals attri simplye scorecard numbers, how many different threat categories does this labialise f entirely into?a. Overall, I view this approach path falls into quartet major threat categories deliberate acts of misdemeanor, compromises to intellectual appropriate(ip)ty, skillful chastenings, and managerial failure. Furthermore, I believe this attack would be categorized as a deliberate act of theft/trespass which compromises intellectual property due to skilful foul and managerial failures. b. It seems as this hacker was by design ca development harm (i.e. copying files, vandalizing the meshing page, and theft of attribute card numbers) due to their method of entry hacking into a ne 2rk it leaves me to believe there were some techni cal failures, such as parcel vulnerabilities or a trap door. However, that is just peerless possibility as to what could abide occurred. This could hire all overly been a managerial failure say the unknown hacker utilise social locomotiveering to obtain the info to gain access to the network proper curriculumning and procedure execution could adopt potentially thwarted this hackers attack. 2. Using the Web, research Mafiaboys exploits. When and how did he compromise directs? How was he caught? c. Michael Demon Calce, in any case known as Mafiaboy, was a last school student from West Island, Quebec, who launched a series of highly customaryized DDoS (denial-of-service) attacks in February 2000 against large commercial vanesites including hayseed, Fifa.com, Amazon.com, Dell, Inc., E*Trade, eBay, and CNN. Calce also attempted to launch a series of simultaneous attacks against nine of the thirteen root name master of ceremoniess. d. On February 7th, 2000, Calce tar c arryed Yahoo With a project he named Rivolta centre riot in Italian.This project utilise a denial of service cyber-attack in which servers pass overloaded with different types of communications, to the chief in which they completely debar charge. Calce managed to shut down the multibillion dollar caller-out and the webs top search engine for almost an hour. His goal was to establish say-so for himself and TNT his cybergroup. Over the next week, Calce also brought down eBay, CNN, Amazon and Dell via the same DDoS attack. e. Calces actions were under suspicion when the FBI and the magnificent Canadian Mounted Police nonice posts in an IRC chatroom which bragged/claimed responsibility for the attacks. He became the chief suspect when he claimed to take up brought down Dells website, an attack not yet publicized at the time. cultivation on the source of the attacks was initially discovered and reported to the press by Michael Lyle, chief engineering science officer of r esort hotel Technologies. Calce initially denied responsibility but subsequent pled guilty to most of the charges brought against him the Montreal Youth motor inn sentenced him on September 12, 2001 to eight months of uncivil custody, one(a) year of probation, restricted substance abuse of the Internet, and a small fine. It is estimated that these attacks caused $1.2 billion dollars in global economic damages. 3. Search the Web for the The Official Phreakers Manual. What study contained in this manual of arms might help a bail administrator to protect a communications system? f. A trade protection administrator is a specialist in figurer and network certificate, including the administration of auspices devices such as firewalls, as sanitary as consulting on general protective covering measures. g. Phreaking is a slang term coined to calculate the activity of a culture of volume who study, experiment with, or explore telecommunication systems, such as equipment and s ystems connected to public telephone networks. Since telephone networks hand over become ready reckonerized, phreaking has become closely linked with computer hacking. i. Example of Phreaking Using heterogeneous auditory sensation frequencies to manipulate a phone system. h. Overall, a protection administrator could use this manual to gain knowledge of terms associated with phreaking and the ins & outs of the process (i.e. how it is executed). However, the protective cover administrator should focus on Chapter 10 contend on Phreaking this section (pg 71-73) deals with concepts such as access, doom, tracing, and security system. An administrator could reverse engineer this nurture to protect his/her systems from such attacks. 4. The chapter discussed many threats and vulnerabilities to knowledge security. Using the Web, find at least two other sources of reading on threat and vulnerabilities. Begin with www.securityfocus.com and use a keyword search on threats. i. http// www.darkreading.com/vulnerability-threatsii. Dark yarns Vulnerabilities and Threats Tech Center is your preference for breaking impertinents and information on the latest potential threats and technical vulnerabilities affect todays IT environment. Written for security and IT professionals, the Vulnerabilities and Threats Tech Center is designed to fork out in-depth information on newly-discovered network and act vulnerabilities, potential cybersecurity exploits, and security research results j. http//www.symantec.com/security_response/iii. Our security research centers around the earthly concern let unparalleled analysis of and protection from IT security threats that include malware, security risks, vulnerabilities, and spam. 5. Using the categories of threats mentioned in this chapter, as well as the various attacks described, review several current media sources and light upon examples of all(prenominal). k. Acts of human error or failureiv. Students and staff were tol d in February that some 350,000 of them could shoot had their social security numbers and financial information exposed on the internet. v. It happened during an get along of some of our IT systems. We were upgrading a server and through and through human error there was a misconfiguration in the setting up of that server, give tongue to UNCC spokesman, Stephen Ward. l. Compromises to intellectual propertyvi. Today we study news of action against a site that supplied links to films, music and games hosted on file-hosters all around the world. Authorities say they fuck off charged three individuals tell to be the administrators of a very large file-sharing site. vii. To get an idea of the gravity local jurisprudence are putting on the case, we can compare some recent stats. accord to US authorities Megaupload, one of the worlds largest websites at the time, cost rightsholders $500m. GreekDDL ( correspond to Alexa Greeces 63rd largest site) allegedly cost rightsholders $85.4 m. m. Deliberate acts of espionage or trespassviii. The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 29-year-old condition technical assistant for the CIA and current employee of the refutation contractile organ Booz Allen Hamilton. Snowden has been working at the content Security Agency for the last four years as an employee of various alfresco contractors, including Booz Allen and Dell. ix. Snowden forget go down in history as one of the Statess most consequential whistleblowers, on board Daniel Ellsberg and Bradley Manning. He is responsible for handing over strong from one of the worlds most secretive memorial tablet the NSA. x. Additional, interesting, read http//www.cbsnews.com/8301-201_162-57600000/edward-snowdens-digital-maneuvers-still-stumping-u.s- government activity/ 1. The governments forensic investigation is grapple with Snowdens apparent ability to surpass safeguards established to monitor and det er commonwealth looking at information without proper permission. n. Deliberate acts of information extortionxi. ballyhooers claimed to have breached the systems of the Belgian credit provider Elantis and threatened to give notice (of) confidential customer information if the argot does not pay $197,000 before Friday, they said in a statement stick on to Pastebin. Elantis con buckramed the info breach Thursday, but the bank said it will not give in to extortion threats. xii. The hackers claim to have captured login credentials and tables with online loan applications which hold information such as full names, assembly line descriptions, contact information, ID card numbers and income figures. xiii. jibe to the hackers the information was stored unprotected and unencrypted on the servers. To read the hack, parts of what they claimed to be captured customer data were published. o. Deliberate acts of sabotage or hooliganismxiv. Fired Contractor Kisses Off Fannie Mae With l ogical system Bomb xv. Rajendrasinh Babubha Makwana, a former IT contractor at Fannie Mae who was fired for making a coding mistake, was charged this week with placing a logic bomb at heart the federations Urbana, Md., data center in late October of last year. The malware was set to go into effect at 9 a.m. EST Saturdayand would have disabled internal monitoring systems as it did its damage. Anyone logging on to Fannie Maes Unix server network after that would have seen the nomenclature Server Graveyard appear on their workstation screens. p. Deliberate acts of theftxvi. Four Russian nationals and a Ukrainian have been charged with running a sophisticated hacking organization that penetrated computer networks of more than a xii major American and international corporations over seven years, stealing and selling at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars. q. Deliberate software attacksxvii. mainland mainland china Mafia-Style Hack Attack Drives California Firm to doorstep xviii. A group of hackers from China waged a relentless campaign of cyber harassment against unshakable oak Software Inc., Milburns family-owned, eight-person firm in Santa Barbara, California. The attack began less than two weeks after Milburn publicly accused China of appropriating his companys parental filtering software, CYBERsitter, for a national Internet censoring project. And it end shortly after he colonised a $2.2 billion lawsuit against the Chinese government and a string of computer companies last April. xix. In between, the hackers assailed Solid Oaks computer systems, shutting down web and e-mail servers, spying on an employee with her webcam, and gaining access to sensitive files in a battle that caused company revenues to tumble and brought it within a hairs pretentiousness of collapse. r. Forces of naturexx. Websites Scramble As Hurricane blond Floods Data Centers xxi. The freak storm fill up data ce nters in New York City, fetching down several major websites and serve including The Huffington Post, Buzzfeed and Gawker that depended on them to run their contrastes. xxii. Several websites stored their data at a lower Manhattan data center run by Datagram, whose basement was inundated with water during the storm, flooding generators that were intend to keep the power on. s. Deviations in feature of service from service providers xxiii. Chinas Internet hit by biggest cyberattack in its history xxiv.Internet users in China were met with sluggish response times primal Sunday as the countrys domain extension came under a denial of service attack. xxv. The attack was the largest of its course ever in China, according to the China Internet Network Information Center, a state agency that manages the .cn country domain. xxvi. The double-barreled attacks took place at around 2 a.m. Sunday, and then again at 4 a.m. The second attack was long-lasting and large-scale, according to st ate media, which said that service was belatedly being restored. t. Technical hardware failures or errorsxxvii. A hardware failure in a Scottish RBS Group technology center caused a NatWest bank outage. xxviii. It prevented customers from using online banking services or doing debit card transactions. u. Technical software failure or errorsxxix. RBS boss blames software upgrade for tale problems xxx. The boss of RBS has confirmed that a software change was responsible for the widespread computer problems affecting millions of customers bank accounts. v. Technological obsolescencexxxi. SIM tease Have Finally Been Hacked, And The Flaw Could sham Millions Of Phones xxxii. After three years of research, German cryptographer Karsten Nohl claims to have finally appoint encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud.Case Exercises soon after the board of directors meeting, Charlie was promote d to Chief Information Security Officer, a new gravel that reports to the CIO, Gladys Williams, and that was created to provide leadership for SLSs efforts to improve its security profile.Questions1. How do Fred, Gladys, and Charlie discern the scope and scale of the new information security effort? a. Charlies proposed information security device aims at securing business software, data, the networks, and computers which store information. The scope of the information security effort is quite vast, aiming at securing each vulnerability in addition to the aforementioned, the new information security plan also focuses on the companys staff. Since wasted effort will be involve to appliance the new managerial plan and install new security software and tools, the scale of this operation is quite large. 2. How will Fred measure mastery when he quantifys Gladys work for this project? How will he evaluate Charlies performance? b. Gladys is appointed as CIO of the team, which is g athered to improve the security of the company due to virus attack that caused a loss in the company I believe Fred will measure Gladys success by her ability to lead, keep the plan on track (i.e. time management) and successfully sticking to the proposed budget. Charlie was promoted to chief information security officer, a new position that reports to the CIO I believe Fred will measure Charlies success by his ability to implement the new plan, report his/their progress and the general success of the new system. 3. Which of the threats discussed in this chapter should elate Charlies attention other(a) in his planning process? c. Portable Media worry (Ex. USB, DVD-R/W) should receive Charlies attention early in his planning process