Chapter 2 Exercises & Case Exercises Essay

1. Consider the statement an individual threat agent, same(p) a hacker, can be a f practiseor in to a greater extent(prenominal) than superstar threat category. If a hacker hacks into a communicate, copies a more or less files, defaces the Web page, and steals attribute card numbers, how many different threat categories does this dishonour fall into?a. Overall, I imagine this endeavour falls into four major threat categories deliberate acts of trespass, compromises to intellectual property, technical mishaps, and managerial reverse. Furthermore, I believe this attack would be categorized as a deliberate act of theft/trespass which compromises intellectual property due to technical and managerial failures. b. It seems as this hacker was deliberately causing harm (i.e. copying files, vandalizing the weave page, and theft of credit card numbers) due to their method of entry hacking into a communicate it leaves me to believe there were some technical failures, such as s oftware vulnerabilities or a trap door. However, that is just one conjecture as to what could fetch occurred. This could concur in addition been a managerial failure say the unknown hacker habitd social railway locomotiveering to fuck off the tuition to gain access to the ne twork proper planning and action execution could have potentially thwarted this hackers attack. 2. victimisation the Web, research Mafiaboys exploits. When and how did he compromise sites? How was he caught? c. Michael Demon Calce, also known as Mafiaboy, was a high school student from westward Island, Quebec, who launched a serial publication of highly air DDoS (denial-of-service) attacks in February 2000 against large technical websites including rube, Fifa.com, Amazon.com, Dell, Inc., E*Trade, eBay, and CNN. Calce also attempted to launch a series of simultaneous attacks against nine of the thirteen root name servers. d. On February 7th, 2000, Calce tar inviteed Yahoo With a endure he named Riv olta meaning riot in Italian.This support utilized a denial of service cyber-attack in which servers become overladen with different types of communications, to the point in which they completely shut go through. Calce managed to shut down the multibillion dollar participation and the webs top search engine for almost an hour. His goal was to establish dominance for himself and TNT his cyber convocation. Over the following week, Calce also brought down eBay, CNN, Amazon and Dell via the same DDoS attack. e. Calces actions were chthonic suspicion when the FBI and the Royal Canadian Mounted Police noticed posts in an IRC chatroom which bragged/claimed responsibility for the attacks. He became the chief suspect when he claimed to have brought down Dells website, an attack not yet publicized at the time. culture on the source of the attacks was ab initio discovered and inform to the press by Michael Lyle, chief technology officer of Recourse technologies. Calce initially deni ed responsibility but later pled guilty to most of the charges brought against him the Montreal Youth accost sentenced him on September 12, 2001 to eight months of clean-cut custody, one year of probation, restrict use of the Internet, and a small fine. It is estimated that these attacks caused $1.2 billion dollars in global economical damages. 3. Search the Web for the The Official Phreakers Manual. What schooling contained in this manual of arms might help a credentials administrator to shelter a communications system? f. A shelter administrator is a specializer in computer and network shelter, including the administration of security devices such as firewalls, as well as consulting on general security beaks. g. Phreaking is a slang term coined to describe the activity of a culture of bulk who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. Since telephone networks have become compu terized, phreaking has become well linked with computer hacking. i. Example of Phreaking Using unhomogeneous audio frequencies to command a phone system. h. Overall, a security administrator could use this manual to gain knowledge of terms associated with phreaking and the ins & outs of the operation (i.e. how it is executed). However, the security administrator should focus on Chapter 10 War on Phreaking this discussion section (pg 71-73) deals with concepts such as access, doom, tracing, and security. An administrator could reverse engineer this development to protect his/her systems from such attacks. 4. The chapter discussed many threats and vulnerabilities to information security. Using the Web, find at least two other sources of information on threat and vulnerabilities. Begin with www.securityfocus.com and use a keyword search on threats. i. http//www.darkreading.com/vulnerability-threatsii. Dark Readings Vulnerabilities and Threats Tech Center is your resource for br eaking news and information on the up-to-the-minute potential threats and technical vulnerabilities affecting todays IT environment. Written for security and IT professionals, the Vulnerabilities and Threats Tech Center is designed to provide in-depth information on newly-discovered network and application vulnerabilities, potential cybersecurity exploits, and security research results j. http//www.symantec.com/security_ resolution/iii. Our security research centers virtually the institution provide unparalleled analysis of and protection from IT security threats that embarrass malware, security risks, vulnerabilities, and spam. 5. Using the categories of threats mentioned in this chapter, as well as the various attacks described, review several current media sources and identify examples of each. k. Acts of human error or failureiv. Students and staff were told in February that some 350,000 of them could have had their social security numbers and financial information exposed o n the internet. v. It happened during an upgrade of some of our IT systems. We were upgrading a server and through human error there was a misconfiguration in the rophyting up of that server, said UNCC spokesman, Stephen Ward. l. Compromises to intellectual propertyvi. straight off we bring news of action against a site that supplied links to films, symphony and games hosted on file-hosters all around the world. Authorities say they have charged three individuals said to be the administrators of a very large file-sharing site. vii. To get an idea of the gravity local police are putting on the case, we can compare some recent stats. According to US governance Megaupload, one of the worlds largest websites at the time, cost rightsholders $500m. GreekDDL (according to Alexa Greeces 63rd largest site) allegedly cost rightsholders $85.4m. m. Deliberate acts of espionage or trespassviii. The individual responsible for one of the most significant leaks in US political history is Edwar d Snowden, a 29-year-old former technical assistant for the CIA and current employee of the defense contractor Booz Allen Hamilton. Snowden has been workings at the National Security Agency for the last four old age as an employee of various outside contractors, including Booz Allen and Dell. ix. Snowden go away go down in history as one of Americas most of import whistleblowers, alongside Daniel Ellsberg and Bradley Manning. He is responsible for handing over material from one of the worlds most secretive organization the NSA. x. Additional, interesting, read http//www.cbsnews.com/8301-201_162-57600000/edward-snowdens-digital-maneuvers-still-stumping-u.s- judicature/ 1. The governments forensic investigation is wrestling with Snowdens apparent ability to overtake safeguards established to monitor and deter people looking at information without proper permission. n. Deliberate acts of information extortionxi. Hackers claimed to have breached the systems of the Belgian credit p rovider Elantis and threatened to publish confidential customer information if the bank does not pay $197,000 before Friday, they said in a statement post to Pastebin. Elantis confirmed the data breach Thursday, but the bank said it entrust not give in to extortion threats. xii. The hackers claim to have captured login credentials and tables with online loanword applications which hold data such as full names, job descriptions, tie-in information, ID card numbers and income figures. xiii. According to the hackers the data was stored unprotected and unencrypted on the servers. To rebel the hack, parts of what they claimed to be captured customer data were published. o. Deliberate acts of sabotage or vandalismxiv. Fired Contractor Kisses Off Fannie Mae With Logic Bomb xv. Rajendrasinh Babubha Makwana, a former IT contractor at Fannie Mae who was fired for making a cryptogram mistake, was charged this week with placing a logic bomb within the play alongs Urbana, Md., data center i n late October of last year. The malware was set to go into effect at 9 a.m. EST Saturdayand would have disabled inbred monitoring systems as it did its damage. Anyone logging on to Fannie Maes Unix server network after(prenominal) that would have seen the words Server Graveyard appear on their workstation screens. p. Deliberate acts of theftxvi. Four Russian nationals and a Ukrainian have been charged with running a sophisticated hacking organization that penetrated computer networks of more than a dozen major American and international corporations over seven years, stealing and selling at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars. q. Deliberate software attacksxvii. mainland China Mafia-Style Hack Attack Drives California Firm to Brink xviii. A group of hackers from China waged a relentless campaign of cyber harassment against Solid oak tree Software Inc., Milburns family-owned, eight-person firm in Santa Barbara, C alifornia. The attack began less than two weeks after Milburn publicly accused China of appropriating his companys agnatic filtering software, CYBERsitter, for a national Internet censoring project. And it ended shortly after he settled a $2.2 billion lawsuit against the Chinese government and a string of computer companies last April. xix. In between, the hackers assailed Solid oak trees computer systems, shutting down web and e-mail servers, detective work on an employee with her webcam, and gaining access to sensitive files in a battle that caused company revenues to tumble and brought it within a hairs breadth of collapse. r. Forces of geniusxx. Websites Scramble As Hurricane Sandy Floods Data Centers xxi. The freak storm swamp data centers in New York City, taking down several major websites and services including The Huffington Post, Buzzfeed and Gawker that depended on them to run their businesses. xxii. Several websites stored their data at a lower Manhattan data cente r run by Datagram, whose basement was make full with water during the storm, flooding generators that were intended to keep the power on. s. Deviations in choice of service from service providers xxiii. Chinas Internet hit by biggest cyberattack in its history xxiv.Internet users in China were met with sluggish response times early Sunday as the countrys field of battle extension came under a denial of service attack. xxv. The attack was the largest of its mixture ever in China, according to the China Internet Network Information Center, a state agency that manages the .cn country domain. xxvi. The double-barreled attacks took place at around 2 a.m. Sunday, and then again at 4 a.m. The bit attack was long-lasting and large-scale, according to state media, which said that service was easily being restored. t. expert hardware failures or errorsxxvii. A hardware failure in a Scottish RBS Group technology center caused a NatWest bank outage. xxviii. It prevented customers from us ing online banking services or doing debit card transactions. u. Technical software failure or errorsxxix. RBS boss blames software upgrade for broadsheet problems xxx. The boss of RBS has confirmed that a software change was responsible for the widespread computer problems affecting millions of customers bank accounts. v. Technological obsolescencexxxi. SIM Cards Have in conclusion Been Hacked, And The Flaw Could Affect Millions Of Phones xxxii. After three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud. fiber ExercisesSoon after the board of directors meeting, Charlie was promoted to Chief Information Security Officer, a new position that plows to the CIO, Gladys Williams, and that was created to provide leadership for SLSs efforts to improve its security profile.Questions1. How do Fred, Gladys, and Ch arlie perceive the scope and scale of the new information security effort? a. Charlies proposed information security plan aims at securing business software, data, the networks, and computers which store information. The scope of the information security effort is rather vast, aiming at securing each vulnerability in addition to the aforementioned, the new information security plan also focuses on the companys staff. Since bare effort will be required to implement the new managerial plan and install new security software and tools, the scale of this outgrowth is quite large. 2. How will Fred measure success when he evaluates Gladys performance for this project? How will he evaluate Charlies performance? b. Gladys is appointed as CIO of the team, which is gathered to improve the security of the company due to virus attack that caused a loss in the company I believe Fred will measure Gladys success by her ability to lead, keep the plan on track (i.e. time management) and successfu lly sticking to the proposed budget. Charlie was promoted to chief information security officer, a new position that reports to the CIO I believe Fred will measure Charlies success by his ability to implement the new plan, report his/their progress and the overall success of the new system. 3. Which of the threats discussed in this chapter should receive Charlies attention early in his planning process? c. Portable Media caution (Ex. USB, DVD-R/W) should receive Charlies attention early in his planning process