section 2 exercises circumstance exercises

Exercises

1 . Consider the statement: a person threat agent, like a hacker, can be a aspect in more than one danger category. If a hacker hacks into a network, copies some files, defaces the Web page, and steals credit card numbers, how a number of threat groups does this harm fall into?

a. Overall, I think this assault falls into four main threat types: deliberate functions of trespass, compromises to intellectual property, technical failures, and bureaucratic failure. Furthermore, I believe this kind of attack will be categorized being a deliberate work of theft/trespass which short-cuts intellectual property due to technological and bureaucratic failures.

w. It seems since this hacker was deliberately causing harm (i. e. replicating files, vandalizing the web site, and theft of credit-based card numbers); because of their method of entry ” cracking into a network ” that leaves me personally to believe there are some technical failures, just like software weaknesses or a pitfall door. Nevertheless , that is only one possibility as to what could have happened.

This can have also been a managerial inability; say the unfamiliar hacker utilized social engineering to obtain the details to gain access to the network ” proper planning and procedure execution would have potentially disenchanted this hacker’s attack. 2 . Using the Net, research Mafiaboy’s exploits. The moment and how would he give up sites? How was this individual caught? c. Michael Devil Calce, also referred to as Mafiaboy, was obviously a high school scholar from Western world Island, Quebec, who created a series of remarkably publicized DDoS (denial-of-service) problems in February 2000 against large business websites which include: Yahoo!, Timore. com, Amazon online. com, Dell, Inc., E*Trade, eBay, and CNN. Cu?a also attempted to launch a series of simultaneous episodes against seven of the thirteen root identity servers. m. On Feb 7th, 2150, Calce targeted Yahoo! Which has a project this individual named “Rivolta ” meaning riot in Italian. This project applied a refusal of services cyber-attack through which servers turn into overloaded with different types of communications, to thepoint in which they totally shut down.

Cu?a managed to power down the multibillion dollar company and the web’s top search results for almost 1 hour. His target was to create dominance to get himself and TNT ” his cybergroup. Over the in the near future, Calce also brought straight down eBay, CNN, Amazon and Dell with the same DDoS attack. at the. Calce’s activities were below suspicion when the FBI plus the Royal Canadian Mounted Law enforcement noticed articles in an IRC chatroom which usually bragged/claimed responsibility for the attacks. This individual became the primary suspect when he claimed to have brought down Dell’s internet site, an strike not yet published at the time. Information on the source with the attacks was initially discovered and reported for the press by Michael Lyle, chief technology officer of Recourse Technologies. Calce initially denied responsibility but later pled accountable to most of the charges brought against him ” the Montreal Youth Court sentenced him in September 12, 2001 to eight months of “open custody,  one year of probation, restricted use of the net, and a little fine. Roughly these problems caused $1. 2 billion dollars in global monetary damages. three or more. Search the Web for the “The Established Phreaker’s Manual.  What information contained with this manual might help a security officer to protect a communications system? f. Securities administrator can be described as specialist in computer and network protection, including the government of reliability devices such as firewalls, as well as consulting about general security measures. g. Phreaking can be described as slang term coined to spell out the activity of any culture of folks that study, test out, or explore telecommunication devices, such as tools and systems connected to community telephone networks.

Since mobile phone networks have grown to be computerized, phreaking has become tightly linked with computer system hacking. i actually. Example of Phreaking: Using numerous audio eq to manipulate a phone program. h. Total, a security supervisor could use this kind of manual to achieve knowledge of terms associated with phreaking and the in’s & outs of the procedure (i. elizabeth. how it can be executed). Yet , the security manager should give attention to Chapter 10 ” “War on Phreaking ” this section (pg 71-73) deals with principles such as get, “doom,  tracing, and security. An administrator can reverse professional this information to protect his/her devices from this sort of attacks. 4. The section discussed a large number of threats and vulnerabilities to information security. Using the World wide web, find in least two other sources details on

threat and vulnerabilities. Start with www.securityfocus.com and use a key word search on “threats.  we. http://www.darkreading.com/vulnerability-threats

ii. Dark Reading’s Vulnerabilities and Threats Technical Center can be your source of breaking news and information on the most current potential threats and technological vulnerabilities influencing today’s THIS environment. Crafted for secureness and THIS professionals, the Vulnerabilities and Threats Tech Center is designed to provide complex information on newly-discovered network and application vulnerabilities, potential cybersecurity exploits, and security research results j. http://www.symantec.com/security_response/

iii. Our protection research centers around the world provide unparalleled evaluation of and protection from THIS security risks that include malware, security dangers, vulnerabilities, and spam. a few. Using the types of threats pointed out in this section, as well as the different attacks described, review several current media sources and identify instances of each. e. Acts of human mistake or inability:

iv. Students and staff were told in February that a few 350, 500 of them would have had their social secureness numbers and financial data exposed for the internet. sixth is v. “It occurred during an upgrade of some of the IT systems. We were changing a machine and through human mistake there was a misconfiguration inside the setting up of the server,  said UNCC spokesman, Sophie Ward. d. Compromises to intellectual home:

vi. Today we take news of action against a site that supplied links to films, music and games organised on file-hosters all around the world. Specialists say they have charged three individuals considered the administrators of a very large file-sharing site. vii. To get a thought of the gravity local law enforcement are gaining the case, we could compare some recent numbers. According to US government bodies Megaupload, one of the world’s major websites at the moment, cost rightsholders $500m. GreekDDL (according to Alexa Greece’s 63rd largest site) allegedly cost rightsholders $85. 4m. m. Deliberate acts of espionage or perhaps trespass:

viii. The individual responsible for one of the most significant leaks in US politics history is Edward Snowden, a 29-year-old former technological assistant to get the CIA and current employee in the defense contractor Booz Allen Hamilton. Snowden has been working at the National Protection Agency for the last four years as an employee of various outdoors contractors, including Booz Allen and Dell. ix. Snowden will go down in history as one of America’s most consequential whistleblowers, alongside Daniel Ellsberg and Bradley Manning. He is responsible for handing over material in one of the world’s most deceptive organization ” the NO-STRINGS-ATTACHED. x. Additional, interesting, examine: http://www.cbsnews.com/8301-201_162-57600000/edward-snowdens-digital-maneuvers-still-stumping-u.s-government/ 1 ) The government’s forensic research is wrestling with Snowden’s apparent ability to defeat safeguards established to monitor and deter people looking at info without proper agreement. n. Strategic acts details extortion:

xi. Hackers claimed to have breached the systems of the The belgian credit company Elantis and threatened to create confidential consumer information in case the bank would not pay $197, 000 ahead of Friday, someone said in a affirmation posted to Pastebin. Elantis confirmed the info breach Thurs night, but the traditional bank said investment decision you won’t give in to extortion hazards. xii. The hackers claims to have captured login credentials and desks with on the net loan applications which usually hold data such as complete names, work descriptions, contact information, ID cards numbers and income statistics. xiii. In line with the hackers the data was kept unprotected and unencrypted for the servers. To prove the hack, regions of what they stated to be captured customer info were printed. o. Strategic acts of sabotage or vandalism:

xiv. Fired Service provider Kisses Away Fannie Mae With Common sense Bomb xv. Rajendrasinh Babubha Makwana, a former IT service provider at Fannie Mae who had been fired for making a coding mistake, was charged this week with placing a “logic bomb within the industry’s Urbana, Maryland., data middle in late August of last year. The spyware and adware was going go into impact at 9 a. meters. EST Weekend

and would have impaired internal monitoring systems mainly because it did its damage. Any person logging on to Fannie Mae’s Unix hardware network after that would have seen the words “Server Graveyard display on their workstation screens. s. Deliberate serves of fraud:

xvi. 4 Russian nationals and a Ukrainian have been completely charged with running a advanced hacking corporation that permeated computer sites of more than several major American and intercontinental corporations over seven years, stealing and selling for least one hundred sixty million credit rating and charge card numbers, resulting in loss of billions of dollars. q. Planned software episodes:

xvii. China and tiawan Mafia-Style Hack Attack Hard drives California Company to Edge xviii. A group of hackers supply by china manufacturer waged a relentless marketing campaign of cyber harassment against Solid Oak Software Incorporation., Milburn’s family-owned, eight-person firm in Santa Barbara, A bunch of states. The assault began lower than two weeks following Milburn publicly accused Chinese suppliers of appropriating his business parental filtering software, CYBERsitter, for a national Internet censoring project. And it concluded shortly after he settled a $2. 2 billion suit against the China government and a string of computer companies last April. xix. In between, the hackers assailed Solid Oak’s computer systems, turning down web and email servers, spying on an employee with her webcam, and gaining access to sensitive documents in a fight that triggered company revenues to tumble and helped bring it within a hair’s width of break. r. Makes of nature:

xx. Websites Scramble Since Hurricane Exotic Floods Data Centers xxi. The nut storm inundated data centers in New York City, taking down many major websites and companies ” including The Huffington Content, Buzzfeed and Gawker ” that depended on them to work their businesses. xxii. Several websites stored their data at a reduced Manhattan info center run by Datagram, whose basement was full with drinking water during the tornado, flooding generator that were designed to keep the electricity on. s i9000. Deviations in quality of service by service providers: xxiii. China’s Net hit by biggest cyberattack in its record xxiv.

Internet users in China had been met with slower response times early on Sunday because the country’s domain extendable came under a “denial of service assault. xxv. The attack was your largest of its kind ever in China, according to the China Net Network Data Center, a state agency that manages the. cn nation domain. xxvi. The double-barreled attacks came about at about 2 a. m. Saturday, and then again in 4 a. m. The other attack was “long-lasting and large-scale,  according to state media, which usually said that services was slowly and gradually being refurbished. t. Specialized hardware failures or problems:

xxvii. A hardware failing in a Scottish RBS Group technology centre caused a NatWest financial institution outage. xxviii. It prevented customers by using online financial services or perhaps doing charge card deals. u. Technological software inability or mistakes:

xxix. RBS boss blames software upgrade for accounts problems xxx. The manager of RBS has verified that a software change was responsible for the widespread computer system problems impacting on millions of consumers’ bank accounts. sixth is v. Technological obsolescence:

xxxi. SIM Cards Have Been Hacked, And The Drawback Could Affect Millions Of Cell phones xxxii. Following three years of research, German cryptographer Karsten Nohl claims to have finally found security and software program flaws that can affect millions of SIM greeting cards, and open another course on mobiles for monitoring and fraudulence.

Case Exercises

Soon after the board of directors meeting, Charlie was promoted to Chief Info Security Officer, a fresh position that reports for the CIO, Gladys Williams, which was created to offer leadership to get SLS’s work to improve their security account.

Questions:

1 . How do James, Gladys, and Charlie perceive the scope and size of the new information protection effort? a. Charlie’s proposed information reliability plan aims at securing business software, info, the sites, and pcs which store information. The scope in the information protection effort is quite vast, taking pictures securing every single vulnerability ” in addition to the aforementioned, the new details security strategy also targets the company’s staff. Since extra effort will be required to put into practice the new bureaucratic plan and install new security software program and equipment, the scale of this operation is very large. installment payments on your How will James measure success when he assess Gladys’ efficiency for this task? How will he evaluate Charlie’s performance? b. Gladys is appointed because CIO with the team, which is gathered to enhance the security in the company as a result of virus attack that triggered a loss in the business; I believe Wendy will assess Gladys achievement by her ability to business lead, keep the anticipate track (i. e. time management) and successfully staying with the recommended budget. Charlie was marketed to primary information security officer, a new situation that information to the CIO; I believe Wendy will measure Charlie’s success by his ability to put into action the new plan, report his/their progress plus the overall accomplishment of the fresh system. several. Which from the threats talked about in this phase should receive Charlie’s attention early in his organizing process? c. Portable Media Management (Ex. USB, DVD-R/W) should receive Charlie’s attention early on in his planning process

1