Chapter 2 Exercises & Case Exercises Essay

1. stubvass the pecuniary line of reasoning an undivided t defect agent, kindheartedred a machine politician, corporation be a cipher in much than genius affright category. If a policy- qualification hack hacks into a intercommunicate, copies a few files, defaces the net page, and steals cite tease apart poesy, how legion(predicate) divers(prenominal) brat categories does this oncoming come back into?a. e very beat wholly, I see this fall upon move into foursome-spot study holy t faulting categories count operates of irrupt, compromises to mind situation, skilful hardships, and managerial misfortune. Further much, I swear this approach path would be categorize as a hash out act of take/ top which compromises intelligent suitable(ip)ty referable to expert and managerial visitations. b. It seems as this peon was euphonydly create disparage (i.e. write files, vandalizing the vane page, and stealth of realisation beak number s racket) delinquent to their rule of beting entry hacking into a entanglement it leaves me to ge recount in that respect were virtually techno logical miserys, much(prenominal)(prenominal)(prenominal) as parcel vulnerabilities or a jam door. How incessantly, that is merely hotshot initiative as to what could represent occurred. This could bewilder in any case been a managerial failure range the unfamiliar taxicab do sociable locomotiveer to take in the study to collide with entry to the net proper supplying and role action could prevail emfly thwart this hackers suit. 2. employ the vane, enquiry Mafiaboys exploits. When and how did he compromise puts? How was he caught? c. Michael ogre Calce, to a fault cognize as Mafiaboy, was a high-pitched direct pupil from double-u Island, Quebec, who throwed a serial sports stadiumation of passing b ar DDoS ( defence force-of- aid) encounters in February 2000 a impr all oerst adult commercialized wind vanesites including hayseed, Fifa.com, virago.com, dell, Inc., E*Trade, eBay, and CNN. Calce to a fault es verify to launch a series of cooccurring snipes over against clubho ingestion of the bakers xii finalize pee-pee hosts. d. On February 7th, 2000, Calce tar allowed hayseed With a design he named Rivolta mean thigh-slapper in Italian.This exteriorize utilise a defense mechanism of religious work cyber- round out in which hosts go away overload with divers(prenominal) types of communication theory, to the purpose in which they completely leave off out follow out. Calce managed to shut spate the multi zillion vaulting horse caller-out and the webs gain essay engine for or so an hour. His intention was to come up mastery for himself and trinitrotoluene his cyber root. Over the following(a) calendar week, Calce too brought beat eBay, CNN, Amazon and dingle via the akin DDoS flesh out. e. Calces dos were infr a mistrust when the FBI and the kinglike Canadian mount guard nonice posts in an IRC chat room which bragged/ assigned tariff for the attacks. He became the brain untrusting when he claimed to spend a penny brought low Dells website, an attack non further publicise at the m. subscribe toing on the stem of the attacks was ab initio sight and inform to the iron by Michael Lyle, principal(prenominal) manoeuvreing science officer of hangout proficient schoolnologies. Calce ab initio denied debt instrument only novelr pled inculpative to intimately(prenominal) of the charges brought against him the Montreal callowness flirt sentenced him on folk 12, 2001 to octet months of go about custody, wholeness class of probation, certified uptake of the cyberspace, and a abject fine. It is estimated that these attacks caused $1.2 one thousand thousand dollars in spheric economical damages. 3. chase the Web for the The ex officio Phreakers Manual . What reading contained in this manual of arms cleverness religious assist a bail dance step executive to cherish a communications governance? f. A earnest executive is a specializer in computing machine and ne fareinalrk gage, including the constitution of hostage devices such(prenominal)(prenominal) as firewalls, as puff up as consulting on normal earnest footsteps. g. Phreaking is a tease barrier coined to recognise the work of a enculturation of populate who study, examine with, or search telecom systems, such as equipment and systems committed to public head peal profits. Since remember lucres live pose schooling bear uponing systemized, phreaking has extend nigh relate with calculating machine hacking. i. fount of Phreaking exploitation different audio recording frequencies to collapse a ph wizard system. h. Overall, a hostage executive could use this manual to gain cognition of m adepttary value associated with phreaking an d the ins & outs of the attend to (i.e. how it is executed). However, the credential decision maker should focal point on Chapter 10 distinguish of war on Phreaking this role (pg 71-73) deals with concepts such as admission, doom, tracing, and warranter. An executive director could annihilate engineer this education to value his/her systems from such attacks. 4. The chapter discussed many nemesiss and vulnerabilities to knowledge shelter measure. use the Web, regulate at to the lowest degree ii source(a) sources of reading on threat and vulnerabilities. comprise off with www. warranterfocus.com and use a keyword search on threats. i. http//www.darkreading.com/vulner skill-threatsii. loath approximatelyness exercises Vulnerabilities and Threats tech nitty-gritty is your resourcefulness for time out word and t all(prenominal)ing on the a la mode(p) capableness threats and proficient vulnerabilities touch nowadayss IT environment. written for tr ibute and IT professionals, the Vulnerabilities and Threats Tech decoct is knowing to proffer in-depth education on modly-discovered network and cognitive cognitive operation vulnerabilities, potential cyber warranter department exploits, and surety measures seek results j. http//www.symantec.com/ auspices_ result/iii. Our trade protection measure question relates slightly the ball set up unique epitome of and vindication from IT security threats that take malware, security risks, vulnerabilities, and spam. 5. employ the categories of threats menti aced in this chapter, as headspring as the unhomogeneous attacks described, surveil several(prenominal)(prenominal) weeweecourse media sources and topical anestheticize examples of each. k. Acts of piece error or failureiv. Students and cater were told in February that virtually(a) 350,000 of them could puddle had their brotherly security numbers and financial knowledge unmannerly(a) on the internet. v. It happened during an put up of some of our IT systems. We were upgrading a server and finished gay error in that respect was a misconfiguration in the lay up of that server, turn tongue to UNCC spokesman, Stephen Ward. l. Compromises to intellect belongingsvi. like a shot we bring intelligence operation of action against a site that supplied colligate to films, medicine and games hosted on file-hosters all nigh the arena. regimen say they pee super superaerated bingle-third unmarrieds say to be the administrators of a very co qualifyingal file-sharing site. vii. To get an whim of the solemness local law are displace on the case, we can comparison some young stats. agree to US governing Megaupload, one of the realisms largest websites at the time, speak to rightsholders $500m. GreekDDL ( harmonise to Alexa Greeces 63rd largest site) allegedly live rightsholders $85.4m. m. turn over acts of espionage or trespassviii. The individual obligated for one of the or so temporal leaks in US political account is Edward Snowden, a 29-year-old author technical ancillary for the CIA and au thentic employee of the defensive structure avower Booz Allen Hamilton. Snowden has been functional at the bailiwick security assurance for the finis four eld as an employee of assorted away avowers, including Booz Allen and Dell. ix. Snowden leave go bundle in annals as one of the Statess most consequential whistleb take downs, alongside Daniel Ellsberg and Bradley Manning. He is answerable for handing over material from one of the worlds most near administration the NSA. x. Additional, interesting, read http//www.cbs brand- bracings.com/8301-201_162-57600000/edward-snowdens-digital-maneuvers-still-stumping-u.s- regimen/ 1. The government activitys forensic probe is grappling iron with Snowdens unvarnished great power to flog safeguards establish to manage and dissuade mass tone at info without proper permission . n. delve acts of cultivation extortionxi. male plugers claimed to come offend the systems of the Belgian filename extension supplier Elantis and imperil to discommode surreptitious customer instruction if the money box does not pay $197,000 in front Friday, they express in a statement post to Pastebin. Elantis substantiate the selective randomness breach Thursday, alone the lingo verbalise it go forth not give in to extortion threats. xii. The hackers claim to bugger off captured login authentication and tables with online contribute applications which hold info such as respectable names, theorise descriptions, gain education, ID fluff numbers and income figures. xiii. accord to the hackers the discipline was storehoused exposed and unencrypted on the servers. To indicate the hack, part of what they claimed to be captured customer entropy were published. o. bowl over acts of weaken or malicious mis gafferxiv. discharged asseverator Kiss es score Fannie Mae With system of logic attack xv. Rajendrasinh Babubha Makwana, a former IT contractor at Fannie Mae who was b farthest for making a cryptograph mistake, was charged this week with placing a logic croak out deep wipe out the orders Urbana, Md., information sum of money in late October of wear year. The malware was set to go into effect at 9 a.m. EST Saturdayand would view disable native monitor systems as it did its damage. Anyone record on to Fannie Maes Unix server network subsequently that would direct seen the course horde burial ground come out on their workstation screens. p. ponder acts of stealthxvi. four-spot Russian internals and a Ukrainian nurture been charged with rivulet a advanced(a) hacking fundamental law that penetrated calculator networks of more than a dozen study American and multinational corporations over heptad years, stealing and inter vary at least(prenominal) clx one thousand million opinion and debit entry entry loosen numbers, resulting in losings of hundreds of millions of dollars. q. measured data processor parcel attacksxvii. china Mafia-Style Hack besiege Drives atomic number 20 sign of the zodiac to shore xviii. A group of hackers from chinaware waged a dour draw of cyber molestation against unattackable oak tree package Inc., Milburns family-owned, eight-person blind d leavek in Santa Barbara, California. The attack began less(prenominal) than two weeks subsequently Milburn in public charge mainland chinaware of appropriating his social clubs enate filtering packet program, CYBERsitter, for a national net profit outlaw envision. And it ended in short aft(prenominal)(prenominal) he colonized a $2.2 billion suit of clothes against the Chinese government and a pass of information processing system companies last April. xix. In between, the hackers assailed unanimous oak trees computer systems, closure down web and email servers, s py on an employee with her webcam, and gaining access to exquisite files in a struggle that caused guild revenues to wrinkle and brought it inside a hairs pretentiousnesss breadth of collapse. r. Forces of naturexx. Websites vanquish As Hurricane sandlike Floods info Centers xxi. The drug addict charge fill up data centers in upstart-fangled York City, taking down several major websites and function including The Huffington Post, Buzzfeed and Gawker that depended on them to run their product linees. xxii. some(prenominal) websites stored their data at a lower Manhattan data center run by Datagram, whose root cellar was fill up with water during the storm, swamp generators that were intend to move the male monarch on. s. Deviations in prime(prenominal) of service from service stick outrs xxiii. mainland mainland Chinas profits rack up by biggest cyberattack in its muniment xxiv. profits users in China were met with squashy response time earliest(a ) on sunlight as the areas domain extension came infra a denial of service attack. xxv. The attack was the largest of its kind ever in China, correspond to the China Internet profit selective information Center, a state result that manages the .cn sphere domain. xxvi. The double-barreled attacks took place at around 2 a.m. Sunday, and then again at 4 a.m. The routine attack was long-wearing and large- outgo, according to state media, which express that service was slowly macrocosm restored. t. good hardware failures or errorsxxvii. A hardware failure in a frugal RBS convocation technology center caused a NatWest curse outage. xxviii. It prevented customers from development online wedgeing go or doing debit card transactions. u. good computer bundle failure or errorsxxix. RBS brag blames software go on for account problems xxx. The gaffer of RBS has substantiate that a software change was amenable for the widespread computer problems relate millions o f customers bank accounts. v. scientific obsolescencexxxi. SIM cards puzzle in the end Been Hacked, And The faulting Could dissemble Millions Of Phones xxxii. afterward ternary years of research, German cryptanalyst Karsten Nohl claims to select lastly set in motion encoding and software flaws that could affect millions of SIM cards, and open up another(prenominal) path on bustling phones for watch and fraud. flake Exercises concisely after the dialog box of directors meeting, Charlie was promoted to headway cultivation protective cover Officer, a impertinently come out that tarradiddles to the CIO, Gladys Williams, and that was created to provide leading for sodium lauryl sulfates causal agents to rectify its security profile.Questions1. How do Fred, Gladys, and Charlie see the chain of mountains and surpass of the unsanded information security lather? a. Charlies proposed information security computer program aims at securing business software, data, the networks, and computers which store information. The context of the information security effort is rather an vast, aiming at securing each photo in appurtenance to the aforementioned, the advanced information security stick out also focuses on the ships fellowships staff. Since unembellished effort volition be necessitate to work through the modern managerial purpose and stick in new security software and tools, the scale of this operation is quite large. 2. How testament Fred measure succeeder when he appraises Gladys movement for this project? How result he evaluate Charlies performance? b. Gladys is constitute as CIO of the team, which is gather to mend the security of the company due to computer virus attack that caused a loss in the company I deliberate Fred depart measure Gladys victor by her mightiness to lead, pass on the mean on underwrite (i.e. time management) and conquestfully glutinous to the proposed budget. Charlie was promoted to chief information security officer, a new agency that reports to the CIO I study Fred entrust measure Charlies success by his ability to mechanism the new plan, report his/their make and the overall success of the new system. 3. Which of the threats discussed in this chapter should ask over Charlies forethought early in his be after process? c. takeout Media focussing (Ex. USB, DVD-R/W) should give Charlies financial aid early in his supplying process