Exercises 1 . Consider the statement: an individual menace agent, like a hacker, can be quite a factor in multiple threat category.
If a hacker hacks to a network, replications a few files, defaces the net page, and steals credit card numbers, how many different threat categories does this attack fall into? a. Total, I believe this attack falls into 4 major menace categories: planned acts of trespass, accommodement to perceptive property, specialized failures, and managerial failing. Furthermore, In my opinion this strike would be grouped as a deliberate act of theft/trespass which usually compromises perceptive property because of technical and managerial failures. b. It appears as this kind of hacker was deliberately causing harm (i. elizabeth. copying data, vandalizing the web page, and theft of credit card numbers); due to their method of entry hacking right into a network it leaves me to trust there were several technical failures, such as computer software vulnerabilities or a trap door.
However , that is certainly just one opportunity as to what would have occurred. This can have also been a managerial failing; say the not known hacker used social executive to obtain the information to gain access to the network proper preparing and procedure execution could have potentially disenchanted this hacker’s attack. 2 . Using the Web, research Mafiaboy’s exploits.
The moment and how did he compromise sites? How was he caught? c. Michael Devil Calce, also referred to as Mafiaboy, was a high school pupil from Western Island, Quebec, who launched a series of extremely publicized DDoS (denial-of-service) episodes in March 2000 against large industrial websites which include: Yahoo!, Fifa. com, Amazon online. com, Dell, Inc., E*Trade, eBay, and CNN. Calce also attempted to launch a number of simultaneous attacks against seven of the 13 root identity servers. m. On February 7th, 2000, Calce targeted Yahoo! Which has a project this individual named Rivolta which means riot in Italian.
This kind of project utilized a denial of assistance cyber-attack by which servers become overloaded based on a types of communications, to the point by which they totally shut down. Calce managed to close the multibillion dollar firm and the web’s top search engine for almost one hour. His aim was to build dominance intended for himself and TNT his cybergroup. Over the next week, Calce as well brought straight down eBay, CNN, Amazon and Dell via the same DDoS attack. electronic. Calce’s activities were underneath suspicion when the FBI and the Royal Canadian Mounted Authorities noticed content in an IRC chatroom which in turn bragged/claimed responsibility for the attacks.
This individual became the main suspect if he claimed to acquire brought down Dell’s web page, an attack not yet publicized at the time. Information about the source from the attacks was initially discovered and reported to the press by simply Michael Lyle, chief technology officer of Recourse Systems. Calce at first denied responsibility but after pled guilty to most from the charges helped bring against him the Montreal Children Court sentenced him in September doze, 2001 to eight weeks of open custody, one year of probation, constrained use of the Internet, and a tiny fine.
It is estimated that these problems caused $1. 2 billion dollars dollars in global monetary damages. a few. Search the Web for the The Official Phreaker’s Manual. What information contained through this manual may help a security officer to protect a communications system? f. A security administrator can be described as specialist in computer and network protection, including the supervision of security devices just like firewalls, along with consulting in general reliability measures. g. Phreaking is actually a slang term coined to describe the activity of any culture of folks that study, test out, or check out telecommunication devices, such as gear and devices connected to general public telephone networks. ii.
Dark Reading’s Vulnerabilities and Threats Tech Middle is the resource for breaking news and information on the latest potential threats and technical vulnerabilities affecting today’s IT environment. Written pertaining to security and IT specialists, the Weaknesses and Hazards Tech Middle is designed to give in-depth information on newly-discovered network and application vulnerabilities, potential cybersecurity exploits, and secureness research effects j. http://www.symantec.com/security_response/ iii. Our security analysis centers around the world provide unequalled analysis of and defense against IT protection threats that include malware, reliability risks, weaknesses, and unsolicited mail.
5. Using the categories of hazards mentioned with this chapter, plus the various disorders described, assessment several current media resources and determine examples of every. k. Works of human being error or perhaps failure: iv. Students and staff were told in February that some 350, 000 of these could have got their sociable security quantities and financial information revealed on the internet. v. It happened during an update of a number of our THIS systems. I was upgrading a server and through human being error there was clearly a misconfiguration in the establishing of that server, stated UNCC spokesman, Stephen Ward. l. Short-cuts to mental property: mire.
Today all of us bring reports of actions against a site that offered links to films, music and games hosted upon file-hosters all over the world. Authorities claim they have recharged three individuals said to be the administrators of the very large file-sharing site. vii. To get an idea of the gravity regional police are putting on the situation, we can evaluate some recent stats. In accordance to US authorities Megaupload, one of the world’s largest websites at the time, expense rightsholders $500m.
GreekDDL (according to Alexa Greece’s 63rd largest site) allegedly price rightsholders $85. 4m. m. Deliberate works of espionage or trespass: viii. The individual responsible for one of the significant leaks in US political record is Edward Snowden, a 29-year-old past technical associate for the CIA and current employee of the protection contractor Booz Allen Hamilton.
Snowden has been practicing at the Countrywide Security Organization for the last several years as an employee of various outside contractors, including Booz Allen and Dell. ix. Snowden is going down in history as one of America’s most consequential whistleblowers, together with Daniel Ellsberg and Bradley Manning.
He could be responsible for handing over material from one with the world’s the majority of secretive organization the NSA. x. Additional, interesting, read: http://www.cbsnews.com/8301-201_162-57600000/edward-snowdens-digital-maneuvers-still-stumping-u.s-government/ 1 . The government’s forensic investigation is definitely wrestling with Snowden’s noticeable ability to wipe out safeguards set up to monitor and deter people taking a look at information without right permission. n. Deliberate works of information extortion: xi. Online hackers claimed to acquire breached the systems from the Belgian credit provider Elantis and endangered to publish private customer info if the traditional bank does not pay $197, 1000 before Fri, they said in a statement posted to Pastebin.
Elantis confirmed the data break Thursday, nevertheless the bank stated it will not cave in to extortion threats. xii. The online hackers claim to have got captured sign in credentials and tables with online loan requests which carry data including full names, job points, contact information, IDENTITY card numbers and cash flow figures. xiii. According to the cyber criminals the data was stored unprotected and unencrypted on the computers. To prove the hack, parts of what they claimed to get captured client data had been published. o. Deliberate acts of skade or vandalism: xvi.
4 Russian nationals and a Ukrainian had been charged with running a sophisticated hacking corporation that penetrated computer networks of more than a dozen major American and intercontinental corporations over seven years, stealing and selling by least one hundred sixty million credit rating and debit card figures, resulting in deficits of hundreds of millions of dollars. q. Deliberate software episodes: xvii. Chinese suppliers Mafia-Style Compromise Attack Hard disks California Firm to Brink xviii. Several hackers supply by china manufacturer waged a relentless advertising campaign of cyber harassment against Solid Maple Software Inc., Milburn’s family-owned, eight-person organization in Santa claus Barbara, A bunch of states.
The assault began lower than two weeks following Milburn publicly accused Cina of appropriating his company’s parental blocking software, CYBERsitter, for a countrywide Internet censoring project. And it finished shortly after he settled a $2. a couple of billion court action against the Oriental government and a chain of pc companies last April. xix. In between, the hackers assailed Solid Oak’s computer systems, closing down world wide web and e-mail servers, spying on an worker with her webcam, and gaining access to sensitive data in a challenge that triggered company revenues to drop and helped bring it within a hair’s width of fall. r. Causes of mother nature: xxvii.
A hardware inability in a Scottish RBS Group technology centre caused a NatWest traditional bank outage. xxviii. It prevented customers by using online financial services or doing charge card deals. u. Technological software inability or problems: xxix. RBS boss blames software update for bank account problems xxx. The manager of RBS has verified that a application change was responsible for the widespread pc problems impacting millions of customers’ bank accounts. versus.
Technological obsolescence: xxxi. SIM Cards Have Been Hacked, And The Flaw Could Impact Millions Of Phones xxxii. After three years of research, German born cryptographer Karsten Nohl says to have finally found encryption and software program flaws that could affect an incredible number of SIM playing cards, and clear another course on cellphones for surveillance and fraudulence.
Case Physical exercises Soon after the board of directors meeting, Charlie was promoted to Chief Data Security Officer, a fresh position that reports to the CIO, Gladys Williams, and this was created to present leadership pertaining to SLS’s initiatives to improve their security account. Questions: 1 . How do James, Gladys, and Charlie see the range and level of the new information protection effort? a. Charlie’s suggested information protection plan is aimed at securing organization software, data, the systems, and pcs which shop information. The scope with the information security effort is pretty vast, aiming at securing every vulnerability in addition to the aforementioned, the new info security program also targets the company’s staff.
Since extra efforts will be necessary to implement the new managerial plan and set up new protection software and tools, the scale of this operation is quite significant. 2 . How will Fred measure success when he evaluates Gladys’ performance just for this project? How will he examine Charlie’s performance? b. Gladys is designated as CIO of the team, which is collected to improve the safety of the business due to virus attack that caused a loss in the company; I think Fred will certainly measure Gladys success by her ability to lead, keep the plan on trail (i. elizabeth. time management) and successfully sticking to the proposed finances.
Charlie was promoted to chief info security officer, a fresh position that reports to the CIO; In my opinion Fred will certainly measure Charlie’s success by simply his ability to implement the newest plan, record his/their progress and the overall success of the new system. 3. Which of the hazards discussed in this chapter should receive Charlie’s attention early in the planning process? c. Lightweight Media Management (Ex. USB, DVD-R/W) should receive Charlie’s focus early in the planning process