1 ) Consider the statement: a person threat agent, like a hacker, can be a factor in more than one danger category. If a hacker hackers into a network, copies a few files, defaces the Web site, and shop lifts credit card figures, how many different threat types does this assault fall into? a. Overall, I believe this assault falls in to four significant threat groups: deliberate functions of trespass, compromises to intellectual property, technical failures, and managerial failure.
Furthermore, I believe this kind of attack can be categorized being a deliberate work of theft/trespass which short-cuts intellectual real estate due to specialized and managerial failures. w. It seems since this hacker was intentionally causing harm (i. e. replicating files, vandalizing the web web page, and thievery of credit-based card numbers); due to their method of admittance hacking into a network this leaves myself to believe there was some technological failures, such as software vulnerabilities or a snare door. However , that is just one single possibility in regards to what could have took place.
This could are also a managerial failure; say the unknown hacker used interpersonal engineering to obtain the information to gain access to the network correct planning and procedure execution could have probably thwarted this hacker’s strike. 2 . Making use of the Web, analysis Mafiaboy’s exploits. When and exactly how did this individual compromise sites?
How was he found? c. Michael Demon Calce, also known as Mafiaboy, was a high school student via West Island, Quebec, who have launched a group of highly publicized DDoS (denial-of-service) attacks in February 2k against significant commercial websites including: Bing!, Fifa. com, Amazon. com, Dell, Incorporation., E*Trade, eBay, and CNN. Calce also attempted to start a series of simultaneous attacks against nine of the thirteen underlying name computers. d. In February 7th, 2000, Calce targeted Bing! With a task he called Rivolta meaning riot in German. This project utilized a denial of service cyber-attack in which computers become overloaded with different types of marketing and sales communications, to the point in which they totally shut down.
Calce managed to close the multibillion dollar company and the web’s top google search for almost one hour. His objective was to set up dominance pertaining to himself and TNT his cybergroup. Over the a few weeks, Calce also brought down eBay, CNN, Amazon and Dell via the same DDoS attack. at the. Calce’s actions were beneath suspicion if the FBI and the Royal Canadian Mounted Authorities noticed posts in an IRC chatroom which usually bragged/claimed responsibility for the attacks. He became the main suspect when he claimed to acquire brought down Dell’s web page, an strike not yet publicized at the time.
Information concerning the source from the attacks was discovered and reported to the press by simply Michael Lyle, chief technology officer of Recourse Solutions. Calce initially denied responsibility but afterwards pled accountable to most in the charges helped bring against him the Montreal Children Court sentenced him about September 12, 2001 to eight months of open custody, one year of probation, constrained use of the world wide web, and a little fine. Approximately these attacks caused $1. 2 billion dollars in global economical damages. a few. Search the net for the The Recognized Phreaker’s Manual.
What information contained through this manual can certainly help a security administrator to protect a communications system? f. Securities administrator can be described as specialist in computer and network secureness, including the supervision of reliability devices including firewalls, along with consulting in general secureness measures. g. Phreaking is a slang term coined to spell out the activity of your culture of people who study, test out, or explore telecommunication devices, such as equipment and devices connected to public telephone networks. Since phone networks have become computerized, phreaking has become tightly linked with computer hacking. i. Example of Phreaking: Using various audio frequencies to manipulate a phone program. h. Overall, a security administrator could use this kind of manual to achieve knowledge of terms associated with phreaking and the in’s & outs of the method (i. elizabeth. how it truly is executed).
Nevertheless , the security manager should focus on Chapter 10 War on Phreaking this section (pg 71-73) deals with principles such as get, doom, tracing, and security. An administrator may reverse industrial engineer this information to protect his/her devices from these kinds of attacks. 4. The phase discussed many threats and vulnerabilities to information security.
Using the Web, find at least two other sources of information on menace and weaknesses. Begin with www.securityfocus.com and make use of a keyword browse threats. i. http://www.darkreading.com/vulnerability-threats ii. Darker Reading’s Weaknesses and Threats Tech Centre is the resource for breaking news and information within the latest potential threats and technical weaknesses affecting today’s IT environment.
Written to get security and IT experts, the Vulnerabilities and Threats Tech Centre is designed to give in-depth information concerning newly-discovered network and application vulnerabilities, potential cybersecurity uses, and security research benefits j. http://www.symantec.com/security_response/ iii. The security exploration centers around the world provide unrivaled analysis of and protection from IT security threats which include malware, security risks, weaknesses, and spam. 5. Using the categories of risks mentioned through this chapter, and also the various disorders described, review several current media resources and recognize examples of each. k. Serves of individual error or failure: iv.
Students and staff had been told in February that some three hundred and fifty, 000 of those could have acquired their sociable security quantities and economic information uncovered on the net. v. It happened during an up grade of a number of our THAT systems. I was upgrading a server and through individual error there was a misconfiguration in the preparing of that storage space, explained UNCC spokesman, Stephen Keep. l. Compromises to perceptive property: vi. Today all of us bring reports of actions against a web site that delivered links to films, music and games hosted on file-hosters all around the world.
Authorities state they have charged three individuals said to be the administrators of any very large file-sharing site. vii. To receive an idea from the gravity community police happen to be putting on the situation, we can review some new stats. According to ALL OF US authorities Megaupload, one of the world’s largest websites at the time, cost rightsholders $500m. GreekDDL (according to Alexa Greece’s 63rd largest site) allegedly price rightsholders $85.
4m. m. Deliberate functions of watching or trespass: viii. The person responsible for probably the most significant leaks in US political background is Edward cullen Snowden, a 29-year-old ex – technical helper for the CIA and current employee of the security contractor Booz Allen Hamilton. Snowden has been working at the Countrywide Security Firm for the last 4 years since an employee of varied outside companies, including Booz Allen and Dell. ix.
Snowden is going down of all time as one of America’s most resulting whistleblowers, together with Daniel Ellsberg and Bradley Manning. He’s responsible for handing over material from one with the world’s most secretive corporation the NSA. by. Additional, interesting, read: http://www.cbsnews.com/8301-201_162-57600000/edward-snowdens-digital-maneuvers-still-stumping-u.s-government/ 1 . The government’s forensic investigation can be wrestling with Snowden’s noticeable ability to wipe out safeguards set up to keep an eye on and deter people taking a look at information without right permission. d. Deliberate functions of information extortion: xi.
Online hackers claimed to have breached the systems in the Belgian credit provider Elantis and threatened to publish private customer info if the traditional bank does not shell out $197, 000 before Comes to an end, they said in a statement published to Pastebin. Elantis verified the data break Thursday, nevertheless the bank explained it will not give in to extortion threats. xii. The online hackers claim to have got captured login credentials and tables with online loan applications which carry data including full brands, job points, contact information, IDENTIFICATION card figures and salary figures. xiii. According to the cyber-terrorist the data was stored unguaranteed and unencrypted on the servers.
To prove the compromise, parts of what they claimed to get captured client data were published. o. Deliberate works of sabotage or vandalism: xvi. Several Russian excellent and a Ukrainian have been charged with running a advanced hacking organization that penetrated computer networks of more than a dozen major American and foreign corporations above seven years, stealing and selling for least one hundred sixty million credit rating and charge card figures, resulting in failures of hundreds of millions of dollars. q. Deliberate software episodes: xvii. China Mafia-Style Hack Attack Pushes California Firm to Edge xviii.
Several hackers supply by china manufacturer waged a relentless plan of web harassment against Solid Walnut Software Incorporation., Milburn’s family-owned, eight-person company in Father christmas Barbara, Washington dc. The attack began below two weeks after Milburn widely accused Cina of appropriating his company’s parental blocking software, CYBERsitter, for a national Internet censoring project. And it ended shortly after this individual settled a $2. a couple of billion court action against the China government and a line of laptop companies last April. xix.
In between, the hackers assailed Solid Oak’s computer systems, turning down world wide web and e-mail servers, spying on an staff with her webcam, and gaining entry to sensitive data files in a fight that triggered company profits to tumble and helped bring it in a hair’s width of failure. r. Makes of mother nature: xxvii. A hardware failing in a Scottish RBS Group technology centre caused a NatWest bank outage. xxviii. It prevented customers by using online financial services or doing charge card ventures. u. Technological software failure or errors: xxix.
RBS boss blames software update for account problems xxx. The manager of RBS has affirmed that a computer software change was responsible for the widespread computer problems impacting millions of customers’ bank accounts. versus. Technological obsolescence: xxxi.
SIM Cards Have Been Hacked, And The Downside Could Impact Millions Of Mobile phones xxxii. After three years of research, German born cryptographer Karsten Nohl statements to have finally found security and software program flaws that can affect countless SIM cards, and start another route on cellphones for surveillance and fraudulence. Case Physical exercises Soon after the board of directors appointment, Charlie was promoted to Chief Info Security Officer, a fresh position that reports to the CIO, Gladys Williams, and that was created to offer leadership intended for SLS’s initiatives to improve it is security account.
Questions: 1 . How do Wendy, Gladys, and Charlie see the opportunity and size of the new information security effort? a. Charlie’s proposed information secureness plan is aimed at securing business software, info, the sites, and computers which shop information. The scope from the information reliability effort is very vast, taking pictures securing each vulnerability in addition to the previously mentioned, the new details security strategy also focuses on the company’s staff. Seeing that extra hard work will be required to implement the brand new managerial plan and set up new security software and tools, the scale of this procedure is quite large.
2 . How will Fred evaluate success when he evaluates Gladys’ performance with this project? How can he examine Charlie’s overall performance? b. Gladys is equiped as CIO of the crew, which is gathered to improve the safety of the firm due to malware attack that caused a loss inside the company; I really believe Fred will measure Gladys success by simply her capacity to lead, maintain the plan on observe (i. at the. time management) and successfully sticking to the proposed price range. Charlie was promoted to chief information security officer, a fresh position that reports to the CIO; I really believe Fred will certainly measure Charlie’s success simply by his ability to implement the new plan, statement his/their progress and the total success of the new system.
3. Which will of the risks discussed from this chapter will get Charlie’s attention early in his planning process? c. Lightweight Media Managing (Ex. UNIVERSAL SERIES BUS, DVD-R/W) will get Charlie’s attention early in the planning method