Andy Kolden

Information Security

Chapter 7 (pages 445-446)

 

Exercises

1)      Several online passphrase generators are available.  Locate at least 2 on the Internet and try them.  What did you observe?

-          What I observed on both of mine are that they are all very secure questions that you should not be able to crack unless it is yourself right?  Not exactly, you should never use things that you were to have post on Facebook, Twitter, etc.  These are unique things to yourself that you need to be able to remember and be able to use all sorts of letters, symbols, etc.

 

2)      Use the Internet to search for “live DVD security toolkit.”  Read a few Web sites to learn about this class of tools and their capabilities.  Write a brief description of a live DVD security toolkit.

-          It is a Linus-based Live USB flash drive that provides a set of free and open-source computer security and networking tools to perform routine security and networking diagnostic and monitoring tasks.

 

 

Case Exercises

1)      Do you think Miller is out of options as he pursues his vendetta?  If you think he could take additional actions in his effort to damage the SLS network, what are they?

-          I  think he is completely out of options as maybe he could try to find  another “backdoor” around this as he has before.  He could try to build another virus that could make it further in damaging this firewall and screw up the SLS network very bad.

 

2)      What steps should he or she take to improve the company’s information security program?

-          They need to make sure to find the best security steps to protect the IP address so that they can detect when a hackers virus tries to make it by their firewall.  They can hire someone to teach them or they can use their own knowledge/internet to figure out the best ways.

 

3)      At which phase in the kill chain has SLS countered his vendetta?

-          The phase that this has been countered is in the exploitation phase because the code of Miller’s was clearly triggered and could not respond to this.

 

Ethical Decision Making

1)      Would such an action by SLS be ethical?  Do you think the action would be legal?

-          I think that it is probably ethical because they are invading the privacy when all of the other employees could be harmed by this action that he has done but it is probably not legal for them to do so without involving the law.

 

2)      If the SLS intrusion system determined what Miller was doing and then added the entire range of ISP addresses to the banned list, thus stopping any user of the ISP from connecting to the SLS network, would SLS’s actions be ethical?

-          Yes it would be ethical because they would be protecting their network from further intrusion and then their company’s firewall could stay safe in the case of someone else trying to intrude on their network.

 

3)      What if SLS were part of an industry consortium that shared IP addresses flagged by its IDPS, and all companies in the group blocked all of the ISP’s users for 10 minutes?  Would that be an ethical response by members of the consortium?  What if these users were blocked for 24 hours?

-          I think that could be ethical because it would probably draw out the person that has triggered this type of a response and then the person would be punished.  Also, it could really screw up with the work schedules of some people if this had happened too much.  If it was for 24 hours then nothing would be able to get done at work whenever someone were to trigger this type of response and this would not be ethical at all.