Andy Kolden

Information Security

Chapter 1 (pages 45-46)

 

Exercises

5)      Using the web find more about Kevin Mitnick.  What did he do?  Who caught him?  Write a short summary of his activities and explain why he is infamous. 

-          Kevin Mitnick is the World’s most famous hacker.  He hacked into 40 major corporations just for challenge. He spent 5 years in prison (arrested in 1995) for various computer and communication-related crimes.

-          Tsutomu Shimomura caught Kevin with the help of the FBI on February 15th of 1995. 

-          www.mitnicksecurity.com.

 

6)      Using the web, explore the technique known as “iterative and incremental development.”  Then, investigate “agile development.”  How are they related?

-          Iterative and incremental development is a method of software development which is modeled around an incremental increase in feature additions and a cyclical release and upgrade pattern. (www.techopedia.com)

-          Agile development is a method where software is developed and changed in incremental, rapid cycles.

-          They are interrelated because they are both constantly going through incremental change throughout the software development process.

 

Case Exercises

1)      Do you think this event was caused by an insider or outsider?  Explain.

-          I think that this was an attack by an outsider trying to gain information on the company such as personal information on employees, payment information, customer information, etc.  If a company’s firewall is easy to hack into or get by, a worm or virus can be implemented to intentionally slow down or harm their network stability.

 

2)      Other than installing virus and worm control software, what can SLS do to prepare for the next incident?

-          They can make sure to inform their employees on what could possibly be a scam or phishing attempt on their company.  If they can install an email scanning type of software that can determine whether an email is from a real person or if it is a phishing attempt.  These are just a few things that can help a company to protect itself.  The biggest threat to a company is it’s own end users and whether or not they can determine if something looks legit or not.

 

3)      Do you think this attack was the result of a virus or worm?  Explain.

-          I think that it was a virus because whenever people would open their email the virus had replicated itself multiple times and by then it had grown throughout the entire company and onto a bunch of different systems that they were running so they were forced to wipe the slate clean and restart all of their apps. 

 

Ethical Decision Making

1)      Would it be ethical for Amy to open such a file?

-          No it would not because any employee of that level should know that their top level employee’s salaries and Social Security numbers would not be leaked.  It would not be of her concern and she should know that someone is just trying for her to click into their phishing/scam.

 

2)      If such an e-mail came in, what would be the best action to take?

 

-          The best action would be to report to the branch manager and the IT department.  They would then send a company-wide email for their employees to not open the email and delete it without clicking on the link.