2. Using the Web, research Mafiaboy’s exploits. When and how did he compromise sites? How was he caught?

In 2000, a high school student named Michael Calce. aka “Mafiaboy”, brought down many large websites like Amazon and Yahoo. He used a program to overwhelm the websites causing them to not work properly and to shut down all together. It was a “denial-of-service attack. The website receives to much information and the service stops working. He was caught because he left evidence and traces of what he did, and more experienced hackers found out what he did.

3. Search the Web for “The Official Phreaker’s Manual”. What information in this manual might help a security administrator to protect a communications system?

There are many different techniques explained that they could use to prevent these techniques from being used on them.  They also have certain terms for different things, if they heard or saw one of these key terms, they would know what the Phreakers are trying to do. By understanding what a Phreaker is, the companies can understand what they want to do and whether or not they are a threat to the security of the company.

Discussion Questions

1.      Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that?

Fred thinks the new security effort with make the companies’ information more secure. The information will continue to remain secure and monitored.

Gladys thinks it should fix most of the security issues. She also wants to implement a new security program to monitor.

Charlie calculates the cost of how much all of this would be for the company. He also thinks that the investment is worthwhile for the company to keep the information secure.

No, Fred had was tasked with the new information security effort. His goal was to get a plan going and they have a plan for fixing the companies information security issue.

2.      How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance?

Fred should measure success for Gladys by; seeing how she leads the project, seeing how well the project does, and if she sticks to the budget.

Fred should measure Charlies performance by how he is able to implement the new plan and how well he documents the cost of all of it. Bothe the performances should be evaluated based on effort and creativity.

3.      Which of the threats discusses in this chapter should receive Charlie’s attention early in his planning process?

The biggest threat is what the employees bring into the company and use on their network. A USB was the device used for the attack on the network. Charlie should have is attention on monitoring what is brought in and used in the company by the workers.

Ethical Decision Making

Instead of Charlie being named CISO, suppose instead that Fred hired his son-in-law, an unemployed accountant, to fill the role. Assuming the person had no prior experience or preparation for a job in information security, did Fred make an ethical choice?

No, this is nepotism and he’s giving the job to someone who isn’t qualified to have it. It is also a job that wants to keep information secure. If he has no prior experience, he might not be able to do the job and cost people their information.

 

Suppose that SLS has implemented the policy prohibiting use of personal USB drives at work. Also, suppose that Davey Martinez brought in the USB drive he had used to store last month’s accounting worksheet. When he plugged in the drive, the worm outbreak started again and infected two servers. It’s obvious that Davey violated policy, but did he commit ethical violations as well?

Yes, he chose to bring in a USB drive that has company information on it. The company banned USB drives for a reason, most likely security. He willingly chose to endanger his companies information and his coworkers.