Kyle Peterson


Chapter 12


1.      Forum of Incident Response and Security Teams

FIRST: is the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents reactive as well as proactive. FIRST brings together a variety of computer security incident response teams from government, commercial, and educational organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information sharing among members and the community at large.

Apart from the trust network that FIRST forms in the global incident response community, FIRST also provides value added services. Some of these are:

·         access to up-to-date best practice documents

·         technical colloquia for security experts

·         hands-on classes

·         annual incident response conference

·         publications and web services

·         special interest groups

These are just some of the great services FIRST provides to IT professionals.


2.      Security Manager ongoing responsibilities

A Security Manager is busier than ever in today’s day and age. Below are some of the responsibilities of a security manager: these processes are broken up into volumes and sections.

DoDM 5200.01, Information Security Program

·         Volume 1: program overview, responsibilities, and guidance for classification and declassification

·         Volume 2: marking of classified information

·         Volume 3: guidance for safeguarding, storage, destruction, transmission, and transportation of classified information; training requirements; handling security violations and compromises; and information technology issues

·         Volume 4: guidance for controlled unclassified information


3.      Five tools that can be by security administrators, network administrators, and attackers alike

Listed Below are some great tools that admins use in the field!

·         Vulnerability Scanning: Vulnerability scanning is one of the most important tasks you can do to ensure your network stays secure. Vulnerability scanners scan a set number of hosts looking for any number of vulnerabilities – looking for anything from database, web or Operating System vulnerabilities.

·         Packet Sniffing: The ability to visually inspect the data being passed across your network can be an invaluable tool in troubleshooting networking issues.

·         Network Mapping: Network mapping is useful for allowing you to enumerate the devices on your network along with the services they are running. A great tool to help map your network is NMAP. NMAP can be set to scan a subnet or set of machines and will report on how many are available and what ports are open and listening on those machines.

·         Wireless Scanning: Scanning for rogue wireless devices should be done on a regular basis. If you have one of your users come in and set up an unsecure wireless access point running off your corporate network you have a pretty serious security issue.

·         Password Cracking: Although Password Cracking isn’t so much a “network security" scanning tool, it is useful to run password cracking tools to help assess password strength.


4.      Hacker Support Sites

There are a plethora of websites out there devoted to helping hackers be shitty people., Is on the list of Websites that allow hackers to hack.

This website features:

·         Hacking Tutorials

·         Getting Started Page

·         Software Downloads

·         Other tools, like kits and such.

Although they are on the internet, I highly doubt a high volume learn how to hack site would come up under a google search.

5.      Tentative risk assessment of UWS

If software is not up to date, data could be comprised. I believe we have system administrators on campus though. Also I would imagine they update our systems often. Physical Security could potentially be a problem, as just about anyone under the sun can use the computers. Although they would have to have an account which might prove to be a little challenging, however students often times forget to log off leaving there accounts and terminal vulnerable.  With a terminal open, a criminal could attempt to access many of the schools files, and if successful, could potentially do damage.