1. Search the Web for the Forum of Incident Response and Security Teams (FIRST). In your own words, what is the forumís mission?
The mission of FIRST is to provide its members with technical information and tools, methods, assistance, and guidance. It also coordinates proactive liaison activities and analytical support. FIRST encourages the development of quality products and services and works to improve national and international information security for government, private industry, academia and the individual. The forum also enhances the image and status of the incident response and security teams(IRST) community in the outside world. Forum of Incident Response and Security Teams (FIRST) is a collection of organizations modeled on the computer emergency response team idea. I believe their mission is to go into a situation full out for the better benefit and commitment to the security industry. They promote members as well as other organizations to collaborate in conjunction to better resolve and learn from possible threats that they may face on a daily basis. Their database of information, organizations, as well as resources, far outweighs any one person or organizations magnitude of success.
2. Search the Web for two or more sites that discuss the ongoing responsibilities of the security manager. What other components of security management can be adapted for use in the security management model?
Here are two sites that discuss the ongoing responsibilities of the security manager: www.windowsecurity.com and www.cdse.edu/documents. The ISO network management model addresses management and operation through five topics: †fault management, configuration and name management, accounting management, performance management and security management. A major component of the network management that can be adapted to the security management model is a firewall that serves dual role to keep external intrusion from entering an organizations internal data for the confidential, integrity and availability.
3. This chapter lists five tools that can be used by security administrators, network administrators, and attackers alike. Search the Web for three to five other tools that fit this description.
Automated tools known as log analyzers can consolidate systems logs, perform comparative analysis, and detect common occurrences or behavior that is of interest. A risk assessmentís identification of the systemic or latent vulnerabilities that introduce risk to the organization can provide the opportunity to create a proposal for an information security project. When used as part of a complete risk management maintenance process, the RA can be powerful and flexible tool that helps identify and document risk and remediate the underlying vulnerabilities that expose the organization to risks of loss. The platform security validation(PSV) process is designed to find and document the vulnerabilities that may be present because there are misconfigured systems in use within the organization. The wireless vulnerability assessment process is designed to find and document the vulnerabilities that may be present in the wireless local area networks of the organization. The modem vulnerability assessment process is designed to find and document any vulnerability that is present on dial-up modems connected to the organizationís networks.
4. Using a Web browser and the names of the tools you found in Exercise 3, find a site that claims to be dedicated to supporting hackers. Do you find any references to other hacker tools? If you do, create a list of the tools along with a short description of what they do and how they work.
The site following this sentence is support for hacker and also have some reference hacker tool was used. http://www.elite-hackers.com/textfiles. In looking at the hacker sites the funny occurrence was that many of the sites are no longer functional (broken links).The only similar tool I noticed several times on both types of sites was Nmap ("Network Mapper").I did notice similar topics on the sites. For example, where the hacker site would tell how to compromise a system such as NT Web Server, the sites geared toward security administrators would bring up security issues for NT Web Server and how to protect against known vulnerabilities. There are many groups and people dedicated to hacking, keeping up with the information on these sites is crucial to the everyday life of a hacker. Only the best of the best are linked on the site.
5. Using the components of risk assessment documentation presented in the chapter, draft a tentative risk assessment of a lab, department, or office at your university. Outline the critical risks you found and discuss them with your class.
The RA is a method of identifying and documenting the risk that a project, process, or action introduces to the organization and may also involve offering suggestions for controls that can reduce that risk. The information security group is in the business of coordinating the preparation of many different types of RA documents, including: Network connectivity RA: Used to respond to network change requests and network architectural design proposals. May be part of or support a business partnerís RA. Dialed modem RA: Used when a dial-up connection is requested for a system. Business partner RA: Used when a proposal for connectivity with business partners is being evaluated. Application RA: Used at various stages in the life cycle of a business application. Content depends on the projectís position in the life cycle when the RA is prepared.