Chapter Seven

Max Werdin


1.      After researching event correlation online, define the following terms as they are used in this process;

Compression – The degree to which redundant or inconsequential data can be removed to compress the resulting dataset.

Suppression – Ability of a correlation engine to suppress false positive triggers from raising an unwarranted alarm.

Generalization – Ability to extrapolate a known exploit signature into a general purpose alert.  

2.      Several online passphrase generators are available. Locate at least two on the Internet and try them. What did you observe? Xkcd stops short of actually recommending such passwords, and so will I.. Secure Password Generator: This site lets you personalized your password depending on the length, symbols, numbers, uppercase and lowercase, and other characteristics that you would like to include.

Untroubled: This site allows the user to decide the number of words that the password must contain. It also offers to possibility to determine the minimum and the maximum length of the password, capitalize letters, and numbers.

3.      Case Exercises:

4.      Is Miller out of options for his breech of the network? No, I don’t believe he is being he has some connectivity to the network. At the very least, he could flood the network with pings and crash the network. However, he could also continue with making a new blueprint of the network which will more than likely show him a viable access point to the network.

5.      What steps could SLS take when learning of this attack to be better prepared in the future? The first step I suggest they take is to remove the zombie infected PC from the network, wipe the HD and reimage the machine. This was the sole reason Miller was able to gain access to the network. Beyond that, change all PW for employees after someone is let go.

Ethical Decision Making:

Would SLS be ethical if they were to add his IP address to the list of banned IP’s from accessing the network and then launching a counter attack to remove critical files from Millers PC.  Yes, I would say that this is ethical for them to do as they are the victims of the attack and are simply trying to protect themselves currently as well as in the future. Although they are violating his privacy, they are trying to regain the files that Miller stole initially. Considering that, I don’t see an issue with this.

What is SLS were to block the range of IP addresses that Miller was using to gain access to the SLS network. I also feel that this is ethical to a point. They are trying to protect their network and if they fail, their employees will not have access to the network for a lot longer than just a few hours or a day. I would suggest they make their employees aware of the situation and what they are planning to do, then go ahead and do it in the hopes of getting ahead of Miller once and for all.