Nathan Magnuson

ITS 360 Ethics

Document Download

2.) I would hang up and report the attack to the authorities. The DOS doesnít allow for stolen data, but only lots time and advertisement. I would also look into expanding our site to handle higher traffic flow and may also look into advertising our products on different sites if possible (Amazon, sporting goods, etc.) I would get a DDoS mitigation company to fix the issue. I would then send emails to customers on our email list what happened and explain what a DDoS is and let them know that none of their personal information is at risk. If the DDoS is still going at this time I would attach an ad of what is on sale this week so that they can still be in the loop of what our company is doing. If customers donít want ads sent to them have them respond to email and we would update our email list. If all goes well, the attacks will stop because the mitigation worked, attackers are not getting anywhere and stop, or the authorities have stopped them.

3.) I would consult the manager if we could find some white hats to do it instead of people with a long history of criminal records. It still is a good idea to be ahead of the pack with patches, but not as much as giving criminals open access to dig around the software. They could plant a bug or virus of their own and/or not report everything that they find. The only thing that would sway my decision would be if they had been doing this thing for years and other companies have high praise of them, otherwise I would look to someone else.


Defending Against DDoS attacks

1.)  I would justify the use of DDoS mitigation because it would allow for online access to our customers and would probably save money due to the fact that customers can still buy and order products. It would also help preserve the look and reliability of the company because it is taking an initiative to make sure that customers can contact and do business with the company.


2.)  Volume attack: the website is slowed or flooded with packets and data, Protocol attack: server resources effected and can attack firewalls, Application attack: crash server by operating system weaknesses.


3.)  Imperva Incapsula, F5 Networks, and Arbor Networks. All are about the same for service, but Imperva Incapsula has the highest rating (10/10) for all categories. Arbor doesnít have Firewall application, web proxy help and does support live chat conversations.


Anonymous and Social Hacktivism

1.)  I probably would not join anonymous. If I didnít agree with their views I would not want to work against something that I would support, even if they all act individually. If caught, high punishments would follow.


2.)  The support of WikiLeaks was not legal do to breaking the law by using DDoS against businesses. I donít view it as ethical, but I can see why they would act the way they did to support something they believed in. The satellite stations across Syria was an interesting act that I find very interesting, but if you want to paint it black and white it isnít legal.


3.)  Anonymous is powerful, and the post that Anonymous is a movement and an idea is probably very accurate, because if you get a group of people together that have a belief and others believe in it too, you have a very powerful force that will carry on after the lives of those involved. Anonymous can also pose a threat to any website, it just matters if their purpose behind that attack is made for good reason and also if the information gained is used for the greater good or not.